Page 1136 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1136
malicious phishing email or by exploiting server vulnerabilities.
Once they exploited a single system, they escalated their privileges
and began performing many common privileged operations
including the following:
Accessing and deleting logs
Creating and manipulating accounts (such as adding new
accounts to the administrators group)
Controlling communication paths (such as opening port 3389
to enable the Remote Desktop Protocol and/or disabling the
host firewall)
Running various scripts (including PowerShell, batch, and
JavaScript files)
Creating and scheduling tasks (such as one that logged their
accounts out after eight hours to mimic the behavior of a
regular user)
Monitoring common privileged operations can detect these
activities early in the attack. In contrast, if the actions go
undetected, the APT can remain embedded in the network for
years.
Managing the Information Lifecycle
Chapter 5, “Protecting Security of Assets,” discusses a variety of
methods for protecting data. Of course, not all data deserves the same
levels of protection. However, an organization will define data
classifications and identify methods that protect the data based on its
classification. An organization defines data classifications and typically
publishes them within a security policy. Some common data
classifications used by governments include Top Secret, Secret,
Confidential, and Unclassified. Civilian classifications include
confidential (or proprietary), private, sensitive, and public.
Security controls protect information throughout its lifecycle.
However, there isn’t a consistent standard used to identify each stage
or phase of a data lifecycle. Some people simplify it to simply cradle to
