Home » Security Training and Tips » Domains of CISSP: Operations Security

Domains of CISSP: Operations Security

Operations Security is used to identify the controls over hardware, media, and the operators with access privileges to any of these resources. Audit and monitoring are the mechanisms, tools and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group, or process.

The candidate will be expected to know the resources that must be protected, the privileges that must be restricted, the control mechanisms available, the potential for abuse of access, the appropriate controls, and the principles of good practice.

Key Areas of Knowledge

  • Understand the following security concepts
    • Need-to-know/least privilege
    • Separation of duties and responsibilities
    • Monitor special privileges (e.g., operators, administrators)
    • Job rotation
    • Marking, handling, storing, and destroying of sensitive information
    • Record retention
  • Employ resource protection
    • Media management
    • Asset management
    • Personnel privacy and safety
  • Manage incident response
    • Detection
    • Response
    • Reporting
    • Recovery
    • Remediation
  • Prevent or respond to attacks (e.g., malicious code, zero-day exploit, denial of service)
  • Implement and support patch and vulnerability management
  • Understand configuration management concepts (e.g., versioning, baselining)
  • Understand fault tolerance requirements


About this author:


Mary is a leading trainer in Microsoft® and Business Applications.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.