Information Security Practices
Domain 7 covers some security practices that you should know about when preparing for the CISSP exam:
Securely Provision Resources
Asset inventory should Include both physical and virtual assets. For each asset, the following should be identified:
Detective and Preventive Measures
The following services can be managed by an external third-party organization:
Disaster Recovery Processes
In order to know when to launch a disaster recovery response, the following points should be determined:
Disaster Recovery Plan Testing
Read-through : The most basic. Each person has to go through the plan. Also called checklist.
Personnel Safety
The traveling employee should be aware of local risks, and local emergency contacts. The organization should consider the insurance coverage and Secure remote access.
Installation
Enable module as usual. Then go to [admin/config/domain/domain_menus] to setup menu names and bulk create domain menus. Checking "Create menus" and saving configuration will bulk create domain menus, one for each menu name and for each domain.
Warning
Domain Menus creates menus with machine names like "dm [number]- [string]", eg. dm1234567-main. Avoid weird problems by not machine naming any other menus in such a pattern!
Investigations
Information Security Practices
- Domain 7 covers some security practices that you should know about when preparing for the CISSP exam: 1. Need to Know. 2. Least privilege. 3. Separation of duties. 4. Dual Control : When two persons are required to execute a task. 5. Two-man rule, Two-person integrity : When the presence of two authorized persons is required for an action to be per...
Securely Provision Resources
- Asset inventory
Asset inventory should Include both physical and virtual assets. For each asset, the following should be identified: 1. Owner. 2. Value 3. Cost of maintenance. 4. Location. 5. Lifespan. 6. Security classification. 7. Dependencies. Automated tools can be used for asset inventory, like f… - Configuration management
Some important concepts related to configuration management that you should know about: 1. Configuration Item (CI) : Any item that needs to be managed. 2. Baseline Configuration (BC) : A reference configurations that systems can be compared to in order to ensure that they are confi…
Detective and Preventive Measures
- Third-party
The following services can be managed by an external third-party organization: 1. Threat intelligence. 2. Physical security. 3. Audit. 4. Network monitoring. When contracting a third-party organization, you should keep in mind the following considerations: 1. Strong contract language… - Sandboxing
There are two types of sandboxing environments: 1. Hardware : A hardware environment that mimics the production environment. Much smaller in size, and contains only the necessary machines. 2. Software : A software environment where running processes do not affect other pr…
Incident Management
- Incident management follows the following steps: 1. Detection 1.1. Using ogs, SIEM…. 1.2. People also can sense if an incident is happening. 1.3. Goal of first responder : Contain damage. 2. Response 2.1. Confirm the incident. 2.2. Triage based on impact (Low, moderate, high). 3. Mitigation 3.1. Isolate and contain the incident. 3.2. Mitigation ends with stability. 4. Reporting 4.…
Recovery Strategies
- Backup storage
There are three ways you can use to backup storage: 1. Full : Backup all data. 2. Differential : Backup only data that has changed from the last full back-up. 3. Incremental : Backup only data that has changed from the last full, differential or incremental backup. - Recovery site
Consider the proper distance for the alternate site : Not too close to be impacted by the disaster, and not too far for it to be inaccessible for employees. These are the most common types of recovery sites: 1. Hot : Contains all hardware, software, and data necessary for operation. The m…
Disaster Recovery Processes
- In order to know when to launch a disaster recovery response, the following points should be determined: 1. People authorized to initiate the response. 2. Criteria for initiating the response. 3. Information and decision streams. In addition, key personnel should be identified. 1. Responders: 1.1. Each response role should be assigned a specific person and also an alternate. They both s…
Disaster Recovery Plan Testing
- There are five types of DRP testing: 1. Read-through : The most basic. Each person has to go through the plan. Also called checklist. 2. Walk-through : Simulation of response activities at actual locations. Also called tabletop. 3. Simulation : Like for example a fire drill. 4. Parallel : Tests are conducted in parallel in an alternate site without impacting the operations. But it requires mo…
Personnel Safety
- Travel
The traveling employee should be aware of local risks, and local emergency contacts. The organization should consider the insurance coverage and Secure remote access. In addition, the employee may be in a different jurisdiction. It is therefore necessary to consider how this might i… - Duress
A duress code is a code word in case an employee is being threatened. The duress code should be changed regularly. It should also be easy to remember, and subtle as to not create suspicion. We have now gone through all items that are covered in the domain 7 of the CISSP. If you notice …