# Chapter 5: Security Operations - Notes

**Data Handling:** Data itself goes through its own life cycle as users create, use, share and modify it.

**Degaussing:** Process of reducing or eliminating unwanted data on disks using strong magnets.

<figure><img src="https://3226903849-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FaKwXOzYgG7jDDDoVkYvX%2Fuploads%2FLToxY4QZvh3XkNc13Rrz%2FData%20Lifecycle%20Management.png?alt=media&#x26;token=59b7d3a6-0382-472e-b5f7-6f23d71e0c1e" alt="Data Lifecycle Management (DLM)" width="563"><figcaption><p>Data Lifecycle Management (DLM)</p></figcaption></figure>

***

## Data Handling Practices

### **Classification**

* Process of recognizing the organizational impacts if the information suffers any security compromises related to its characteristics of confidentiality, integrity and availability.
* Information is then labeled and handled accordingly.
* Classifications are derived from laws, regulations, contract-specified standards or other business expectations.

### **Labeling**

* Security labels are part of implementing controls to protect classified information.
* It is reasonable to want a simple way of assigning a level of sensitivity to a data asset, such that the higher the level,
* the greater the presumed harm to the organization, and thus the greater security protection the data asset requires.
* ***Data Sensitivity Levels and Labels***
  * Highly Restricted
  * Moderately Restricted
  * Low Sensitivity
  * Unrestricted Public Data

***

## Event Logging Best Practices

* Ingress monitoring refers to surveillance and assessment of all inbound communications traffic and access attempts.
* Egress monitoring is used to regulate data leaving the organization’s IT environment.

***

## Configuration Management Overview

* Process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated.
* It is both a decision-making process and a set of control processes.

### **Identification**

* Baseline identification of a system and all its components, interfaces and documentation.

### **Baseline**

* A security baseline is a minimum level of protection that can be used as a reference point.
* Baselines provide a way to ensure that updates to technology and architectures are subjected to the minimum understood and acceptable level of security requirements.

### **Change Control**

* An update process for requesting changes to a baseline, by means of making changes to one or more components in that baseline.
* A review and approval process for all changes. This includes updates and patches.

### **Verification & Audit**

* A regression and validation process, which may involve testing and analysis, to verify that nothing in the system was broken by a newly applied set of changes.
* An audit process can validate that the currently in-use baseline matches the sum total of its initial baseline plus all approved changes applied in sequence.

## **Common Security Policies**

***

* Data Handling Policy
* Password Policy
* Acceptable Use Policy (AUP)
* Bring Your Own Device (BYOD)
* Privacy Policy
* Change Management Policy

***

## **Change Management Comportments**

1. Request for change
2. Approval
3. Rollback
4. Repeat

***

***

***

**`Hacker's Mantra:`**`Amateurs hack systems, and professionals hack people. - Bruce Schneier`