The Operations Security domain examines the items that are used on a day-to-day basis to keep a network up and running in a secure state. Therefore, topics from virus control to personnel management, security auditing, audit trails, and backup are introduced. Some of these items are expanded on within other domains because, in the end, all security topics are interrelated. The following list gives some key areas of knowledge you need to master for this part of the CISSP exam:
Change control and configuration management
Dual control, separation of duties, rotation of duties
Vulnerability assessment and pen-testing ...