1 / 35

Chapter 5

Chapter 5. Maintaining Security of Operations. Objectives. Establish routine security of operation Create a dependable operational security process Ensure operational response to incidents. Security of Operations. A critical part of information assurance lifecycle

denton-vega
Download Presentation

Chapter 5

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 5 Maintaining Security of Operations

  2. Objectives • Establish routine security of operation • Create a dependable operational security process • Ensure operational response to incidents

  3. Security of Operations • A critical part of information assurance lifecycle • Ensures the integrity and performance • Process involves actions such as: • Ensuring that current operating procedures are properly aligned with organization’s security policies • Monitoring performance of assigned security duties to confirm that they correspond to proper processes • Defining and executing operational housekeeping processes to ensure that the security function continues to operate properly

  4. Aims: Aligning Purpose with Practice • Information assurance goals must be satisfied for the organization to be secure • Factors that can affect this process include changes in: • People who use the system or their motivations • Types of systems interconnected with the organization’s systems • Type or sensitivity of data • Way the organization does business or type of business the organization conducts • Rigor and extent of information assurance objectives • Organizational risk model and risk tolerance approach

  5. Aims: Aligning Purpose with Practice • If information assurance goal is not being met • The organization performs a risk assessment/risk mitigation process to decide how to meet it

  6. Threat Response: Keeping the Organization on Its Toes • Threat response is either proactive or reactive • Proactive activities include • Identification of threats and vulnerabilities • Creation, assessment, and optimization of security solutions • Implementation of controls to protect the software and the information • Reactive activities include • Detecting and reacting to external or internal intrusions or security violations in a timely manner

  7. Staying Alert: Elements of the Operational Security Process • Operational security process is composed of principles • These principles represent the primary functions of the operational security process: • Sensing • Analyzing • Responding • Managing

  8. Sensing: Understanding the Threat • Operational sensing is proactive • Must be performed continuously • Implemented and run by defined policies, procedures, tools, and standards • Monitors, tests, and assesses the environment, to detect vulnerabilities and security violations • Identifies and resolves threats as they arise • Reviews monitor and evaluate management and end-user behavior

  9. Sensing: Understanding the Threat • Security assurance requires documentary evidence of: • Feasible information assurance and security perimeter • Overall concept of standard operating procedure • Generic operational testing and review plan • Policies to ensure appropriate response to unexpected incidents • Secure site plan • Business Continuity and Disaster Recovery Plan (BCP/DRP) • Assurance that all are adequately trained in secure operation • Assurance that all are capable of utilizing security functionality relevant to their position in the organization

  10. Analyzing: Making Smart Decisions • A good decision about a given threat requires understanding the consequences and impacts • Threat assessment – understanding the consequences • Impact analysis – evaluating the strategy • Reporting – understanding the alternatives • Authorizing – getting the go-ahead

  11. Responding: Ensuring a Disciplined Response • This function implements the authorized corrective action • Factors that might influence the decision are: • Resource constraints • Difficulty, or unfeasibility of the response required • All threats and vulnerabilities should be tracked and the resulting responses overseen • A defined process is required to ensure that this is done accurately

  12. Managing: Maintaining an Effective Process • All information assurance processes as a routine function have to be: • Planned • Designed • Administered • Maintained • Ensure that effective leadership vision and expertise is exercised at all times • It oversees and coordinates the alignment process to maintain the best response to threats and changes in a dynamically changing situation

  13. Implementation: Setting Up the Security of Operations Process • Security of operations is founded on organization-wide policies, procedures, and countermeasures • Maintains the relevance and effectiveness of the infrastructure • Specifies the approved methods and processes that will be followed to ensure security performance • Should be embedded as part of day-to-day workplace functioning • Operational assessment is critical • Methods and metrics used to track performance must be specified • Certifications must be used to judge proper execution

  14. Operational Planning • A formal security of operations plan is an important baseline document • Acts as a point of reference in the evolution of events and day-to-day management • Operationalizes and coordinates the elements of the security of operations function • Organizes and focuses the effective deployment of resources • Supports the budgeting process • Makes the security objectives explicit • Serves as a mechanism for assessing contractual and regulatory obligations • Organizes technical and management response so that the right set of countermeasures is always in place

  15. Operational Planning • Operational security plan is built and maintained through eight stages

  16. Steps for a Secure Operation • Step 1: document the baseline • Step 2: determine the benchmarks • Step 3: establish a security architecture • Step 4: build awareness • Step 5: deploy supporting technology • Step 6: assess performance • Step 7: specify how corrective action will be taken • Step 8: enforce accountability

  17. Operational Response • Security of operations should ensure that an effective operational response in in place • It resolves problems as they appear • Response is established and maintained by a plan • Plan integrates the sensing, analyzing, and responding principles into a set of procedures that meet the security needs • Pre-defined response ensures that an optimum solution is provided in a timely fashion • Timeliness is underwritten by effective incident reporting

  18. Operational Response • Ensuring effective reporting and response • Formal incident response team (IRT) or operational response team (ORT) • Ensuring timely reports • Provides a description of both the type and estimated impact of the incident • Ensuring timely response • Incident reports should go to a single central coordinator or facilitator for confirmation analysis and subsequent action

  19. Anticipating Potential Incidents • Potential incidents include: • Pre-attack probes • Unauthorized access attempts • Denial of service attempts • Vulnerabilities in the infrastructure • Reports are generic and result from routine data-gathering activity and analysis • Reports also result from analyses performed by the software • Reports are generated by intrusion detection devices • Operational event logging monitors events taking place within the system

  20. Working with Active Incidents • Always require an operational response • Actions are dictated by circumstances requiring: • Applying a technical patch • Reconfiguration, or reinstallation of the system • Change in policy and procedure • Implementation of new enforcement mechanisms • Operational response team: • Contains the harm from an incident and prevents its reoccurrence • Supervises the change to the target system through the configuration management process • Performs the coordination and documentation activities needed

  21. Ensuring Continuing Integrity: Configuration Management • Formal procedure undertaken for change management • Refers to the evolution of change to objects • It is a critical component of security for two reasons: • Predictable day-to-day functioning of systems • Ability to detect unauthorized changes • Maintains the integrity of the items under its control • Allows for the evaluation and performance of management changes • Establishes the integrity of the system

  22. Human-based: ConfigurationManagement • Configuration manager role • Processes all requests for change • Manages the change authorization process • Verifies that the change is complete • Baseline manager role • Identifies, accounts for, and maintains all configuration items with the identification scheme • Establishes a baseline management ledger (BML) • Records all changes and promotions to baselines in this ledger • Maintains libraries associated with it

  23. Human-based: ConfigurationManagement • Verification manager role • Confirms that items in the change management ledger conform to the identification scheme • Verifies that changes have been carried out • Conducts milestone reviews and audits • Status accounting – ensures the continuing correct status of each baseline • Changes at any level in the structure must be maintained at all levels

  24. Human-based: ConfigurationManagement • Configuration management plan • Builds a plan that lists the activities in the configuration management function including: • The procedures to be followed during the configuration management process • The schedule for routine activities • The procedures for performing configuration management activity involving other organizations

  25. Operational Housekeeping • Operational housekeeping – ensures that routine information processing activities are performed securely • Responsible for ensuring that the organization’s information is protected from common threats • Proactive measures such as periodic inspections and compliance audits • Managerial concerns • Ensuring that routine patches and repairs to equipment and facilities are performed

  26. Preparing an Operational Procedure Manual • Every organization has to compile, distribute, and update a procedure manual • Details all required procedures to ensure continuous security of operations • Should contain simple checklists providing clear directions for employees performing routine housekeeping • Should ensure that the required steps are listed along with expected results, and a way to determine those results are accurate • There should be a clear statement of the interrelationship between related procedures

  27. Managing Security Patches • Security patches should be in place so that: • Software can be consistently updated and maintained to close vulnerabilities • They are important safeguards and are a routine part of the security maintenance process • Any operating system security update should be verified, tested, and installed immediately

  28. Back Up Your Data, Back Up Your Job • Backups are important housekeeping functions • Support the recovery function • Are essential prerequisites for business continuity • Support the recovery point objective (RPO) in business continuity planning • Other reasons could include: • Hard drive failure • Serious virus attack or other accidents • Based on a schedule dictated by operational circumstances

  29. Enforcing Personal Security Discipline • Personal security discipline implies that the staff members routinely follow approved security procedures • Steps need to be taken to ensure that routine activities are performed in a continuous and repeatable way • Discipline is the key to ensuring that routine behaviors are performed • Discipline hinges on people understanding the importance of routine security practices • Education, training, and awareness function

  30. Maintaining Your Software • Software must be configured and operate without conflict • Ensure safe and secure operation • Provide essential automated security service • Visible part of the process: • Registry and file system utilities aligned correctly, interacting properly • Running disk cleanups and performing hardware checks • Security utilities • Virus and spyware checkers and spam filters

  31. Making Your Software Behave • Software functionality is difficult to assure since software interactions occur within the computer • Necessary to perform system integrity checks • Assure that the registry files, applications, and system utilities are installed properly and working as designed • Preventive maintenance should be routinely scheduled, coordinated, enforced, and reported through the information assurance function

  32. Watching Your Back • Have a set of operational procedures in place to secure application systems • Procedures include system management responsibilities such as: • Ensuring that security functions are enabled on both user and administrative accounts • Conducting software engineering procedures such as routine operational testing • Including simple processes such as regularly ensuring that passwords are changed • Checking system event logs periodically

  33. Disposing of Assets in a Secure Manner • A critical part of the day-to-day integrity of information is the secure disposal of media • There must be rules for the secure erasure or destruction of electronic storage media • Routine clear out of temporary files and temporary Internet cache files • Use of modern shredders to dispose of paper copies • In the case of especially sensitive material, the use of contracted destruction services • Magnetic storage media such as floppies routinely degaussed or shredded prior to disposal

  34. Locking Down Electronic Office Systems • Ensure that e-mail and office automation systems are tightly controlled • There is a need to develop and formalize a statement of what is and is not acceptable use • This is called an acceptable use policy • Serves as the formal basis for subsequent control

  35. Defining Good Security Practice for an E-Mail System • Defining, communicating, and enforcing good security practice in the daily operation of the e-mail system can prevent most violations • Monitoring of acceptable use is frequently used in larger organizations and can be embedded in a software utility

More Related