Can someone please explain how data backup is a physical control? Also I am confused between operational controls and physical controls. How do I know which is an operational control? Thanks _______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org |
There are three major controls as per CBK
Administrative control Logical or Technical control Physical control All other controls are must be classified under these. Now data back up is always comes under technical control. However I need to know the question in full to answer it correctly. Regards Rajtilak Sent on my BlackBerry® from Vodafone -----Original Message----- From: Surya <[hidden email]> Sender: "CISSPstudy" <[hidden email]> Date: Sun, 23 Feb 2014 16:18:59 To: The CISSP Study Mailing list<[hidden email]> Reply-To: The CISSP Study Mailing list <[hidden email]> Subject: [CCCure CISSP] Data backup a physical control? _______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org _______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org |
Administrator
|
Good day Rurya and all, First, you must understand that each of the controls you have can act different ways. A control by itself might be totally ineffective if it is not supported by other layers of controls.Clement Clement Dupuis, CD
Chief Learning Officer (CLO) and Security Evangelist GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE, + 12 others SecureNinja Office : +703 535 8600 Mobile: +1 407 433 6444 Email: [hidden email] Web: www.secureninja.com Connect with me on LinkedIn | Follow me on Twitter Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter 901 N. Pitt Street, Suite 105 Alexandria, VA 22314 Description: Description: sn_logo In Cyberspace: [hidden email] Clement Dupuis, CD President/Founder/Chief Security Evangelist The CCCure Family of Portals ---------------------------------------------------------------------------------------------- Maintainer of : The CCCure Quiz Engine https://www.freepracticetests.org/quiz/index.php?page=home The CCCure Family of Portals http://www.cccure.org The Professional Security Testers Warehouse http://www.professionalsecuritytesters.org/ Knowledge sharing and giving back to the community ------------------------------------------------------------------------------------------------------- >> Call me to get the best CISSP, Security+, or other Security related training << ------------------------------------------------------------------------------------------------------- On Wed, Feb 26, 2014 at 8:59 AM, <[hidden email]> wrote: There are three major controls as per CBK _______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner CLO @ SecureNinja.Com |
Thanks Clement. Can you also help me understand what falls under operational controls? Regards On 26 Feb 2014 23:16, "Clement Dupuis" <[hidden email]> wrote:
_______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org |
Administrator
|
Good day Surya, Best regardsFrom the ISC2 book: Physical Controls: These are controls to protect the organization’s people and physical environment, such as locks, fire management, gates, and guards. Physical controls may be called “operational controls” in some contexts. Physical Controls are sometimes referred to as “operational” controls in some risk management frameworks. These controls range from doors, locks, and windows to environment controls, construction standards, and guards. Typically, physical security is based on the notion of establishing security zones or concentric areas within a facility that require increased security as you get closer to the valuable assets inside the facility. Security zones are the physical representation of the defense-in-depth principle discussed earlier in this chapter. Typically, security zones are associated with rooms, offices, floors, or smaller elements, such as a cabinet or storage locker. The design of the physical security controls within the facility must take into account the protection of the asset as well as the individuals working in that area. For example, the fire control and suppression systems must account for the health safety of personnel in potential fire zones. One must consider fires, floods, explosions, civil unrest, or other man-made or natural disasters when planning the physical layout of a facility. Emergency strategies must be included in the physical controls to accommodate the safe exiting of personnel and adherence to safety standards or regulations. Adequate exits and emergency evacuation routes must be available in all areas and sensitive areas or information must be able to be secured quickly in case those areas must be evacuated. Human safety is the priority in all decisions of physical security. Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1312-1323). Auerbach Publications. Kindle Edition. Clement Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1301-1303). Auerbach Publications. Kindle Edition. Clement Dupuis, CD
Chief Learning Officer (CLO) and Security Evangelist GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE, + 12 others SecureNinja Office : +703 535 8600 Mobile: +1 407 433 6444 Email: [hidden email] Web: www.secureninja.com Connect with me on LinkedIn | Follow me on Twitter Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter 901 N. Pitt Street, Suite 105 Alexandria, VA 22314 Description: Description: sn_logo In Cyberspace: [hidden email] Clement Dupuis, CD President/Founder/Chief Security Evangelist The CCCure Family of Portals ---------------------------------------------------------------------------------------------- Maintainer of : The CCCure Quiz Engine https://www.freepracticetests.org/quiz/index.php?page=home The CCCure Family of Portals http://www.cccure.org The Professional Security Testers Warehouse http://www.professionalsecuritytesters.org/ Knowledge sharing and giving back to the community ------------------------------------------------------------------------------------------------------- >> Call me to get the best CISSP, Security+, or other Security related training << ------------------------------------------------------------------------------------------------------- On Wed, Feb 26, 2014 at 10:40 PM, Surya <[hidden email]> wrote:
_______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner CLO @ SecureNinja.Com |
Free forum by Nabble | Edit this page |