Security Operations

The Security Operations domain identifies critical information and the execution of selected measures that eliminate or reduce adversary exploitation of critical information. It includes the definition of the controls over hardware, media, and the operators with access privileges to any of these resources. Auditing and monitoring are the mechanisms, tools and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group, or process.

The candidate is expected to know the resources that must be protected, the privileges that must be restricted, the control mechanisms available, the potential for abuse of access, the appropriate controls, and the principles of good practice.

You can get the scoop on this domain in Chapter 10. This domain’s major topics include

Reviewing concepts of operations security

Protecting resources

Responding to incidents

Preventing and responding to attacks

Managing patches and vulnerabilities

Managing change and configuration

Defining system resilience and fault tolerance