IS operations- day to day operations that keep things up and running.

Asset Identification management – everything the company owns.

 Hardware
 Firmware – hardcoded/embedded built-in software – device brain, helps the device start up,
perform its functions, and communicate with other software
 Os
 Runtime envs
 Apps
 Individual libraries

Managed by an Asset management system/application – enterprise wide

Patches. – Critical arms race

Patch all diff component/levels of a systems – top to bottom

Patching Process
Process & Infrastructure must be in place to get
patches in; a team or an assess identification tool.

1. Scans the environment - make sure getting

everything that needs to be patched, all the
components, assets, and all the different
versions of patches in place.
2. Research – identify new patched, see what’s
missing, get them from trusted sources
3. Test – test environment setup. Follow
change management process/strategy. Test
and then Roll Out
4. Mitigation - Follow mitigation
process/strategy. Roll back if production
issues/problems
5. Deployment – less sensitive systems first,
work way to most important. Rollout should
be automated/scheduled.
6. Log & Validate – log activities. Rescan for vulnerabilities.

Patching Problems
- Can create new vulnerabilities
- Production interruptions
- Not enough testing or rollback process in place.
- Out of date asset management – you miss stuff
- Admin work load is already heavy and patches are time sensitive. Should be done immediately
Configuration Management - CMDB
Management logical description – the settings of the systems. Configuration of the IT environment

It all should be kept in Configuration Management Database; a CMDB. ITIL is all about putting stuff into
the CMDB. All documentations and config files should be recorded in there.

Change Management - Managing changes to your configuration.

Configuration Management establishes a baseline –> any changes to that config must go through a
formal process: change management process – documented steps approving those changes.

Release Management – change controls for production software

Only authorized versions get released to production

Enterprise Monitoring
Network/SOC – Network or security operation center do the following:

- Event logging
- Traffic monitoring
- Security monitoring
- Vulnerability, pen testing

Problem management – dealing with problems

Root cause analysis – underlying cause of the problem – no band aid, we want a fix.
Causal Factor – anything that causes and undesirable event – the trigger – server crashed.
Root Cause – what caused the crash.

Incident Handling - policies and

procedures must be in place.
Incident vs event – an incident is when 1 or
more events is a bad thing.

- Steps to follow once incident is

discovered must be in place.
- Escalation process must be in place –
how to handle the bad thing
- Get back up and running in the least
impacted way – minimal impact to
business processes.

IH Process

1. Notification & identification – that

something happened.
 2. Investigation – figure out who and what and severity. Big hacker or clueless Bob.
3. Containment – plug the plug?
4. Analysis – what happened, what systems are effected, is there rouge software running –
malware
5. Track it back – to original source
6. Repair and Recovery – fix things and put band aids in
7. Prevention – lessons learned, check and balances, document how to prevent.

Help Desk/Support – end user issues, technical/operational

Tiered system

- Tier 1 – pleb
- Tier 2 – more knowledgeable/skilled , remote desktop
- Tier 3 - highest tier- talking to an actually developer of a system - the guy who writes the
firmware

Staggered approach. The lower skilled maybe outsourced. Then you get into the higher tiers, higher
skilled, more expensive, support folks.

IT Service Management - IT shop approach

All IT operations are a service. All departments in the ORG are customers to the IT shop hwihc is a
service provider. The departments are the customers/ clients.

- Service delivery – network services, email system, HR system, ERM, etc.

- Service support – the support for those systems

Focus on efficient and effective service delivery

IT Service Management Frameworks

ITIL – IT Infrastructure Library

- Service delivery best practices for managing and delivering IT services within an organization.
Biggest one. A toolbox for managing IT services
- 4 parts: Service Design, Service Transition, Service Operation, Continual Service Improvement.

ISO 20000-1:2011

- Plan-do-check-act PDCA methodology – circular approach.

Information lifecycle Management

 1. Acquisition – external source or you create it yourself
2. Data Classification / Marking - ** classify the data, assign a classification level, what bucket and
the label. Provide CIA tirade.
3. Use / Archival – where it is used – the riskiest phase. Must be available to *only* the right
people. Provide CIA tirade.
- Back up: in use currently
- Archival: no longer in use.
4. Destruction – delete in a secure way.
- Zeroization, multiple overwrite, degaussing(strong magnetic destruction), physical
destruction/shredding

Auditing Information lifecycle Management

Does the ORG?

- Have a data classification policy? Are they following it?

- Controls in place to protect CIA tirade
- Can you test those controls
- ** Same security should be in place Archival Content and archival tools(encryption, MFA)
- Secure destruction tools and process. Is it actually deleting properly.

Backup Types
Full – everything. Fastest to restore but longest to preform backup.

Incremental – all files that changed since last backup (any backup). Restore in order. Increment 1, then
2, then 3 for full restore.

Differential – all changes since last full back up. Restore the last full backup, and the very last differential
backup.

* Single Points of Failure – how to mitigate

Redundancy and Fault Tolerance tools
- Disk mirroring
- Disk Duplexing
- Redundant Servers
- RAID RAIT - multiple disks
- Clustering – multiple servers
- Redundant Power

Network Redundancy
Backup paths or alternative routes for network access

- Redundant Network Links

- Redundant Network Paths for Wireless Access Points
- multiple internet service providers (ISPs)
- Redundant Data Centers
 - Redundant Virtualization Hosts

*Device Configuration Files

*When a network loses power configuration may go back to default settings.

Should be backed up and securely via SSH

Administering Systems Remotely

Should not be taking place in cleartext (telnet), where the data transmitted over a Telnet connection is
not encrypted or secured in any way.

- Anyone with access to the network traffic between your local device and the remote server can
easily intercept and read the data.

Secure Shell (SSH) have become the standard for remotely accessing devices and servers. It provides
encryption and authentication, making it much more secure than Telnet for remote access.- or secure
VPN.

Add MFA or token or certificate