Chapter 7. Operations Security

The Operations Security domain focuses on the policies, procedures, and controls used in many of the day-to-day operations of an organization. When preparing for this domain, you should have a good understanding of basic controls specified in written security policies, such as the principle of least privilege, separation of duties, and job rotation. Additionally, you should understand the purpose and methodologies used in several management controls, such as change management and vulnerability management. Detective and preventive controls such as intrusion detection and prevention systems help detect and prevent many attacks, but some still get through. When an incident does occur, an effective incident response ...

Get CISSP Rapid Review now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.