Please enable JavaScript.
Coggle requires JavaScript to display documents.
Ch2: Security Operations Domain 5 in CC, Legal - Coggle Diagram
Ch2: Security Operations
Domain 5 in CC
2.1 Data Security
logging and monitoring
monitoring
Ingress Monitoring
Egress Monitoring หรือ
Data Loss Prevention (DLP)
Data Leak Protection
logging should be reviewed too
Encryption
Symetric Key
pro: faster
con: key distribution
Asymmetric Key
pro: safer
con: complex and slower
Hashing
2.2 System Hardending
Configuration Management
Configuration Management Components
Identification
ทำ inventory
Baselines
Updates
Patches
Risk of Changes
ต้องมี Rollback plan
Common Security Policies
Bring Your Own Device Policy(BYOD)
Data handling Policy
Change Management Policy
Privacy Policy
Acceptable Use Policy(AUP)
Password Policy
Change Management Components
Approval
Rollback
Request for Change
2.3 Security Awareness Training
3 types
Training
Awareness
Education
Examples
Phishing
Whaling)
Social Engineering
Phone Phishing orVishing
Pretexting)
การแลกเปลี่ยน (Quid Pro Quo)
การแอบตาม (Tailgating)
2.0 Data Handling
6 steps
Use
Share
Store
Archieve
Create
Delete
Data Handling Practices
Classification
Ex1
Public Data
Confidential Data
Internal Data
Highly Confiential Data
Ex 2
FInancial Data
Personal Data
Sensitive Personal Data
Legal Data
Labeling
Retention
Destruction
Overwriting
Secure Deletion
ex. CCleaner
Physical Destruction
Wiping
Crypto-shreadding
Others
Legal