[CCCure CISSP] Data backup a physical control?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Data backup a physical control?

Surya

Can someone please explain how data backup is a physical control? Also I am confused between operational controls and physical controls. How do I know which is an operational control?

Thanks
Surya


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Data backup a physical control?

rajtilak_comptia
There are three major controls as per CBK
Administrative control
Logical or Technical control
Physical control
All other controls are must be classified under these. Now data back up is always comes under technical control. However I need to know the question in full to answer it correctly.
Regards
Rajtilak
Sent on my BlackBerry® from Vodafone

-----Original Message-----
From: Surya <[hidden email]>
Sender: "CISSPstudy" <[hidden email]>
Date: Sun, 23 Feb 2014 16:18:59
To: The CISSP Study Mailing list<[hidden email]>
Reply-To: The CISSP Study Mailing list <[hidden email]>
Subject: [CCCure CISSP] Data backup a physical control?

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Data backup a physical control?

clementdupuis
Administrator
Good day Rurya and all,

First, you must understand that each of the controls you have can act different ways.   A control by itself might be totally ineffective if it is not supported by other layers of controls.

In the case of backups, it is covering all thee categories:  Administrative, Technical, Physical.

You need to have backup policies and retention policies on the administrative side.  For example, under Sarbane Oxley (SOX) you may need to keep your audit data for a period of 3 to 7 years.  Your policies would address those requirements.

You need to have tape backup devices, tapes, and backup software on the technical side to capture the actual backup.

One the backup is created you need to have a physical location to store them securely, you need to have proper environmental controls to ensure you can still read you medias a few years down the road, etc...

Depending on the context of the question, it could be in any categories.

Best regards

Clement



Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Wed, Feb 26, 2014 at 8:59 AM, <[hidden email]> wrote:
There are three major controls as per CBK
Administrative control
Logical or Technical control
Physical control
All other controls are must be classified under these. Now data back up is always comes under technical control. However I need to know the question in full to answer it correctly.
Regards
Rajtilak
Sent on my BlackBerry® from Vodafone

-----Original Message-----
From: Surya <[hidden email]>
Sender: "CISSPstudy" <[hidden email]>
Date: Sun, 23 Feb 2014 16:18:59
To: The CISSP Study Mailing list<[hidden email]>
Reply-To: The CISSP Study Mailing list <[hidden email]>
Subject: [CCCure CISSP] Data backup a physical control?

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner
CLO @ SecureNinja.Com
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Data backup a physical control?

Surya

Thanks Clement.

Can you also help me understand what falls under operational controls?

Regards
Surya

On 26 Feb 2014 23:16, "Clement Dupuis" <[hidden email]> wrote:
Good day Rurya and all,

First, you must understand that each of the controls you have can act different ways.   A control by itself might be totally ineffective if it is not supported by other layers of controls.

In the case of backups, it is covering all thee categories:  Administrative, Technical, Physical.

You need to have backup policies and retention policies on the administrative side.  For example, under Sarbane Oxley (SOX) you may need to keep your audit data for a period of 3 to 7 years.  Your policies would address those requirements.

You need to have tape backup devices, tapes, and backup software on the technical side to capture the actual backup.

One the backup is created you need to have a physical location to store them securely, you need to have proper environmental controls to ensure you can still read you medias a few years down the road, etc...

Depending on the context of the question, it could be in any categories.

Best regards

Clement



Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Wed, Feb 26, 2014 at 8:59 AM, <[hidden email]> wrote:
There are three major controls as per CBK
Administrative control
Logical or Technical control
Physical control
All other controls are must be classified under these. Now data back up is always comes under technical control. However I need to know the question in full to answer it correctly.
Regards
Rajtilak
Sent on my BlackBerry® from Vodafone

-----Original Message-----
From: Surya <[hidden email]>
Sender: "CISSPstudy" <[hidden email]>
Date: Sun, 23 Feb 2014 16:18:59
To: The CISSP Study Mailing list<[hidden email]>
Reply-To: The CISSP Study Mailing list <[hidden email]>
Subject: [CCCure CISSP] Data backup a physical control?

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Data backup a physical control?

clementdupuis
Administrator
Good day Surya,

From the ISC2 book:

Physical Controls: These are controls to protect the organization’s people and physical environment, such as locks, fire management, gates, and guards. Physical controls may be called “operational controls” in some contexts.

Physical Controls are sometimes referred to as “operational” controls in some risk management frameworks. These controls range from doors, locks, and windows to environment controls, construction standards, and guards. Typically, physical security is based on the notion of establishing security zones or concentric areas within a facility that require increased security as you get closer to the valuable assets inside the facility. Security zones are the physical representation of the defense-in-depth principle discussed earlier in this chapter. Typically, security zones are associated with rooms, offices, floors, or smaller elements, such as a cabinet or storage locker. The design of the physical security controls within the facility must take into account the protection of the asset as well as the individuals working in that area. For example, the fire control and suppression systems must account for the health safety of personnel in potential fire zones. One must consider fires, floods, explosions, civil unrest, or other man-made or natural disasters when planning the physical layout of a facility. Emergency strategies must be included in the physical controls to accommodate the safe exiting of personnel and adherence to safety standards or regulations. Adequate exits and emergency evacuation routes must be available in all areas and sensitive areas or information must be able to be secured quickly in case those areas must be evacuated. Human safety is the priority in all decisions of physical security.

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1312-1323). Auerbach Publications. Kindle Edition.

Best regards

Clement


Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1301-1303). Auerbach Publications. Kindle Edition.



Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Wed, Feb 26, 2014 at 10:40 PM, Surya <[hidden email]> wrote:

Thanks Clement.

Can you also help me understand what falls under operational controls?

Regards
Surya

On 26 Feb 2014 23:16, "Clement Dupuis" <[hidden email]> wrote:
Good day Rurya and all,

First, you must understand that each of the controls you have can act different ways.   A control by itself might be totally ineffective if it is not supported by other layers of controls.

In the case of backups, it is covering all thee categories:  Administrative, Technical, Physical.

You need to have backup policies and retention policies on the administrative side.  For example, under Sarbane Oxley (SOX) you may need to keep your audit data for a period of 3 to 7 years.  Your policies would address those requirements.

You need to have tape backup devices, tapes, and backup software on the technical side to capture the actual backup.

One the backup is created you need to have a physical location to store them securely, you need to have proper environmental controls to ensure you can still read you medias a few years down the road, etc...

Depending on the context of the question, it could be in any categories.

Best regards

Clement



Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +<a href="tel:703%20535%208600" value="+17035358600" target="_blank">703 535 8600
Mobile: <a href="tel:%2B1%20407%20433%206444" value="+14074336444" target="_blank">+1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Wed, Feb 26, 2014 at 8:59 AM, <[hidden email]> wrote:
There are three major controls as per CBK
Administrative control
Logical or Technical control
Physical control
All other controls are must be classified under these. Now data back up is always comes under technical control. However I need to know the question in full to answer it correctly.
Regards
Rajtilak
Sent on my BlackBerry® from Vodafone

-----Original Message-----
From: Surya <[hidden email]>
Sender: "CISSPstudy" <[hidden email]>
Date: Sun, 23 Feb 2014 16:18:59
To: The CISSP Study Mailing list<[hidden email]>
Reply-To: The CISSP Study Mailing list <[hidden email]>
Subject: [CCCure CISSP] Data backup a physical control?

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner
CLO @ SecureNinja.Com