CISSP: Domain 7 - Security Operations - Module 2
Employing Resource Protection Techniques

This course is the 2nd of 4 modules of Domain 7 of the CISSP, covering Security Operations.

Learning Objectives

The objectives of this course are to provide you with the ability to:

  • Employ resource protection techniques
  • Conduct incident response
  • Operate and maintain preventative measures
  • Implement and support patch and vulnerability management
  • Participate in and understand change management processes

Intended Audience

This course is designed for those looking to take the most in-demand information security professional certification currently available, the CISSP.


Any experience relating to information security would be advantageous, but not essential.  All topics discussed are thoroughly explained and presented in a way allowing the information to be absorbed by everyone, regardless of experience within the security field.


If you have thoughts or suggestions for this course, please contact Cloud Academy at


Welcome back to the Cloud Academy presentation of the CISSP exam preparation review seminar. We're going to continue our discussion with the Domain 7 - Security Operations, beginning on slide 53. Now it may seem obvious that security operations are focused on protecting valuable assets. It is, however, never practical to protect all assets equally because the cost to protect them may exceed their actual value. And value is not just price but value in terms of its cost and its contribution to the enterprise. The real challenge, therefore, is finding out which assets are truly valuable to the organization. And in most cases, security functions depend on asset owners to identify these valuable assets and help ensure that they're being protected adequately.

When we look at soft-copy media, we're talking about magnetic medium, optical and solid-state. When we talk about hard copies, we're talking about the traditional paper and microfiche. These kinds of assets have to be protected not so much because of what the media itself is worth, but because of what the information that it contains is worth. Being that these are physical media, they need to be protected in ways such as keeping it under your direct control when it's in use, but also to examine the need for encryption for data at rest on, for example, the soft copy medium. So we look at encryption while at rest, closed files on any sort of magnetic media or on the computer itself. We look at encryption while in motion, making sure that transferred information is encrypted through either a tunnel or a message type. We have removable media, which has the need for physical protection, and for the electronic protection of encryption. We have cloud storage, having the need for one or the other of these, possibly both, and then virtual storage.

When it comes to cloud-based storage concerns, the concerns most often resolve to who has access, at what level, and what purpose does their access serve? This is a question that is frequently asked by newcomers to cloud computing. So we ask those questions first. We also ask, where might such access come from? What sort of restrictions can be placed on this? Reflecting the fact that many people question whether or not information in the cloud can be secured or whether it is at all securable. But we ask the question, what sort of restrictions can be placed on this? From what networks? From what type of device? If I need to recall the data, looking at it from an operational perspective, how long will that take? A need might be a matter of minutes. The need might be as long as a single day, or just can I even in fact get it back? And then there's the question and this is one that has a lot to do with security operations, who controls the encryption functions? Because cloud provides no less than three options for how that should happen. But all these questions are looking to determine who has access to the information all on balance and reflective of what its value is and the need to protect it.

The different types of virtualized storage include host-based, that is the type of virtual storage that the operating system creates. We have storage device-based, which is a swapping between the main memory and the storage device itself. We have network-based, the kind that can be accessed over the web, or over the internal network to various types of storage repositories. And then the archival or offline storage, which may be something virtual, or it may be something physical, such as removable drives, and even tape. These all are covered by the subject of records management. And the people that are really the experts in this sort of thing are the folks that are members of ARIMA, the Association of Records and Information Management.

These folks are the ones who really figure out how this information needs to be valued, how it needs to be stored, retrieval techniques, and so on. And they publish much guidance addressing themselves to the subjects they're protecting hard copy records and protecting the digital version of those hard copy records. Throughout our data lifecycle, we have to look at the final phase. We have to deal with remnants. And remnants is, by definition, the residual magnetic flux that remains on a magnetic drive, or in the case of an optical drive, the residual images.

We have the logical form of overwriting, which done by a certain sequence, meets a certain Department of Defense standard and is thought to be logically equivalent to actually destroying the information. We have, of course, the actual media destruction. But we have to make sure that whatever the item is, whether it's software or data, we have to think about what we need to do with original copies. In the case of software, this could be an escrow copy that we are able to retrieve at some point in the future.

We also have to think about the installed software and how we're going to maintain it. If we go through the cycle of disposing of a particular system, do we need to keep a readily restartable copy of the installed software available for a period of time as we make the transition from it to the new version that's replacing it? All questions to be addressed in light of their contribution and their value to our organization.

About the Author
Learning Paths

Mr. Leo has been in Information System for 38 years, and an Information Security professional for over 36 years.  He has worked internationally as a Systems Analyst/Engineer, and as a Security and Privacy Consultant.  His past employers include IBM, St. Luke’s Episcopal Hospital, Computer Sciences Corporation, and Rockwell International.  A NASA contractor for 22 years, from 1998 to 2002 he was Director of Security Engineering and Chief Security Architect for Mission Control at the Johnson Space Center.  From 2002 to 2006 Mr. Leo was the Director of Information Systems, and Chief Information Security Officer for the Managed Care Division of the University of Texas Medical Branch in Galveston, Texas.


Upon attaining his CISSP license in 1997, Mr. Leo joined ISC2 (a professional role) as Chairman of the Curriculum Development Committee, and served in this role until 2004.   During this time, he formulated and directed the effort that produced what became and remains the standard curriculum used to train CISSP candidates worldwide.  He has maintained his professional standards as a professional educator and has since trained and certified nearly 8500 CISSP candidates since 1998, and nearly 2500 in HIPAA compliance certification since 2004.  Mr. leo is an ISC2 Certified Instructor.