Operation Security it Is Important

Operation Security

It is important for organizations today to understand computer security concepts in order to protect the organization's privacy. For this purpose the International Information Systems Security Certification Consortium (ISC)2 created ten security domains which make provision of security practices and principles foundation in all industries.

TEN SECURITY DOMAINS

There are ten components or security domains to the International Systems Security Certification Consortium (ISC) and this include the security domains of:

(1) Security management practices;

(2) Access control systems and methodology;

(3) Telecommunications and networking security;

(4) Cryptography;

(5) Security architecture and models;

(6) Operations security;

(7) Application and systems development security;

(8) Physical security;

(9) Business continuity and disaster recovery planning; and (10) Law, investigations and ethics. (Tipton and Krause, 2008)

Each of these components are critical however, the most important among these is number six or specifically, operations security. This work will examine why this is held to be true.

II. IMPORTANCE OF OPERATIONS SECURITY

The operations security domain has as its focus the implementation of controls that are appropriate as well as hardware, software and resource protection and the maintenance of auditing and monitoring that is appropriate as well as the evaluation of threats and vulnerabilities to the system. The controls that must be given due consideration by the organization in securing operations of their system includes domain address issues and specifically needed are the following implementations:

(1) Controls that prevent and reduce threats that "unintentional errors or unauthorized users accessing the system and modifying data.

(2) Controls for detection and identification of errors when they occur;

(3) A system that makes provision of duty-separation through task assignation to personnel in a manner that prevents one individual from possession complete control of the system's security measures;

(4) Provision for data backup regularly in case of an event or crash and implementation of measures to otherwise restores the organizations systems;

(5) Tracking and approval of system reconfiguration changes;

(6) Background checks for employees and screening for positions within the organization that are authorized to access data that is of a high sensitive nature and control security measures.

(7) Polices that are appropriate in the area of retention and according to the policy and standards of the organization;

(8) Documentation practices that are appropriate as per the security policy, procedures, security, contingency and disaster recovery plans; and (9) Hardware, software and resource protection. (Whitman and Mattord, 2008)

III. THREE TYPES OF SECURITY MONITORING TECHNIQUES

In addition to the specified controls security operations that are sound are inclusive of auditing and monitoring which is appropriate. There are three techniques which are used in monitoring security and these include the techniques referred to as:

(1) intrusion detection;

(2) penetration testing; and (3) violation analysis. (Whitman and Mattord, 2008)