2 cissp ® Official Study Guide Eighth Edition

708
Chapter 16 
■
Managing Security Operations
to an SLA, it is less formal and doesn’t include any monetary penalties if one of the parties 
doesn’t meet its responsibilities. 
If two or more parties plan to transmit sensitive data, they can use an ISA to specify the 
technical requirements of the connection. The ISA provides information on how the two 
parties establish, maintain, and disconnect the connection. It can also identify the mini-
mum encryption methods used to secure the data. 
NIST Special Publication 800-47, “Security Guide for Interconnecting 
Information Technology Systems,” includes detailed information on 
MOUs and ISAs.
Addressing Personnel Safety and Security 
Personnel safety concerns are an important element of security operations. It’s always pos-
sible to replace things such as data, servers, and even entire buildings. In contrast, it isn’t 
possible to replace people. With that in mind, organizations should implement security con-
trols that enhance personnel safety. 
As an example, consider the exit door in a datacenter that is controlled by a pushbut-
ton electronic cipher lock. If a fi re results in a power outage, does the exit door automati-
cally unlock or remain locked? An organization that values assets in the server room more 
than personnel safety might decide to ensure that the door remains locked when power 
isn’t available. This protects the physical assets in the datacenter. However, it also risks the 
lives of personnel within the room because they won’t be able to easily exit the room. In 
contrast, an organization that values personnel safety over the assets in the datacenter will 
ensure that the locks unlock the exit door when power is lost. 

Download 19,3 Mb.

Do'stlaringiz bilan baham: