The Security Operations domain identifies critical information and the execution of selected measures that eliminate or reduce adversary exploitation of critical information. It includes the definition of the controls over hardware, media, and the operators with access privileges to any of these resources. Auditing and monitoring are the mechanisms, tools and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group, or process.
The candidate is expected to know the resources that must be protected, the privileges that must be restricted, the control mechanisms available, the potential for abuse of access, the appropriate controls, and the principles of good practice.
You can get the scoop on this domain in Chapter 10. This domain’s major topics include
Reviewing concepts of operations security
Responding to incidents
Preventing and responding to attacks
Managing patches and vulnerabilities
Managing change and ...