This chapter covers security in operations including physical and environmental security, equipment security, and monitoring activities. The core concepts in the operations security are covered with suitable illustrations.
A candidate appearing for the CISSP exam is expected to understand the foundational concepts and have the knowledge in the following key areas of the operations security domain:
Assets, such as data, are accessed and processed in operational areas through systems and applications. Similarly, access to facilities, such as data centers and operational areas, are facilitated through access control mechanisms. Hence, physical access to operational areas needs to have appropriate controls for strong authentication and authorization.
Observe the following illustration. Users need access to physical facilities such as operational areas. Such physical areas can be subdivided into perimeter and interior sections. Controlling access to operational areas, and the process of identifying and blocking unauthorized intrusions to the operational areas are primary security requirements in this domain. In the scenario of a physical intrusion, it is essential to identify breaches and implement control actions, including investigations:
In this module, you will learn about the following: