CISSP Mindmap-Domain 7: Security Operations
An Interactive CISSP Mindmap Series
CISSP Mindmap – Domain 07
A comprehensive CISSP Mindmap Series will include all 8 Domains. This collection is designed to equip prospective CISSP professionals with essential resources for exam preparation, training and reference.
Domain_07: Key Concepts and Terminology
- Need-to-Know: Limiting access to information to those individuals who require it to perform their job functions.
- Least Privilege: Ensuring users have the minimum level of access necessary for their role.
- Segregation of Duties (SoD): Dividing responsibilities among individuals to reduce the risk of errors and fraud.
- Privileged Account Management: Controlling and monitoring access of high-level accounts that have elevated permissions.
- Provisioning: Setting up resources like hardware, software, and services in a network.
- Baselining: Establishing a set standard of security configurations for systems.
- Automation: Using tools to automate the deployment and management of configurations.
- Media Management: Procedures for handling storage devices containing sensitive data.
- Data at Rest/Data in Transit: Encrypting data to protect it during storage (at rest) and while being transmitted over a network (in transit).
- Patch Management: The process of keeping systems updated with the latest security patches.
- Vulnerability Management: Regular scanning, identification, evaluation, and remediation of system vulnerabilities.
- Preventive Controls: Designed to prevent a security incident (e.g., firewalls, access controls).
- Detective Controls: Designed to detect security incidents (e.g., intrusion detection systems).
- Corrective Controls: Designed to correct or mitigate the impact of security incidents.
- Change Control: The process of reviewing and approving changes to the IT environment to prevent unapproved alterations that could introduce vulnerabilities.
- Version Control: Tracking changes to software and documentation to ensure consistency.
- Incident Response: Steps taken to address and manage the aftermath of a security breach or attack.
- Computer Security Incident Response Team (CSIRT): A group responsible for responding to security incidents within an organization.
- Tabletop Exercise: A discussion-based drill where team members talk through a simulated security incident to test response procedures.
- Log Review: Examining logs to identify security incidents, anomalies, and policy violations.
- Security Information and Event Management (SIEM): Systems that provide real-time analysis of security alerts generated by network hardware and applications.
- Perimeter Security: Controls like fencing, gates, and security cameras that protect the physical perimeter of an organization.
- Access Controls: Mechanisms like biometric scanners, card readers, and security guards to control physical access to sensitive areas.
- Disaster Recovery Plan (DRP): A detailed process for recovering critical IT systems and data after a disaster.
- Business Continuity Plan (BCP): Procedures to ensure the continuity of essential business operations during and after a disaster.
- Backup and Restoration: Regularly creating copies of data and having the ability to restore data from backups when needed.
- Security Training and Awareness: Programs to educate employees about security policies, best practices, and potential threats (e.g., phishing, social engineering).
- Emergency Management: Procedures for handling emergencies, including evacuation plans, communication strategies, and employee safety protocols.
- Security Operations Concept
-
- Need-to-Know: Limiting access to information to those individuals who require it to perform their job functions.
- Least Privilege: Ensuring users have the minimum level of access necessary for their role.
- Segregation of Duties (SoD): Dividing responsibilities among individuals to reduce the risk of errors and fraud.
- Privileged Account Management: Controlling and monitoring access of high-level accounts that have elevated permissions.
- Configuration Management (CM)
-
- Provisioning: Setting up resources like hardware, software, and services in a network.
- Baselining: Establishing a set standard of security configurations for systems.
- Automation: Using tools to automate the deployment and management of configurations.
- Resource Protection
-
- Media Management: Procedures for handling storage devices containing sensitive data.
- Data at Rest/Data in Transit: Encrypting data to protect it during storage (at rest) and while being transmitted over a network (in transit).
- Patch and Vulnerability Management
-
- Patch Management: The process of keeping systems updated with the latest security patches.
- Vulnerability Management: Regular scanning, identification, evaluation, and remediation of system vulnerabilities.
- Security Controls
-
- Preventive Controls: Designed to prevent a security incident (e.g., firewalls, access controls).
- Detective Controls: Designed to detect security incidents (e.g., intrusion detection systems).
- Corrective Controls: Designed to correct or mitigate the impact of security incidents.
- Change Management
-
- Change Control: The process of reviewing and approving changes to the IT environment to prevent unapproved alterations that could introduce vulnerabilities.
- Version Control: Tracking changes to software and documentation to ensure consistency.
- Incident Management
-
- Incident Response: Steps taken to address and manage the aftermath of a security breach or attack.
- Computer Security Incident Response Team (CSIRT): A group responsible for responding to security incidents within an organization.
- Tabletop Exercise: A discussion-based drill where team members talk through a simulated security incident to test response procedures.
- Logging and Monitoring
-
- Log Review: Examining logs to identify security incidents, anomalies, and policy violations.
- Security Information and Event Management (SIEM): Systems that provide real-time analysis of security alerts generated by network hardware and applications.
- Physical Security Operations
-
- Perimeter Security: Controls like fencing, gates, and security cameras that protect the physical perimeter of an organization.
- Access Controls: Mechanisms like biometric scanners, card readers, and security guards to control physical access to sensitive areas.
- Disaster Recovery and Business Continuity
-
- Disaster Recovery Plan (DRP): A detailed process for recovering critical IT systems and data after a disaster.
- Business Continuity Plan (BCP): Procedures to ensure the continuity of essential business operations during and after a disaster.
- Backup and Restoration: Regularly creating copies of data and having the ability to restore data from backups when needed.
- Personnel Safety and Security
-
- Security Training and Awareness: Programs to educate employees about security policies, best practices, and potential threats (e.g., phishing, social engineering).
- Emergency Management: Procedures for handling emergencies, including evacuation plans, communication strategies, and employee safety protocols.
Domain_07: Key Terms & Definitions
Incident Response
- Incident Response (IR): The methodology an organization uses to respond to and manage a cyberattack. An incident response plan aims to reduce damage, recover data, and mitigate exploited vulnerabilities.
Security Operations Concepts
- Need-to-Know / Least Privilege: Principles ensuring individuals have access only to the information and resources necessary for their job functions.
- Separation of Duties: A security concept that ensures critical tasks are split among multiple people to prevent fraud or data breach.
- Job Rotation: A practice involving the rotation of employees through different jobs to reduce fraud and increase understanding of various roles within security operations.
Investigations
- Forensics: The practice of gathering, analyzing, and preserving evidence from digital devices in a way that is legally admissible.
- Chain of Custody: The chronological documentation showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence.
Monitoring and Detection
- Security Information and Event Management (SIEM): A set of tools and services offering a holistic view of an organization’s information security.
- Log Management: The process of generating, transmitting, storing, analyzing, and disposing of computer security log data.
Business Continuity Planning (BCP)
- Business Continuity Planning (BCP): The process involved in creating a system of prevention and recovery from potential threats to a company. It ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.
Disaster Recovery (DR)
- Disaster Recovery (DR): Strategies and processes for recovering from a catastrophic event, ensuring the continuity of business operations at an acceptable predefined level.
Physical Security
- Physical Security Controls: Measures taken to protect systems, buildings, and related supporting infrastructure against threats associated with their physical environment.
Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)
- Key Performance Indicators (KPIs): Metrics used to evaluate factors that are crucial to the success of an organization.
- Key Risk Indicators (KRIs): Metrics used to measure how risky an activity is to a company’s operational objectives.
Domain_07: Key Areas
1. Understand and Support Investigations
- Investigation Types: Understanding different types of investigations, including administrative, criminal, civil, and regulatory compliance.
- Evidence Collection and Handling: Knowing how to collect, handle, and preserve evidence to maintain its integrity for legal and administrative proceedings.
2. Understand Requirements for Investigation Types
- Legal and Regulatory Issues: Familiarity with legal, regulatory, and organizational requirements affecting security operations.
- Forensic Investigation: Techniques and practices for conducting secure, systematic forensic investigations of incidents.
3. Conduct Logging and Monitoring Activities
- Continuous Monitoring: Implementing and managing continuous monitoring processes to detect security incidents.
- Security Information and Event Management (SIEM): Using SIEM tools for real-time analysis of security alerts generated by applications and network hardware.
4. Secure the Provisioning of Resources
- Asset Management: Managing assets to ensure that information resources are protected throughout their lifecycle.
- Configuration Management: Keeping hardware and software configurations consistent across the organization to protect assets.
5. Understand and Apply Foundational Security Operations Concepts
- Need-to-Know / Least Privilege: Applying principles that limit access and privileges to only what is necessary for job functions.
- Separation of Duties and Responsibilities: Ensuring critical tasks are divided among individuals to reduce risk of fraudulent activity.
6. Employ Resource Protection Techniques
- Data Security Controls: Implementing controls to protect data integrity, availability, and confidentiality.
- Cryptography: Using cryptographic techniques to protect data in transit and at rest.
7. Conduct Incident Response
Incident Management: Processes for detecting, responding to, and managing security incidents.
- Incident Response Plan: A predefined set of instructions for detecting, responding to, and limiting the impact of an information security event.
8. Operate and Maintain Detective and Preventive Measures
- Firewalls, IDS/IPS: Deploying and managing firewalls and intrusion detection/prevention systems to protect networks.
- Anti-Malware Solutions, Whitelisting/Blacklisting: Using software tools to prevent, detect, and remove malicious software.
9. Understand and Participate in Change Management Processes
- Change Management: Processes for ensuring that changes to the IT environment are implemented in a controlled manner to maintain security, confidentiality, integrity, and availability.
10. Implement and Support Patch and Vulnerability Management
- Vulnerability Scanning and Remediation: Identifying, assessing, and mitigating vulnerabilities in software and systems.
11. Understand and Apply Security in the Software Development Lifecycle (SDLC)
- Security in SDLC: Integrating security considerations into the software development lifecycle to develop more secure applications.
12. Understand and Support Business Continuity (BC) and Disaster Recovery (DR) Plan
- Business Continuity Planning: Developing, maintaining, and testing BC plans to ensure an organization can continue operating during and after a disaster.
- Disaster Recovery Planning: Creating DR plans to recover IT systems, applications, and data after a disaster.
Resources
- (ISC)2 CISSP Official Study Guide (OSG) 9th Edition by Mike Chapple, James Michael Stewart, and Darril Gibson
- Chapter 16-19, Pg760
- CISSP All-in-One Exam Guide, Ninth Edition by Fernando Maymi and Shon Harris
- Part VII, Pg882
- Eleventh Hour CISSP® Study Guide, Third Edition by Eric Conrad, Seth Misenar, Joshua Feldma
- Domain-07, Pg145
- Destination Certification – A Concise Guide by Rob Witcher, John Berti, Lou Hablas, Nick Mitropoulos
- Domain-07, Pg383
-
The Official (ISC)2 CISSP CBK Reference, 6th Edition by Arthur Deane and Aaron Kraus
- Domain-07, Pg549
Books Reference
Practice Tests
- (ISC)2 CISSP Official Practice Tests by Mike Chapple and David Seidl
- How to Think Like a Manager for the CISSP Exam by Luke Ahmed
- Boson Practice Exam
- Study Notes and Theory (SNT) by Luke Ahmed
Videos
- Mike Chapple’s CISSP Cert Prep on LinkedIn Learning.
- Kelly Handerhan’s CISSP Prep Course on Cybrary
- Destination CISSP Mindmap Video
- Pete Zerger’s CISSP Exam Cram
- Prabh’s Coffee Shots
- Luke Ahmed’s Study Notes and Theory (SNT)
Credits & Disclaimer
We express our gratitude to the below-mentioned authors, creators, and sources which have been referred for the creation of our Interactive CISSP Mindmap – Mike Chapple and David Seidl (OSG), Luke Ahmed (SNT), Pete Zerger (Exam Cram), Prashant Mohan (Memory Palace) , Prabh (Coffee shots), Rob Witcher (destcert.com/) and M. Waleed Khaliq (CISSP Concepts Guide).This Mindmap has been meticulously created to ensure that information is shared effectively. This Mindmap aims to offer a thorough grasp of essential concepts with a dedication to assist enhanced learning experiences. We hope that this resource helps people absorb information more thoroughly, which will lead to a broader understanding of each CISSP domains and is freely available for all.
Contribution
We have already included some reference images and short notes for most of the topics so that users can more effectively refer to the content in the mindmap. If you have any information, images, or notes that can make the mindmap more effective, please feel free to share them.
https://github.com/sajinshivdas/CISSP_Interactive_Mindmap/tree/main/CISSP_Domain_07
For issues and concern please feel free to raise a issue in Github link https://github.com/sajinshivdas/CISSP_Interactive_Mindmap/issues
Connect with me www.linkedin.com/in/sajin-shivdas
Related Mindmaps
Find the related mindmaps of CISSP Domains below.