Chapter 6 Security Operations and Admin
security event log
...are records of data that your operating system or application software automatically create. records which user or system accessed data or a resource and when
Change control committee
It oversees all proposed changes to systems and networks. The committee approves changes and the schedule for implementing the changes. In this manner, you cannot make changes to a system, application, or network without the proper review, funding, and documentation.
Agile development
Smaller development cycles. smaller deliverables more frequently.
Certifier
The individual or team that is responsible for performing the security test and evaluation (ST+E) for the system... also prepares the report for the AO on the system's operating risk.
System Owner
The person responsible for the daily operations of the system and ensuring that the system continues to operate in compliance with the conditions set out by the AO
Authorizing official
The senior manager who must review the certification report and make the decision to approve the system for implementation. officially acknowledges and accepts the risk that the system may pose to agency mission, assets, or individuals.
Guidline
They outline recommendations for the purchase and use of acceptable products and systems. ... are simply actions that you recommend.
Standard
are mandated requirements for hardware and software solutions used to address security risk throughout an organization
Procedure
are systematic actions to accomplish a security requirement, process, or objective. They are one of the most powerful tools available to you. They can provide documentation of the way you do business and ensure no one's critical knowledge remains only in their heads
Baseline
are the benchmarks that help make sure a minimum level of security exists across multiple applications of systems and across different products. ... are helpful when configuring new computers or devices as well as for comparing with existing systems to see if they still meet the minimums
Functional policy
declares an organization's management direction for security in such specific functional areas as e-mail, remote access, and Internet surfing. should use strong language, such as will and must
remediation
involves fixing something that is broken or defective. With computer systems, ...refers to fixing security vulnerabilities.
emergency operations group
is responsible for protecting sensitive data in the event of natural disasters and equipment failure, among other potential emergencies.
WaterFall model
is that no phase begins until the previous phase is complete. The phases are as follows: 1. Requirements specification 2. Design 3. Construction 4. Integration 5. Testing and debugging 6. Installation 7. Maintenance
Accreditation
is the formal acceptance by the authorizing official to accept the risk of implementing the system.
Certification
is the process of reviewing a system throughout its life cycle to ensure that it meets its specified security requirements
Sprint
small project iterations are generally one to four weeks in duration
Clean desk/ clear screen policy
which states that users must never leave sensitive information in plain view on an unattended desk or workstation.
security administration
is the group of individuals responsible for planning, designing, implementing, and monitoring an organization's security plan
Change Control
is the management of changes to the configuration. Unmanaged changes introduce risk, because they might affect security operations or controls. ensures that any changes to a production system are tested, documented, and approved
Configuration control
is the management of the baseline settings for a system device. The baseline settings meet security requirements. They require that you implement them carefully and only with prior approval.
Compliance liaison
makes sure all personnel are aware of—and comply with—the organization's policies. Different departments within an organization might have different security ideas or needs. A ... works with each department to ensure it understands, implements, and monitors compliance.
Proactive change management
management initiates the change to achieve a desired goal. In this case, the source of the change is internal, such as the adoption of new technology.
Reactive change management
management responds to changes in the business environment. The source of the change is external. Some examples are changes in regulations, customer expectations, and the supply chain
Job rotation
minimizes risk by rotating employees among various systems or duties. This prevents collusion, where several employees conspire to commit fraud
