Domain 7 - Index

# Domain 7 - Index Domain 7 focuses on operating secure environments day-to-day: monitoring, incident response, continuity, recovery, and operational controls that keep systems resilient and auditable. ## Concepts 1. [[Security Operations Center (SOC) Fundamentals]] 2. [[Logging Strategy and SIEM Use Cases]] 3. [[Log Integrity Time Sync and Retention]] 4. [[Use Case and Detection Engineering Lifecycle]] 5. [[Intrusion Detection and Prevention (NIDS NIPS HIDS HIPS)]] 6. [[Endpoint Hardening and Baselines (Servers and Workstations)]] 7. [[Patch and Vulnerability Remediation Operations]] 8. [[Change Management and CAB]] 9. [[Configuration Management and Drift Control]] 10. [[Secure Administration and Out-of-Band (OOB) Access]] 11. [[Network Segmentation and NAC]] 12. [[Email Security Operations (SPF DKIM DMARC Sandboxing)]] 13. [[DDoS Mitigation and Resilience]] 14. [[Incident Response Lifecycle (NIST-Style)]] 15. [[Incident Classification Severity and SLAs]] 16. [[Playbooks and SOAR Automation]] 17. [[Threat Hunting Program Basics]] 18. [[Malware Analysis Triage and Containment]] 19. [[Digital Forensics in Operations (Triage First Response)]] 20. [[Backup Strategies (Full Incremental Differential Synthetic)]] 21. [[Restore Testing and Recovery Procedures]] 22. [[Disaster Recovery Strategies (RTO RPO Hot Warm Cold)]] 23. [[Business Continuity Operations and Crisis Communications]] 24. [[Data Destruction and Media Sanitization]] 25. [[Physical Security Operations (Perimeter Facility DC)]] 26. [[Fire Suppression and Safety in Data Centers]] 27. [[Power UPS Generators and Environmental Controls]] 28. [[Third-Party Operational Risk and Managed Services]] 29. [[Fraud Deterrence Job Rotation and Mandatory Vacations]] 30. [[Operational Metrics and KPIs (MTTD MTTR Coverage)]] 31. [[eDiscovery and Legal Hold Operations]] 32. [[Insider Threat Operations (UAM DTEX UEBA)]] 33. [[Vulnerability Exceptions and Risk Acceptance Process]] 34. [[Endpoint Isolation and Containment Procedures]] 35. [[Zero Trust Operations (Continuous Verification)]] 36. [[Cloud SOC Operations (CSPM CWPP CIEM)]] 37. [[IR Communications and Stakeholder Notifications]] 38. [[SaaS Service Continuity and Admin Operations]] 39. [[OT ICS Operations Security (Segmentation and Safety)]] 40. [[PKI Operations (CA CRL OCSP Key Escrow)]] 41. [[Certificate and Key Management Operations]] 42. [[DNS Security Operations (Logging RPZ DNSSEC)]] 43. [[Secure Web Gateway and Proxy Operations]] 44. [[File Integrity Monitoring (FIM) Operations]] 45. [[Mobile Device and MDM Operations]] 46. [[Secrets Scanning and SDLC Leak Response]] 47. [[Vulnerability Disclosure and Bug Bounty Handling]] 48. [[Remote Access Operations (VPN ZTNA Bastions)]] 49. [[Supply Chain Operational Monitoring (SaaS and Third Parties)]] 50. [[Container and Runtime Security Operations]] 51. [[Knowledge Management and Runbook Maintenance]] 52. [[Time Synchronization and NTP Security]] 53. [[Case Management and Ticketing Best Practices]] 54. [[Threat Intelligence Operations and TIP Usage]] 55. [[Data Retention Schedules and Records Management]] 56. [[Service Level Objectives (SLOs) for Operations]] 57. [[Break-Glass Access Testing and Governance]] 58. [[Endpoint Application Allowlisting Operations]] 59. [[Shadow IT Discovery and Control Operations]] > Also see: [[MOC - CISSP]]