This chapter covers security in operations including physical and environmental security, equipment security, and monitoring activities. The core concepts in the operations security are covered with suitable illustrations.
A candidate appearing for the CISSP exam is expected to understand the foundational concepts and have the knowledge in the following key areas of the operations security domain:
Implementing and managing physical security
Physical security principles for sites and facilities
Environmental security practices for sites and facilities
Logging and monitoring activities
Understanding and supporting investigations
Securing the provision of resources
Operations security
Resource protection techniques
Foundational concepts on incident management
Preventative measures
Patch and vulnerability management
Change management principles
Disaster recovery and business continuity exercises