The PRIMARY purpose of operations security is
A.
Protect the system hardware from environment damage.
B.
Monitor the actions of vendor service personnel.
C.
Safeguard information assets that are resident in the system.
D.
Establish thresholds for violation detection and logging.
Explanation:
I think A or C could be the answers. I am leaning towards the C answer but use yourbest judgment.
“Operations Security can be described as the controls over the hardware in a computing facility,
the data media used in a facility, and the operators using these resources in a facility…A Cissp
candidate will be expected to know the resources that must be protected, the privileges that must
be restricted, the control mechanisms that are available, the potential for access abuse, the
appropriate controls, and the principles of good practice.” -Ronald Krutz The CISSP PREP Guide
(gold edition) pg 297
“The term Operations Security refers to the act of understanding the threats to
and vulnerabilities of computer operations in order to routinely support
operational activities that enable computer systems to function correctly.
The term also refers to the implementation of security controls for normal
transaction processing, system administration tasks, and critical external sup-
port operations. These controls can include resolving software or hardware
problems along with the proper maintenance of auditing and monitoring
processes.”
see detailed article here:
http://courses.washington.edu/is551/au07/Readings/Krutz_rdg_Ch6.pdf
0
0