CISSP Mastery
All domains
Domain 713% of exam

Security Operations

15 lessons ~6h

0%
0/15

The day-to-day defense of the enterprise — the broadest domain by objective count. Investigations and forensics, logging/monitoring (SIEM, UEBA, threat intel), foundational ops concepts, incident management, detective/preventive tooling, patch and change management, and the full DR/BCP execution and testing cycle, plus physical and personnel safety.

Start studying Practice this domain

Recommended reading

Official Study Guide (Sybex) 10eCh. 16–19Eleventh Hour CISSPDomain 7

Lessons

  1. 7.1

    Understand and comply with investigations

    Run defensible investigations: proper evidence collection/handling (chain of custody), documentation, investigative technique, and digital forensics across data, hosts, network, and mobile artifacts.

    ~30 min

  2. 7.2

    Conduct logging and monitoring activities

    Detect and hunt: IDPS, SIEM, continuous monitoring/tuning, egress monitoring, log management, threat intelligence (feeds, hunting), and UEBA.

    ~35 min

  3. 7.3

    Perform configuration management (CM)

    Control system state with provisioning, baselining, and automation to prevent drift and unauthorized change.

    ~20 min

  4. 7.4

    Apply foundational security operations concepts

    The bedrock controls: need-to-know/least privilege, separation of duties, privileged account management, job rotation, and SLAs.

    ~30 min

  5. 7.5

    Apply resource protection

    Protect media and data: media management and protection techniques, plus data at rest and in transit safeguards.

    ~20 min

  6. 7.6

    Conduct incident management

    Memorize the incident response lifecycle in order: Detection → Response → Mitigation → Reporting → Recovery → Remediation → Lessons Learned.

    ~35 min

  7. 7.7

    Operate and maintain detection and preventative measures

    Know the tooling and its placement: next-gen/WAF/network firewalls, IDS/IPS, allow/deny-listing, sandboxing, honeypots/honeynets, anti-malware, ML/AI-based tools, and third-party security services.

    ~35 min

  8. 7.8

    Implement and support patch and vulnerability management

    Run a disciplined cycle: discover, prioritize, test, deploy, and verify patches to close known vulnerabilities.

    ~20 min

  9. 7.9

    Understand and participate in change management

    Formal change control (request → review/approve → test → implement → document) prevents unmanaged risk and supports rollback.

    ~15 min

  10. 7.10

    Implement recovery strategies

    Design resilience: backup strategies (full/incremental/differential; on/off-site/cloud), recovery sites (hot/warm/cold), multiple processing sites, and HA/QoS/fault tolerance.

    ~35 min

  11. 7.11

    Implement disaster recovery (DR) processes

    Execute the DR plan: response, personnel, communications, assessment, restoration, training/awareness, and lessons learned.

    ~25 min

  12. 7.12

    Test disaster recovery plans (DRP)

    Know the test types from least to most disruptive: read-through/tabletop → walkthrough → simulation → parallel → full interruption.

    ~25 min

  13. 7.13

    Participate in Business Continuity (BC) planning and exercises

    Operations contributes to BC planning and regular exercises that keep continuity capability current.

    ~15 min

  14. 7.14

    Implement and manage physical security

    Layer perimeter controls (fences, gates, bollards, lighting, guards, CCTV) with internal controls (locks, mantraps, badges).

    ~25 min

  15. 7.15

    Address personnel safety and security concerns

    People come first: travel safety, security training/awareness (insider threat, social media, MFA fatigue), emergency management, and duress signaling.

    ~20 min