CISSP考试指南笔记：7.14 快速提示

• Facilities that house systems that process sensitive information should have physical access controls to limit access to authorized personnel only.

• Clipping levels should be implemented to establish a baseline of user activity and acceptable errors.

• Separation of responsibilities and duties should be in place so that if fraud takes place, it requires collusion.

• Access to resources should be limited to authorized personnel, applications, and services and should be audited for compliance to stated policies.

• Change control and configuration management should be put in place so changes are approved, documented, tested, and properly implemented.

• Activities that involve change management include requesting a change, approving a change, documenting a change, testing a change, implementing a change, and reporting to management.

• Proper fault-tolerant mechanisms should be put in place to counter equipment failure.

• Antivirus and IDS signatures should be updated on a continual basis.

• Continuous monitoring allows organizations to maintain ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.

• A whitelist is a set of known-good resources such as IP addresses, domain names, or applications. Conversely, a blacklist is a set of known-bad resources.

• A security information and event management (SIEM) system is a software platform that aggregates security information (like asset inventories) and security events (which could become incidents) and presents them in a single, consistent, and cohesive manner.

• The key aspects of operational security include resource protection, change control, hardware and software controls, trusted system recovery, separation of duties, and least privilege.

• Least privilege ensures that users, administrators, and others accessing a system have access only to the objects they absolutely require to complete their job.

• Some physical security controls may conflict with the safety of people. These issues need to be addressed; human life is always more important than protecting a facility or the assets it contains.

• Proximity identification devices can be user activated (action needs to be taken by a user) or system sensing (no action needs to be taken by the user).

• A transponder is a proximity identification device that does not require action by the user. The reader transmits signals to the device, and the device responds with an access code.

• Exterior fencing can be costly and unsightly, but can provide crowd control and help control access to the facility.

• If interior partitions do not go all the way up to the true ceiling, an intruder can remove a ceiling tile and climb over the partition into a critical portion of the facility.

• Intrusion detection devices include motion detectors, CCTVs, vibration sensors, and electromechanical devices.

• Intrusion detection devices can be penetrated, are expensive to install and monitor, require human response, and are subject to false alarms.

• CCTV enables one person to monitor a large area, but should be coupled with alerting functions to ensure proper response.

• Security guards are expensive but provide flexibility in response to security breaches and can deter intruders from attempting an attack.

• Vulnerability management is the cyclical process of identifying vulnerabilities, determining the risks they pose to the organization, and applying security controls that bring those risks to acceptable levels.

• Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems.

剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记：7.14 快速提示