SecurITyCerts dot Org

       Navigating Security Certifications

CISSP Acronym Edge: CISSP Study & Review Guide December 2016+

Main CISSP Acronym Edge Index

Domain 7: Security Operations

Domain 7 has grown and now includes Business Continuity Planning/Disaster Recovery Planning, some legal issues and more.

When it comes to legal issues, the goal is not to turn you into legal or law enforcement, but to help you effectively interface with them. Remember, you have no legal training (even if you actually do, pretend you do not for the exam).

If there is a legal related question and one of the answers is similar to “I have no legal training," "consult consul,” or “consult someone with the appropriate expertise,” seriously consider that answer.

Get a PDF of The CISSP Acronym Edge: CISSP Study & Review Guide -  signup below & I'll send it to you.

Decommissioning/Deprovisioning – Removing a resource from active production. Possible resources include systems, applications, users, and data. Decommissioning/Deprovisioning must be done securely.

IaaS – Infrastructure as a Service. A cloud term. An example is a Virtual Private Server (VPS), a Virtual Machine (VM) you have complete control over. It may be automatically provisioned by your cloud provider on demand or you may supply the VM.

PaaS – Platform as a Service. A cloud term. An example is one of the many hosting providers which provide you with a Web Server, for example Apache, to host your Web site(s).

SaaS – Software as a Service. A cloud term. Gmail is one example, providing email services.

Multi Tenant Cloud – A cloud where data and services for different organizations share the same hardware. Similar to different organizations sharing the same physical building. Sometimes this is appropriate, sometimes it is not!

CCB – Change Control Board.

CMDB – Change Management Database, or Configuration Management Database.

NGFW – Next Generation FireWall. Originating as a marketing term from Palo Alto Networks, NGFW means a very smart firewall that understands Application Layer (layer 7) protocols.

IDS – Intrusion Detection System. An IDS is an alarm system. It watches and raises “alerts” when something occurs that needs human investigation. Just like physical alarm systems, IDSs have false alarms or alerts as well. The primary (or at least one of the primary) technical detection controls.

NIDS – Network Intrusion Detection System. An IDS that functions by watching the packets on a network. A NIDS will commonly be placed at a network aggregation point, for example before the firewall, after the firewall, or on a spanning/mirroring port on a network switch. Snort is a popular open source NIDS.

HIDS – Host Intrusion Detection System. An IDS that sits on one specific host and watches it. HIDS is commonly used to refer to anything that protects a host, and there are also HIDS specific products available. OSSEC is a popular open source HIDS.

IPS – Intrusion Prevention System. An IPS, unlike an IDS, is an inline device that can stop attacks.

An IPS can be implemented in many ways. For example it can be implemented as part of a firewall (for example as an option with CheckPoint’s firewall), as a separate physical network device (for example HP’s TippingPoint), or as a part of an endpoint protection suite (typically combined with AntiVirus/AntiMalware etc.).

SIEM – Security Information and Event Management. “Provides real-time analysis of security alerts generated by network hardware and applications” - Wikipedia. The terms SEM (Security Event Management) and SIM (Security Information Management) are often used interchangeably.

PICERL – Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned. The 6 steps in incident handling. Yes, you need to know these, including the order.

RAID – Redundant Array of Inexpensive Disks or Redundant Array of Independent Disks . There are several RAID levels defined by the RAID advisory board. Note that RAID 0, striping, does NOT provide any redundancy, and RAID 2 is the only level which has a required number of disks, 39. 39 might seem like a strange number unless you are mainframe person as traditionally IBM mainframes had 39 disks. I have no idea what they do today on mainframes. If you care, feel free to google it!

FRDS– Failure Resistant Disk Systems. RAID, except for RAID 0, are examples of Failure Resistant Disk Systems.

Business Continuity Planning/Disaster Recovery Planning

Once upon a time this was its own domain.

There are not too many terms here. I also suggest reading or at least being familiar with NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, as part of preparing for the CISSP Exam.

BCP – Business Continuity Plan. An overarching plan to minimize interruption to a business after a disruptive event like a disaster occurs. The BCP is a long term and strategic plan. The BCP deals with risks that have not been handled by other controls.

There is always a default BCP, which is you die or go out of business when a large disruptive event occurs.

DRP – Disaster Recovery Plan. The subcomponent of the Business Continuity plan that deals with the recovery of IT systems. Short term and tactical.

COOP – Continuity Of Operations Plan. A term commonly used in the US Government and other governments similar to the term BCP. Although in practice the terms COOP and BCP are sometimes used interchangeably, for the exam at least, the COOP is part of the BCP dealing with sustaining or continuing operations.

BIA – Business Impact Analysis. The BIA comes after the (limited to critical systems) risk analysis and determines tolerable impact levels to systems.

MTD – Maximum Tolerable Downtime, also sometimes called Maximum Allowable Downtime. How long critical systems can be down until the point of no return, until irreparable damage to the organization is done. The MTD is the primary output of the Business Impact Analysis. For some reason the acronym MAD is never used.

RTO – Recovery Time Objective. The targeted duration of how long a system or process will be down. The RTO had better be no more than the MTD!

RPO – Recovery Point Objective. The targeted duration of how long data can be unavailable. The RPO had better be no more than the MTD!

Get a PDF of The CISSP Acronym Edge: CISSP Study & Review Guide -  signup below & I'll send it to you.

We respect your email privacy