CISSP考试指南笔记：7.14 快速提示

• Facilities that house systems that process sensitive information should have physical access controls to limit access to authorized personnel only.
• Clipping levels should be implemented to establish a baseline of user activity and acceptable errors.
• Separation of responsibilities and duties should be in place so that if fraud takes place, it requires collusion.
• Access to resources should be limited to authorized personnel, applications, and services and should be audited for compliance to stated policies.
• Change control and configuration management should be put in place so changes are approved, documented, tested, and properly implemented.
• Activities that involve change management include requesting a change, approving a change, documenting a change, testing a change, implementing a change, and reporting to management.
• Proper fault-tolerant mechanisms should be put in place to counter equipment failure.
• Antivirus and IDS signatures should be updated on a continual basis.
• Continuous monitoring allows organizations to maintain ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
• A whitelist is a set of known-good resources such as IP addresses, domain names, or applications. Conversely, a blacklist is a set of known-bad resources.
• A security information and event management (SIEM) system is a software platform that aggregates security information (like asset inventories) and security events (which could become incidents) and presents them in a single, consistent, and cohesive manner.
• The key aspects of operational security include resource protection, change control, hardware and software controls, trusted system recovery, separation of duties, and least privilege.
• Least privilege ensures that users, administrators, and others accessing a system have access only to the objects they absolutely require to complete their job.
• Some physical security controls may conflict with the safety of people. These issues need to be addressed; human life is always more important than protecting a facility or the assets it contains.
• Proximity identification devices can be user activated (action needs to be taken by a user) or system sensing (no action needs to be taken by the user).
• A transponder is a proximity identification device that does not require action by the user. The reader transmits signals to the device, and the device responds with an access code.
• Exterior fencing can be costly and unsightly, but can provide crowd control and help control access to the facility.
• If interior partitions do not go all the way up to the true ceiling, an intruder can remove a ceiling tile and climb over the partition into a critical portion of the facility.
• Intrusion detection devices include motion detectors, CCTVs, vibration sensors, and electromechanical devices.
• Intrusion detection devices can be penetrated, are expensive to install and monitor, require human response, and are subject to false alarms.
• CCTV enables one person to monitor a large area, but should be coupled with alerting functions to ensure proper response.
• Security guards are expensive but provide flexibility in response to security breaches and can deter intruders from attempting an attack.
• Vulnerability management is the cyclical process of identifying vulnerabilities, determining the risks they pose to the organization, and applying security controls that bring those risks to acceptable levels.
• Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems.

剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记：7.14 快速提示