# ๐Ÿ›ก๏ธ Domain 5: Security Operations โ€“ ISC2 CC Study Guide --- ## ๐Ÿ“ 5.1 Data Security ### ๐Ÿ” Encryption Types - **Symmetric Encryption**: Uses the same key for encryption and decryption. - *Examples*: AES, DES. - **Asymmetric Encryption**: Uses a public key for encryption and a private key for decryption. - *Examples*: RSA, ECC. - **Hashing**: Converts data into a fixed-size string of characters, which is typically a digest that cannot be reversed. - *Examples*: SHA-256, MD5. ### ๐Ÿ—‚๏ธ Data Handling Procedures - **Data Classification**: Categorize data based on sensitivity (e.g., Public, Confidential, Secret). - **Labeling**: Mark data according to its classification level. - **Retention Policies**: Define how long data should be kept. - **Secure Disposal**: Methods include shredding, degaussing, and using data-wiping software. ### ๐Ÿ“Š Logging and Monitoring - **Log Management**: Collect, store, and analyze logs from various systems. - **Security Information and Event Management (SIEM)**: Aggregates and analyzes log data for real-time threat detection. - **Continuous Monitoring**: Ongoing surveillance to detect and respond to threats promptly. --- ## ๐Ÿ› ๏ธ 5.2 System Hardening ### ๐Ÿงฑ Configuration Management - **Baseline Configurations**: Establish standard settings for systems. - **Patch Management**: Regularly update systems to fix vulnerabilities. - **Change Control**: Procedures to manage alterations in system configurations. ### ๐Ÿ”’ Hardening Techniques - **Disable Unnecessary Services**: Reduce attack surfaces by turning off unused services. - **Least Privilege Principle**: Users have only the access necessary to perform their duties. - **Regular Updates**: Keep systems and applications up to date with the latest patches. --- ## ๐Ÿ“œ 5.3 Security Policies ### ๐Ÿ“š Policy Types - **Data Handling Policy**: Guidelines for managing and protecting data. - **Password Policy**: Rules for creating and maintaining secure passwords. - **Acceptable Use Policy (AUP)**: Defines acceptable activities on organizational systems. - **Bring Your Own Device (BYOD) Policy**: Rules for using personal devices for work purposes. - **Change Management Policy**: Procedures for requesting and implementing changes to systems. - **Privacy Policy**: Outlines how personal information is collected, used, and protected. --- ## ๐Ÿง  5.4 Security Awareness Training ### ๐ŸŽ“ Training Objectives - **Educate Employees**: Increase awareness of security threats and best practices. - **Phishing Simulations**: Test employee responses to simulated phishing attacks. - **Regular Updates**: Keep training materials current with evolving threats. ### ๐Ÿงฉ Key Topics - **Social Engineering**: Manipulative tactics to trick individuals into divulging confidential information. - **Password Security**: Importance of strong, unique passwords and the use of password managers. - **Incident Reporting**: Procedures for reporting suspected security incidents. --- ## ๐Ÿงพ Additional Notes - **Incident Response Plan (IRP)**: A structured approach for handling security incidents. - **Business Continuity Plan (BCP)**: Strategies to ensure critical business functions continue during a disruption. - **Disaster Recovery Plan (DRP)**: Procedures to restore systems and data after a catastrophic event. --- ## ๐Ÿ“ Exam Tips - **Understand Key Concepts**: Focus on the principles behind security operations, not just definitions. - **Real-World Applications**: Be prepared to apply concepts to hypothetical scenarios. - **Review Policies and Procedures**: Familiarize yourself with common organizational policies related to security operations. --- *Sources:* - ISC2 Official Study Guide - Mike Chapple's LinkedIn Learning Course - Reddit r/isc2 Community Insights