Troubleshooting should include the following:
- Unencrypted credentials/clear text
- Logs and events anomalies
- Permission issues
- Access violations
- Certificate issues
- Data exfiltration
- Misconfigured devices
- Firewall
- Content filter
- Access points
- Weak security configurations
- Personnel issues
- Policy violation
- Insider threat
- Social engineering
- Social media
- Personal email
- Unauthorized software
- Baseline deviation
- License compliance violation (availability/integrity)
- Asset management
- Authentication issues
Process/Skill Questions:
- What logs can be evaluated for security issues?
- Where would one locate evidence of an access violation?
- Why must a security portal with a mantrap still be supervised or observed by security personnel?