====== Domain 7: Security Operations ======

**Intrusion Prevention System (IPS)** - A solution that monitors the environment and **automatically takes action** when it recognizes malicious attempts to gain unauthorized access.

**Intrusion detection system (IDS)** -- A solution that monitors the environment and **automatically recognizes malicious attempts** to gain unauthorized access.

**Least privilege** -- The practice of only granting a user the minimal permissions necessary to perform their explicit job function.

**Uninterruptible power supplies (UPS)**  -- Batteries that provide temporary, immediate power during times when utility service is interrupted.

**Striping**  -- RAID technique; writing a data set across multiple drives

**Parity bits**  --  RAID technique; logical mechanism used to mark striped data; allows recovery of missing drive(s) by pulling data from adjacent drives.

**Need-to-know**  --  Primarily associated with organizations that **assign clearance levels to all users and classification levels to all assets**; restricts users with the same clearance level from sharing information unless they are working on the same effort. Entails compartmentalization.

**Configuration management (CM)**  -- A formal, methodical, comprehensive process for **establishing a baseline** of the IT environment (and each of the assets within that environment).

**Change management** -- A formal, methodical, comprehensive process for **requesting, reviewing, and approving changes** to the baseline of the IT environment.

**Job rotation**  -- The practice of having personnel become familiar with multiple positions within the organization as a means to reduce single points of failure and to better detect insider threats.

**Media**  --  Any object that contains data.

**Separation of duties**  -- The practice of ensuring that no organizational process can be completed by a single person;
forces collusion as a means to reduce insider threats.

**Patch** -- An update/fix for an IT asset.