2 cissp ® Official Study Guide Eighth Edition

Chapter 16  ■ Managing Security Operations Managing the Information Lifecycle

Download 19,3 Mb. Pdf ko'rish bet 654/881 Sana 08.04.2023 Hajmi 19,3 Mb. #925879

Bu sahifa navigatsiya:

• Creation or Capture
• Classification

706 Chapter 16  ■ Managing Security Operations Managing the Information Lifecycle Chapter 5, “Protecting Security of Assets,” discusses a variety of methods for protecting  data. Of course, not all data deserves the same levels of protection. However, an organiza- tion will define data classifications and identify methods that protect the data based on  its classification. An organization defines data classifications and typically publishes them  within a security policy. Some common data classifications used by governments include  Top Secret, Secret, Confidential, and Unclassified. Civilian classifications include confiden- tial (or proprietary), private, sensitive, and public. Security controls protect information throughout its lifecycle. However, there isn’t a  consistent standard used to identify each stage or phase of a data lifecycle. Some people  simplify it to simply cradle to grave, from the time it’s created to the time it’s destroyed.  The following list includes some terms used to identify different phases of data within its  lifecycle: Creation or Capture Data can be created by users, such as when a user creates a file.  Systems can create it, such as monitoring systems that create log entries. It can also be cap- tured, such as when a user downloads a file from the internet and traffic passes through a  border firewall. Classification It’s important to ensure that data is classified as soon as possible.  Organizations classify data differently, but the most important consideration is to ensure that  sensitive data is identified and handled appropriately based on its classification. Chapter 5 dis- cusses different methods used to define sensitive data and define data classifications. Once the  data is classified, personnel can ensure that it is marked and handled appropriately, based on  the classification. Marking (or labeling) data ensures that personnel can easily recognize the  data’s value. Personnel should mark the data as soon as possible after creating it. As an exam- ple, a backup of top secret data should be marked top secret. Similarly, if a system processes  sensitive data, the system should be marked with the appropriate label. In addition to mark- ing systems externally, organizations often configure wallpaper and screen savers to clearly  show the level of data processed on the system. For example, if a system processes secret data,  it would have wallpaper and screen savers clearly indicating it processes secret data. ■ Controlling communication paths (such as opening port 3389 to enable the  Remote Desktop Protocol and/or disabling the host firewall) ■ Running various scripts (including PowerShell, batch, and JavaScript files) ■ Creating and scheduling tasks (such as one that logged their accounts out after  eight hours to mimic the behavior of a regular user) Monitoring common privileged operations can detect these activities early in the  attack. In contrast, if the actions go undetected, the APT can remain embedded in the  network for years. Applying Security Operations Concepts  Download 19,3 Mb. Do'stlaringiz bilan baham: