2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	669/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 665 666 667 668 669 670 671 672 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Managing Media Lifecycle
All media has a useful, but fi nite, lifecycle. Reusable media is subject to a
mean time to failure
(MTTF)
that is sometimes represented in the number of times it can be reused or the number
of years you can expect to keep it. For example, some tapes include specifi cations saying they
can be reused as many as 250 times or last up to 30 years under ideal conditions. However,
many variables affect the lifetime of media and can reduce these estimates. It’s important to
monitor backups for errors and use them as a guide to gauge the lifetime in your environ-
ment. When a tape begins to generate errors, technicians should rotate it out of use.
Once backup media has reached its MTTF, it should be destroyed. The classifi cation of
data held on the tape will dictate the method used to destroy the media. Some organiza-
tions degauss highly classifi ed tapes when they’ve reached the end of their lifetime and then
store them until they can destroy the tapes. Tapes are commonly destroyed in bulk shred-
ders or incinerators.
Chapter 5 discusses some of the security challenges with solid-state drives (SSDs).
Specifi cally, degaussing does not remove data from an SSD, and built-in erase commands
often do not sanitize the entire disk. Instead of attempting to remove data from SSDs, many
organizations destroy them.
MTTF is different from mean time between failures (MTBF). MTTF is normally
calculated for items that will not be repaired when they fail, such as a tape. In
contrast, MTBF refers to the amount of time expected to elapse between fail-
ures of an item that personnel will repair, such as a computer server.

718
Chapter 16
■
Managing Security Operations
Managing Configuration
Configuration management helps ensure that systems are deployed in a secure consistent
state and that they stay in a secure consistent state throughout their lifetime. Baselines and
images are commonly used to deploy systems.
Baselining
A baseline is a starting point. Within the context of configuration management, it is the
starting configuration for a system. Administrators often modify the baseline after deploy-
ing systems to meet different requirements. However, when systems are deployed in a
secure state with a secure baseline, they are much more likely to stay secure. This is espe-
cially true if an organization has an effective change management program in place.
Baselines can be created with checklists that require someone to make sure a system is
deployed a certain way or with a specific configuration. However, manual baselines are suscep-
tible to human error. It’s easy for a person to miss a step or accidentally misconfigure a system.
A better alternative is the use of scripts and automated operating system tools to implement
baselines. This is highly efficient and reduces the potential of errors. As an example, Microsoft
operating systems include Group Policy. Administrators can configure a Group Policy setting
one time and automatically have the setting apply to all the computers in the domain.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 665 666 667 668 669 670 671 672 ... 881