The operations security domain addresses the day-to-day activities that are needed to keep things running and operating securely. This domain introduces you to concepts that apply to daily activities such as how to respond to attacks, how to ensure good administrative management and control, how to handle violations, and how to establish a threshold to determine what a notable violation is. Violations to operational security aren't always maliciousthings break and accidents happen. Therefore, operational security must also be prepared to deal with these occurrences.
Students preparing for the ISC2 Certified Information Systems Security Professional exam and those reviewing the operational security domain must know what resources should be protected, the principles of good practice, methods to restrict access, the potential abuse of access, what are considered appropriate controls, and how to respond to attacks.