operations security
TRANSCRIPT
![Page 1: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/1.jpg)
Operations Security
12.1 Operational procedures and responsibilities12.2 Protection from malware
12.3 Backup
Arthur PaixãoFaculdade dos Guararapes
![Page 2: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/2.jpg)
Operational procedures and responsibilities
• Objective: To ensure correct and secure operations of information
processing facilities.
![Page 3: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/3.jpg)
Operational procedures and responsibilities
• Divided into subsections:o 12.1.1 - Documented operating procedureso 12.1.2 - Change managemento 12.1.3 - Capacity managemento 12.1.4 - Separation of development, testing and
operational environments
![Page 4: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/4.jpg)
Operational procedures and responsibilities
12.1.1 - Documented operating procedures• The installation and configuration of systems;• Processing and handling of information both automated
and manual;• Instructions for handling errors or other exceptional
conditions, which might arise during job execution, including restrictions on the use of system utilities;
![Page 5: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/5.jpg)
Operational procedures and responsibilities
12.1.2 - Change management• Identification and recording of significant changes;• Planning and testing of changes;• Assessment of the potential impacts, including
information security impacts, of such changes;
![Page 6: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/6.jpg)
Operational procedures and responsibilities
12.1.3 - Capacity management• Deletion of obsolete data (disk space);• Decommissioning of applications, systems, databases or
environments;• Optimising batch processes and schedules;
![Page 7: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/7.jpg)
Operational procedures and responsibilities
12.1.4 - Separation of development, testing and operational environments• Rules for the transfer of software from development to
operational status should be defined and documented;• Development and operational software should run on
different systems or computer processors and in different domains or directories;
• Changes to operational systems and applications should be tested in a testing or staging environment prior to being applied to operational systems;
![Page 8: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/8.jpg)
Protection from malware• Objective:
To ensure that information and information processing facilities are protected against malware.
![Page 9: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/9.jpg)
Protection from malware• Divided into unique subsection:
o 12.2.1 Controls against malware
![Page 10: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/10.jpg)
Protection from malware12.2.1 Controls against malware• Establishing a formal policy prohibiting the use of
unauthorized software;• Implementing controls that prevent or detect the use of
unauthorized software (e.g. application whitelisting);• Implementing controls that prevent or detect the use of
known or suspected malicious websites (e.g. blacklisting);
![Page 11: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/11.jpg)
Backup• Objective:
To protect against loss of data.
![Page 12: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/12.jpg)
Backup• Divided into unique subsection:
o 12.3.1 Information backup
![Page 13: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/13.jpg)
Backup12.3.1 Information backup• Accurate and complete records of the backup copies and
documented restoration procedures should be produced;• The backups should be stored in a remote location, at a
sufficient distance to escape any damage from a disaster at the main site;
• In situations where confidentiality is of importance, backups should be protected by means of encryption;
![Page 14: Operations Security](https://reader035.vdocuments.mx/reader035/viewer/2022070515/5879614e1a28ab1e388b6475/html5/thumbnails/14.jpg)
Arthur PaixãoFaculdade dos Guararapes