Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study...
-
Upload
randolph-flynn -
Category
Documents
-
view
234 -
download
0
Transcript of Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study...
![Page 1: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/1.jpg)
Ch 11: Ch 11: Exploring Operational SecurityExploring Operational Security
CompTIA Security+: CompTIA Security+: Get Certified Get Get Certified Get Ahead: SY0-401 Ahead: SY0-401
Study GuideStudy Guide
Darril GibsonDarril Gibson
![Page 2: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/2.jpg)
Exploring Security Policies
![Page 3: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/3.jpg)
Security Policies
Written documents
Created as an early step to mitigate risks
Brief, high-level statements that identify goals
Guidelines and Procedures are created later to support the policies– They provide details
Security controls enforce the requirements of a security policy
![Page 4: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/4.jpg)
Personnel Policies
Acceptable use
Mandatory vacations
Separation of duties
Job rotation
Clean desk
![Page 5: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/5.jpg)
Acceptable Use
Defines proper system usage
Includes definitions and examples of unacceptable use– Personal shopping on company computers– Web browsing
Users must agree to the policy– Sometimes a written document they sign– Sometimes a logon banner or email
![Page 6: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/6.jpg)
Mandatory Vacations
Help detects fraud or embezzlement
Often used for financial workers
Good for administrators too
Good examples in the Computer Fraud Casebook– Link Ch 11b
![Page 7: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/7.jpg)
Separation of Duties
Prevents any one person from completing all the steps of a critical or sensitive process
Prevents fraud, theft, and errors
Accounting is designed this way
IT systems need this protection too– The "all-powerful administrator" violates this
principle
![Page 8: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/8.jpg)
Link Ch 11c
![Page 9: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/9.jpg)
Job Rotation
Employees rotate through different jobs
They learn the processes and procedures for each job
Helps expose dangerous shortcuts or fraudulent activity
No one person can retain control of any process or data
![Page 10: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/10.jpg)
Clean Desk Policy
Keep desks organized and free of papers
Prevents data theft or inadvertent disclosure of information
Also presents a positive, professional image
![Page 11: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/11.jpg)
Items Left on a Desk
Keys
Cell phones
Access cards
Sensitive papers
Logged-in computer
Printouts left in printer
Passwords on sticky notes
File cabinets left open or unlocked
Personal items such as mail with PII
![Page 12: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/12.jpg)
Account Management Policies
Least privilege policy– Users have only the rights and permissions
needed to do their jobs
Account disablement policy– Administrators must disable accounts quickly
when a user leaves the organization– Audits and reviews can verify compliance with
this policy
![Page 13: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/13.jpg)
Require Administrators to Use Two Accounts
One account for regular work, with limited privileges
Elevated account only for administrative work– This protects against the "Pass the Hash" and
other privilege escalation attacks (Link Ch 11a)– Or the simpler problem of an administrator
accidentally leaving a workstation logged in
![Page 14: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/14.jpg)
Never Use Shared Accounts
If two users share an account, you lose these things:– Identification– Authentication– Authorization
![Page 15: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/15.jpg)
Third-Party Issues
Business partners like contractors have access to user data
Non-disclosure agreement– Privacy considerations– Data ownnership– Data backups– Unauthorized data sharing– Security policy and procedures– Reviews
![Page 16: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/16.jpg)
Interoperability Agreements
Interconnection Security Agreement (ISA)– Specifies technical and security requirements
for a secure connection between entities
Service Level Agreement (SLA)– Specifies minimum uptime and penalties
Memorandum of Understanding (MOU)– Expresses an intention of working together
towards a common goal– Defines responsibilities, but not penalties
![Page 17: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/17.jpg)
Interoperability Agreements
Business Partner Agreement ( BPA)– Details each partner's obligations– Shares of profit or loss– Responsibilities– What to do if one partner leaves– Helps to settle conflicts if they arise
![Page 18: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/18.jpg)
Change Management Policy
Ensures that changes in IT systems don't cause unintended outages
Provides an accounting structure to document changes
Includes patch management
![Page 19: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/19.jpg)
Change Management Process
Change request
Review of request
Approval
Technician implements change
Every step is documented
Plan for reversal of change if necessary
![Page 20: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/20.jpg)
Data Policies
Companies must protect private data– Research & Development– Customer databases– Proprietary information on products
![Page 21: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/21.jpg)
Data Policies
Types of Data Policies– Information classification– Data labeling and handling– Data wiping and disposing– Storage and retention– PII (Personally Identifiable Information)– Privacy policy for websites– Social media– P2P
![Page 22: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/22.jpg)
Information Classification
Identify, classify, and label data
Gov't– Top Secret, Secret, Confidential, Unclassified
Companies– Proprietary, Private, Classified, Public
![Page 23: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/23.jpg)
Data Labeling and Handling
Label media such as backup tapes
File labels– Properties, headers, footers, watermarks
Prevents accidental disclosure of confidential data during talks, etc.
Backups need labeling and careful handling
![Page 24: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/24.jpg)
eDisclaimers
A missing e-disclaimer nearly cost Google billions of dollars– Example disclaimer from link Ch 11d
![Page 25: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/25.jpg)
Data Wiping and Disposing
Must clean computers before discarding or donating them
Hard drives are the greatest risk– Bit-level overwrite– Degaussing– Physical descruction
Copiers also have hard drives
Paper must be shredded or burned
![Page 26: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/26.jpg)
Wiping Files
Securely erasing individual files
File shredders are included in some antivirus products
Must erase entire cluster to eliminate all possible fragments of a file
![Page 27: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/27.jpg)
Storage and Retention Policies
Defines what data is stored and for how long
Reduces legal liability– Old data has little value, and can be required
as evidence in a lawsuit
![Page 28: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/28.jpg)
PII (Personally Identifiable Information)
Two or more of– Full name– Birthday or birth place– Medical or health information– Address– Biometric data– SSN, Driver's License #, or any other ID #
One item is not enough to count as PII– Passwords don't count as PII
![Page 29: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/29.jpg)
PII Data Breach
Many real data breaches each year
Two recent events that were NOT PII data breaches– LinkedIn's loss of thousands of password
hashes– CCSF's bogus "virus" scandal (even if the
viruses had been real)
![Page 30: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/30.jpg)
Protecting PII
If a company collects PII data, it must be protected
California and many other states require notification of customers when a PII breach occurs
Many breaches come from employees' sloppy handling of PII– USB sticks– Backup tapes– Files on public servers
![Page 31: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/31.jpg)
Privacy Policy for Websites
States how a website collects data
Also how the data is used, and whom it is shared with
California law requires a conspicuously posted privacy policy– On websites that collect information about CA
residents– Even if the website is hosted outside CA
![Page 32: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/32.jpg)
Social Networking
Facebook, Twitter, etc.
Users post personal information, including answers to security questions, such as birthday, home town, etc.
Information can also be used in scams
Employers search social networking sites when hiring
![Page 33: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/33.jpg)
SSO and Social Media
Facebook can be used to log into many other sites
If someone gets your Facebook password, all those sites are compromised too
Use two-factor authentication!
![Page 34: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/34.jpg)
Banner Ads and Malvertisements
Malware delivered through ads
Have appeared on the New York Times and Yahoo!
Either through hacking the servers, or simply purchasing ad space
![Page 35: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/35.jpg)
P2P
Peer-to-peer or file-sharing
Used to share pirated MP3s, videos, and software
Napster, MegaUpload, Bittorrent, Pirate Bay, etc.
Can be blocked by content-aware firewalls– Also called Layer 7 Firewalls
![Page 36: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/36.jpg)
P2P Risks
Copyright infringement
Bandwidth consumption
Data leakage– President's helicopter plans found in Iran in
2009, shared accidentally on P2P– A schoolgirl found pornography on her
computer that she didn't put thereP2P stores files for others on your system
![Page 37: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/37.jpg)
Responding to Incidents
![Page 38: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/38.jpg)
Security Incident
Attacks
Malware Infection
Security policy violation
Unauthorized access to data
Inappropriate usage of sytems
![Page 39: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/39.jpg)
Incident Response Team
Senior management– With enough authority to get things done
Network administrator/engineer
Security expert– Able to preform forensic analysis
Communications expert– Public relations
![Page 40: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/40.jpg)
Incident Response Procedures
Preparation– Establishing procedures and reviewing them– Establishing incident prevention policies
First responder– First ecurity-trained individual on the scene
Incident identification– Verify that this is an actual incident, not just a
false positive
![Page 41: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/41.jpg)
Incident Response Procedures
Incident isolation– Prevent problem from getting worse– May involve removing devices from the
network
Damage and loss control– Use a public relations specialist to
communicate with the media to limit bad publicity
![Page 42: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/42.jpg)
Incident Response Procedures
Escalation and notification– Inform appropriate personnel, such as the Incident
Response Team (if there is one)– IR policy will typically list other personnel to
inform, such as security managers– Forensic examination may begin
Reporting– May need to notify executives of serious incidents– Sometimes customers must be notified
![Page 43: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/43.jpg)
Incident Response Procedures
Data breach– Must determine the extent of the loss– Determine if outside entities are affected– Breach notification requirements (vary from
state to state)
Recovery/reconstitution procedures– Restore system to service
![Page 44: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/44.jpg)
Incident Response Procedures
Lessons learned– Decide how to prevent another incident like
this
Mitigation steps– Recommend revised security controls, such
as updates
![Page 45: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/45.jpg)
Basic Forensic Procedures
Collect and preserve evidenceForensic software suites
– EnCase– FTK– ProDiscover
![Page 46: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/46.jpg)
Order of Volatility
RAM– Running processes– Network connections– Application remnants
Hard disk Logs stored on remote systemsArchived data
![Page 47: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/47.jpg)
Capture Images
Image is a snapshot of a hard disk, or of RAM
Ghost images are used to deploy operating systems, but they don't include unused parts of the disk
Forensic images include every usable bit on the disk
![Page 48: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/48.jpg)
Write-Blocker
Ensures that a disk is not modified during collection of data
All analysis uses copies of the data, not the original disk
MD5 or SHA-1 hash is stored with image, to verify that copies are exact
Original disk must be preserved to bring to court as evidence
![Page 49: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/49.jpg)
Network Traffic and Logs
IP address or MAC address used to identify system– MAC address is better, but neither are perfect
Logs record events that happened during an incident
![Page 50: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/50.jpg)
Chain of Custody
A document that identifies people who controlled and handled the evidence
Avoid gaps—or evidence may be worthless in court
Lock evidence in a safe or evidence lockerRecord every time anyone accessed it
![Page 51: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/51.jpg)
Video Surveillance
Video records are very commonExcellent source of evidence
![Page 52: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/52.jpg)
Record Time Offset
Times are very important, to identify who was using the computer
Perps modify time settings to mislead investigators
![Page 53: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/53.jpg)
Screenshots
Screen images of desktop displayYou use them to turn in homeworkOne way to collect data from a cell phone
is to just photograph the screen while paging through the messages
![Page 54: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/54.jpg)
Witnesses
Eyewitness testimony is very influential in court
Despite studies that show how unreliable it is
![Page 55: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/55.jpg)
Link Ch 11e
![Page 56: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/56.jpg)
Track Hours and Expense
Investigations can take many hours and cost a lot of money
Include costs in quantitative risk assessment
![Page 57: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/57.jpg)
Big Data Analysis
Databases so large that tools don't exist to extract meaningful information from them
Specialists are required to develop custom tools for each case
![Page 58: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/58.jpg)
Security Awareness and Training
Minimizes risk posed by usersHelps reinforce user compliance with
policiesRisks of USB drivesAwareness and training plan needs
support from senior managementRefresher training required periodically
![Page 59: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/59.jpg)
Role-Based Training
Executive personnel– Need high-level briefings– Warning about whaling
Incident response team– Detailed training on how to respond– Forensic procedures
AdministratorsEnd users
![Page 60: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/60.jpg)
Training Topics
Security policy contentsKeeping cipher codes privateAcceptable use and user responsibilitiesProtection of PIIData labeling, handling, and disposal Information classification
![Page 61: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/61.jpg)
Training Topics
Laws, best practices, and standardsThreat awarenessRisky user habits like sharing passwords and
tailgatingSocial networks and file-sharing
![Page 62: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/62.jpg)
Training and Compliance Issues
Many laws cover PIIOther regulations may apply
– Payment Card Industry Data Security Standard (PCI-DSS)
– FERPA for colleges– FISMA for gov't entities– HIPAA for health-care companies
![Page 63: Ch 11: Exploring Operational Security CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson.](https://reader036.fdocuments.net/reader036/viewer/2022081506/56649e305503460f94b20bd9/html5/thumbnails/63.jpg)
Using Metrics to Validate Compliance
Measuring compliance helps to measure the effect of training– Image from
askaboutfukushimanow.files.wordpress.com