This course covers the 7th domain of the CISSP. You'll learn about the day to day operational duties, best practices, and security concepts that security professionals will need to be familiar with prior to attempting the CISSP examination.
This course, CISSP® - Security Operations, covers the wide breadth of topics within the Security Operations domain of the CISSP. This includes activities such as evidence collection and handling, investigative techniques and types, monitoring and logging activities such as intrusion detection and prevention, event management, and egress monitoring. In addition to this, there will also be a focus on securing the provisioning of resources, understanding foundational security operational concepts such the information lifecycle, and job rotation. The course also covers topics such as resource protection, incident management, operation of preventative measures such as firewalls, implementing a patch management program, understanding how to implement change management, and learning about recovery strategies. By the end this course, you should be familiar with a broad spectrum of topics that are covered within the Security Operations domain of the CISSP. This course will provide you with the
background information that you will need when addressing questions related to Security Operations.
Course Overview Hey everyone, my name is Lee Allen. Welcome to my course, CISSP - Security Operations. I'm a Certified Information Systems Security Professional, currently employed as an Adversarial Engineer at the Columbus Collaboratory. I've authored several books about penetration testing and have many years of experience working with enterprise risk management and security operations teams. Security operations is one of the largest domains in (ISC)2 Common Body of Knowledge. It covers 16 different areas, each of which are addressed within this course. Some of the major topics that we will cover include foundational security operations concepts, incident handling, investigations, internal and external physical security and safety concerns, and contingency planning. By the end of this course, you should be familiar with a broad spectrum of topics that are covered within the security operations domain of the CISSP. This course will provide you with the background information that you will need when addressing questions related to security operations. I hope that you'll join me on this journey to learn the foundational security operations concepts with the CISSP - Security Operations course, at Pluralsight.
Introduction to Security Operations Hi, and welcome to Pluralsight's Security Operations course. The information provided within is based on the material that you will need to know prior to taking (ISC)2's CISSP exam. Specifically, those topics found in the 7th domain of the Common Body of Knowledge. The primary role of a security operations team is to maintain the security of systems that are found in production environments. These are live systems that organizations rely on to perform business-critical duties on a day-to-day basis. This course is going to cover many different areas, such as digital forensics, incident management, and evidence collection, incident response, logging and monitoring, vulnerability and change management, and protective controls that are typically operated by security operations teams. I will also speak about the different investigative types that are commonly used. When there is an incident, there will need to be a need for proper evidence handling. We will cover that as well. We will also cover different aspects of physical security, such as internal and external security controls that can delay, deter, or detect a tax on our environments. In addition to all of that, we will also address the need for protecting our personnel and keeping them safe. And as if that's not enough to cram into one single domain of the CBK, we will also cover the steps needed to deal with disasters and how to perform recovery operations.
Digital Forensics For centuries, crimes have been solved by identifying evidence that points to the who, what, when, where, and how something occurred. The onset of technology only increased the data sources that were available. The activity of performing digital forensics addresses this need by ensuring that evidence is collected in a format that is presentable in a legal courtroom setting. For all of this to happen, there are many different concerns that need to be addressed. Let's talk about these for a few minutes here in the Digital Forensics module of Pluralsight's CISSP - Security Operations course. As with any concept, it is mandatory to understand what the topic context is defined as. So we will start this course module with a definition of digital forensics. Once that has been established, you will quickly move on to learning why digital forensics are needed and what the outputs of this activity generally accomplish. Also, there are different types of digital forensics that you may come across throughout your career, so I will quickly highlight those as well, and then move on to showing you what an organization must do to establish a digital forensics capability. After that, I will review key terminology that you may need to be aware of before taking your CISSP examination. So let's get started with taking a look at what digital forensics is.
Logging and Monitoring Hello, and welcome back to Pluralsight. I am your instructor, Lee Allen, and in this module we are going to talk about logging and monitoring. In this course module, we are going to cover the basics of log management, what a log message should contain, what exactly it is that should be logged, why logging is performed, and what some of the concerns are when it comes to employing logging and monitoring at your organizations.
Vulnerability Management Hi, and welcome back to Pluralsight. I'm your instructor, Lee Allen, and in this module we are going to talk about vulnerability management. When an application or operating system is initially created, it will typically go through many phases of quality assurance and usage testing. In most cases, this will also include testing for security weaknesses and vulnerabilities. In this course module, we are going to cover four separate areas. We're going to take a look at vulnerability assessment, patch management, the vulnerability management process, and we'll take a look at why asset management is important.
Change Management Hi, and welcome back to Pluralsight. I am your instructor, Lee Allen, and in this module we're going to talk about change management. We'll start out with a review of the concept of change management. I will explain why change management is important, discuss the change management process, describe elements of a change log, and then review what the change review process is. We will then finish up with some useful terminology.
Operate and Maintain Protective Controls Hi, and welcome back to Pluralsight. I am your instructor, Lee Allen, and in this module we are going to talk about the operation and maintenance of protective security controls. In this course module, we are going to cover what is meant by protective controls and what you need to be concerned with in regards to firewalls. We'll also take a look at the important facts to remember in regards to intrusion detection systems and what data loss prevention is, why is it needed, and what types of problems might you need to worry about when implementing it. We will also discuss client-side protection mechanisms and the role that they play in enterprise security. We will then finish up with some important terms.
Incident Management Hi, and welcome back to Pluralsight. I'm your instructor, Lee Allen, and in this module we are going to talk about incident management. We will begin the module with an introduction to incident response, and then follow that up with a quick review of what it takes to establish an incident response capability. I will then review several types of incidents that you should be aware of, and then follow that up with a review of the phases of the incident response process.
Investigative Types Hi, and welcome back to Pluralsight. I'm your instructor, Lee Allen, and in this module we are going to talk about the different investigative types that you should be aware of prior to attempting the CISSP examination. Over time, security operations teams will be assigned to investigations. The types of activities performed during the investigation will depend on what the focus of the investigation is. In this module, we will take a look at a quick introduction to what investigative types are. We will review operational investigations, as well as criminal and civil investigations. And then, we'll take a look at those investigations that are driven by regulatory requirements.
Evidence Handling Hi, and welcome back to Pluralsight. I'm your instructor, Lee Allen, and in this module we're going to talk about evidence handling. When performing activities such as incident response or digital forensics, there may be a need to collect evidence. This will, in turn, need to be handled with care to ensure that its integrity remains intact. In this module, we will review several factors that should be considered when handling evidence. We will start the module off with a review of the rules of evidence, which are comprised of five critical factors, such as reliability and authenticity. You will then learn about evidence logs and what these should contain. The module will be concluded with four types of evidence that you should be aware of.
Resource Provisioning Hi, and welcome back to Pluralsight. I'm your instructor, Lee Allen. In this module we are going to take a look at resource provisioning. Organizations with more than two or three devices, such as servers, laptops, phones, or desktops, will need to start thinking about how they will manage the assets that they are acquiring. In this section, you are going to learn about the provisioning process that many organizations use for physical assets. You will then receive a quick refresher about where virtual or cloud assets fit into this picture. After that, we will move onto a discussion about what an asset inventory should contain. We'll wrap the course up with a quick review of the steps that need to be taken when retiring outdated equipment in a secure manner. Let's get started with provisioning physical assets.
Recovery Strategies Hi, and welcome back to Pluralsight. I'm your instructor, Lee Allen, and in this module, we will review recovery strategies that are commonly used at modern organizations. Equipment will fail; it's a fact of life. It happened on the Apollo 13 voyage to the moon, and it can happen to your equipment as well. The key is in being prepared for those equipment failures and to understand just how resilient your equipment is. In this module we will cover important terms, such as mean time between failure and mean time between repair. We will look at this prioritization of our assets, and then take a look at off-sight storage strategies. We will follow this up with a review of several types of backups that you can perform, and then we will take a look at the recovery phases that are available. You will also be introduced to the concept of tape rotation.
Personnel Privacy and Safety Hi, and welcome to Pluralsight. My name is Lee Allen. In this module, we will cover the privacy and safety concerns that you should be aware of. We are going to start out with a discussion about the privacy expectations of employees and visitors alike. We will also discuss the types of safety and security concerns that should be considered when travelling. This is then followed by a review of administrative safety controls.
Business Continuity and Disaster Recovery Hi, and welcome back to Pluralsight. I'm your instructor, Lee Allen. Many people confuse business continuity and disaster recovery with each other. In this module, we will take a quick look at what each of these functions performs. Organizations will need to be prepared for a disaster. There have been several tactics developed to address this need. In this module, we are going to review some of these, such as how business continuity planning reduces downtime and data loss, and you will also learn what a disaster recovery plan is and how it is focused on recovery of technological processes and tools. I will cover the steps involved in the creation of contingency plans, and then finish up with a quick review of how some of the metrics, such as recovery point objectives and maximum tolerable downtime are used to assist in recovery planning.
Internal Physical Security Hi, and welcome to Pluralsight. My name is Lee Allen. In this module, we will cover the internal physical security concerns that you should be aware of prior to attempting the CISSP examination. This module is all about the physical security controls that need to be applied internally to maintain the availability, confidentiality, and integrity of critical resources. We will start out by discussing access controls, such as alarm systems, biometrics, locks, and access cards. We will then move on to discussing the key controls, such as access logs and key counts. This is then followed by a quick review of mantraps, safes, vaults, and turnstiles.
Securing Assets Hi, and welcome back to Pluralsight. I'm your instructor, Lee Allen, and in this module we are going to talk about securing and protecting organizational assets. Organizations spend a lot of resources on security devices. In this module, we will discuss the mechanisms used to protect this equipment. We will cover environmental alarms that keep track of temperature, humidity, and flooding. We will then review the steps needed for the protection of equipment, such as cameras and other security devices. We will also look at what it takes to secure mobile devices, such as laptops, tablets, and cell phones.
External Physical Security Hi, and welcome to Pluralsight. I'm your instructor, Lee Allen, and in this module, I will discuss the security controls that are commonly used when creating a strong, multilayered perimeter defense. Perimeter security is focused on controlling access, and to do this effectively, we must use a combination of security controls that deter, delay, and detect attackers. Let's look at some of the control types that are available. We will start with a quick look at layering your defenses. We then move on to reviewing several types of barriers, such as walls, doors, fences, gates, and windows. This is followed by an introduction to lighting, which includes an overview of light measurements and lighting types. We then move on to a quick review of closed-circuit television, and then discuss why guards are one of the best physical controls that are available. Let's get started.