Chapter 7. Operations Security

The Operations Security domain focuses on the policies, procedures, and controls used in many of the day-to-day operations of an organization. When preparing for this domain, you should have a good understanding of basic controls specified in written security policies, such as the principle of least privilege, separation of duties, and job rotation. Additionally, you should understand the purpose and methodologies used in several management controls, such as change management and vulnerability management. Detective and preventive controls such as intrusion detection and prevention systems help detect and prevent many attacks, but some still get through. When an incident does occur, an effective incident response ...

Get CISSP Rapid Review now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.