Читать книгу The Official (ISC)2 CISSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 19

Security Operations (SecOps) is a companion to the other domains in the CBK, and this chapter deals with implementing, operating, and maintaining infrastructure needed to enable the organization's security program. Security practitioners must first perform a risk assessment and then design and operate security controls spanning technology, people, and process to mitigate those risks. SecOps is a key integration point between security teams and other parts of the organization such as Human Resources (HR) for key tasks like designing job rotations or segregation of duties, or a network engineering team that is responsible for implementing and maintaining firewalls and intrusion detection systems (IDSs).

Logical security aspects of SecOps include running and maintaining a security operations center (SOC), which is becoming an increasingly crucial part of a security program. The SOC centralizes information like threat intelligence, incident response, and security alerts, permitting information sharing, more efficient response, and oversight for the security program and functions. Planning for and exercising crucial business plans like business continuity and disaster recovery (BCDR) are also an important element of SecOps.

SecOps also encompasses important physical security concepts like facility design and environmental controls, which are often completely new concepts for security practitioners who have experience in cybersecurity or information technology (IT). However, the physical security of information systems and the data they contain is an important element of maintaining all aspects of security. In some cases, physical limitations like existing or shared buildings are drivers for additional logical controls to compensate for potential unauthorized physical access.