CISSP Domain 7 : OPERATIONS SECURITY (page 2)

Audit trails

§ Individual accountability

§ Reconstruction of events

§ Problem identification (intrusion detection)

§ Problem resolution

§ Reporting concepts (content, format, structure, hierarchy, escalation,

frequency)

§ Reporting mechanisms

§ Audit logging

§ Security events

§ System audit trails

§ Sampling and data extraction

§ Retention periods

§ Media

§ Protection against alteration

§ Protection against unavailability

§ Audit log backup (importance of system back-ups, frequency,

availability, media, off-site storage location and protection

mechanisms, quality, readability)

§ Monitoring

§ Event monitoring

§ Hardware monitoring (fault detection, port)

§ Illegal software monitoring

§ Monitoring tools and techniques

§ Warning banners

§ Keystroke monitoring

§ Traffic analysis

§ Trend analysis

§ Available tools

§ Real-time

§ Ad-hoc

§ Passive

§ Closed Circuit Television (CCTV)

§ Failure recognition and response (security mechanisms, remedial

actions, alternatives)

§ Problem identification

§ Problem resolution

§ Reporting concepts (content, format, structure, hierarchy, escalation,

frequency)

§ Reporting mechanisms

§ Intrusion detection

§ Intrusion prevention (identification, authentication)

§ Intrusion detection (data extraction, sampling, recognition, traffic)

§ Intrusion response

§ Types of intrusion detection

§ Pattern recognition and baselines

§ Anomaly identification

§ Attack signature identification

§ Penetration testing techniques

§ War dialing

§ Sniffing

§ Eavesdropping

§ Radiation monitoring

§ Dumpster diving

§ Social engineering

§ Inappropriate activities

§ Fraud

§ Collusion

§ Sexual harassment

§ Pornography

§ Waste

§ Abuse

§ Theft

§ Threats and Countermeasures

§ Errors and omissions

§ Fraud and theft (from inside or outside)

§ Employee sabotage

§ Loss of physical and infrastructure support

§ Malicious Hackers/Crackers

§ Espionage

§ Malicious code

§ Violations, Breaches, and Reporting