ISOL 631 - Operations Security: Reflection Report Analysis

Verified

Added on 2022/10/04

AI Summary

This report reflects on the practical implementation of operations security theories in a working environment. The student, having taken the ISOL 631 course at the University of Cumberlands, discusses the importance of a robust security framework, including policies, guidelines, and procedures. The report emphasizes the need for continual policy review, reducing downtime with redundant systems, and proper disposal techniques. Key areas of focus include change management, access control, and system hardening. The student highlights the application of AAA authentication, dual control, and automation to minimize human error. Additionally, the report covers disaster recovery planning and risk management to mitigate threats. The student also provides a detailed analysis of how various theories and skills learned in the course, such as change management, access control, and incident response, can be deployed in a professional setting to ensure a secure operational environment. The report concludes with a bibliography of relevant academic sources.

Running head: OPERATIONS SECURITY
Operations Security
Name of the student:
Name of the university:
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1OPERATIONS SECURITY
Reflection of how theories, skills and knowledge of “operations security” could
be implemented to the working environment practically:
As an employee hired in any business, I must first understand that the security operations are
the daily aces and the security of the system resources. It indicates that there should be a suitable
framework comprising of adequate policies, guidelines, procedures and standards for the support and
core services of the firm. I must make a continual review of the policies and assure that they are
updated and relevant. Here, the challenging area for the operation staff is to deliver greater
availability. With the help of redundant, clustering and RAID solutions, I can help the business to
reduce the downtime. It is irrespective of the fact that the concerns are the outcomes of malicious
attacks and just a power failure. Also, I must keep in mind that one of the primary areas of the
security operation is the disposal technique and appropriate storage. It is a part of the normal
operation process. Apart from this, the change management, configuration management and system
hardening are various liabilities of the operations also. Again, the activities within core services also
include the testing of penetration, assessments of vulnerabilities and deployment of IPS/IDS
controls. This is to deliver the extra layer of the network assurances.
For the comprehensive program of the operational security, some of the knowledge or skills
learnt in course can be deployed during my professional days. Firstly, one must learn the deployment
of the precise process of change management. This indicates that the staffs can follow as the changes
in the network are performed. Every move must be controlled and logged such that it can be audited
or monitored. Next, I must restrict access to network devices. This is through using the skills of
AAA authentication learnt. I must also urge my management to provide myself with the minimum
access needed to perform my tasks. They must apply the principle of the least privilege. Next, dual
control can be implemented in my company. I should assure that those who will be working on the

2OPERATIONS SECURITY
networks are never the same ones who are in charge of the organization’s security. Further, I should
be automating activities for reducing the necessities for any sort of human intervention. I have
understood that human beings are the weakest connections for the initiatives of any business’
operational security. This is because they make the mistakes, forget things, bypass process and
overlook details. From the various theories learnt related to operations security, I must make active
disaster recovery and incident response planning. This is an essential component of the posture of
sound security. Though the measures of the operational security are robust, I must keep a plan for
determining risks, react to them and then mitigate the probable damages.
Finally, I must also keep in mind that efficient risk management must be there to determine
vulnerabilities and threats prior they turn out to be critical issues. It forces the managers for driving
deeply into the activities and find out where the data is easily breached.

3OPERATIONS SECURITY
Bibliography:
Brotby, W. K., & Hinson, G. (2016). Pragmatic security metrics: applying metametrics to
information security. Auerbach Publications.
McCrie, R. (2015). Security operations management. Butterworth-Heinemann.
McIlwraith, A. (2016). Information security and employee behaviour: how to reduce risk through
employee education, training and awareness. Routledge.
Schinagl, S., Schoon, K., & Paans, R. (2015, January). A framework for designing a Security
Operations Centre (SOC). In 2015 48th Hawaii International Conference on System Sciences
(pp. 2253-2262). IEEE.