5. Security Operations

Data Handling

Goes through a life cycle as users create, use, share, modify data

Model: create, store, use, share, archive, destroy

Process of recognizing organizational impacts if there is a compromise

  1. Dictates rules/restrictions about how info is used, stored, shared

  2. Keeps the value, importance of data, info from leaking

  3. Before attacking labels: Assessments

  4. Came from laws, regulations, contracts, business expectations

  5. Leads to better design, implementation of processes

Logging & Monitoring Security Events

Captures signals generated by events

Events: Actions that take place in the environment that cause change user IDs, activities, dates/times, device/location identity

Event Logging Best Practices:

Ingress monitoring (inner): Surveillance of inbound traffic, access

  • Firewalls, gateways, remote authentication servers


  • Anti-malware

Egress monitoring (outer): Regulates data leaving the environment

  • Email, portable media,

  • FTP, websites, API's: Application Programming Interfaces


Hiding data in ways only intended recipients understand it

Protects info by keeping it secret, unintelligible and transform plaintext

  1. Confidentiality: Messages can't be understood by anyone but intended

  2. Integrity: Hash functions & digital signatures: Verify no alteration

Uses same key in both encryption/decryption processes

  • Two parties communicating need to share knowledge of key

  • Someone who compromises comms could intercept the key

  • Key distribution is difficult: MITM

  • Out-of-Band key distribution: Sending through a diff channel

    • Bulk data: Backups, HDDs, portable media

    • Messages traversing communications channels

    • Streaming large-scale, time-sensitive data

Configuration Management

Only authorized changes happen

Baseline ID of a system, interfaces, documentation

Baseline: Min level of protection used as a reference point

Common Security Policies

Appropriate use of data:

  • Defines if data for company use, is restricted by role, or made public

  • Proper classification helps comply with laws and regulations

Password Policy: Expectations of systems, users, passwords

Change Management

Request For Change: Moves through various development & test stages

Last updated