1 / 90

Research in: Security Planning and Auditing

Research in: Security Planning and Auditing. Bel G Raggad Seidenberg School of CS & IS. Outline. 1. Security Planning 2. Security Risk Assessment 3. Security Taxonomy 4. Security Auditing 5. Risk-Driven Security Program 6. Security Standards 7. Biometrics. Security Planning.

italia
Download Presentation

Research in: Security Planning and Auditing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research in:Security Planning and Auditing Bel G Raggad Seidenberg School of CS & IS

  2. Outline 1. Security Planning2. Security Risk Assessment3. Security Taxonomy4. Security Auditing5. Risk-Driven Security Program6. Security Standards7. Biometrics

  3. SecurityPlanning

  4. Purpose of Security Plan: · Provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements; and · Delineate responsibilities and expected behavior of all individuals who access the system.

  5. (Input) (Process) (Output = a book) Major Application SecurityPlan Security Planning General Support System (Tools) Raggad SP Methodology StrategicSecurityDefinition StrategicSecurityAnalysis StrategicSecurityDesign StrategicSecurityChoice StrategicSecurityReview

  6. Chapter 1: Introduction for MA or GSS Chapter 2: System Definition for MA or GSS • 2.1 Plan Control • 2.2 System Identification2.2.1 System Name/Title • 2.2.2 Responsible Organization • 2.2.3 Information Contact(s) • 2.2.4 Assignment of Security Responsibility2.3 System Operational Status • 2.4 General Description/Purpose • 2.5 System Environment • 2.6 System Interconnection/Information Sharing • 2.7 Sensitivity of Information Handled 2.7.1 Laws, Regulations, and Policies Affecting the System • 2.7.2 General Description of Sensitivity 1.1 Background 1.2 Purpose of Security Plan 1.3 System Boundaries 1.4 Multiple Similar Systems 1.5 System Category 1.6 Major Applications 1.7 General Support System

  7. Chapter 3: Management Controls for MA or GSS • 3.1 Risk Assessment and Management • 3.2 Review of Security Controls • 3.3 Rules of Behavior • 3.4 Planning for Security in the Life Cycle • 3.4.1 Initiation Phase • 3.4.2 Development/Acquisition Phase • 3.4.3 Implementation Phase • 3.4.4 Operation/Maintenance Phase • 3.4.5 Disposal Phase • 3.5 Authorize Processing

  8. Chapter 4 Operational Controls for MA Operational Controls for GSS 4.GSS.1 Personnel Security 4.GSS.2 Physical and Environmental Protection 4.GSS.3 Production, Input/Output Controls 4.GSS.4 Contingency Planning 4.GSS.5 Hardware and System Software Maintenance Controls 4.GSS.6 Integrity Controls 4.GSS.7 Documentation 4.GSS.8 Security Awareness and Training 4.GSS.9 Incident Response Capability 4.MA.1 Personnel Security 4.MA.2 Physical and Environmental Protection 4.MA.3 Production, Input/Output Controls 4.MA.4 Contingency Planning 4.MA.5 Application Software Maintenance Controls 4.MA.6 Data Integrity/Validation Controls 4.MA.7 Documentation 4.MA.8 Security Awareness and Training

  9. Chapter 5 Technical Controls for MA Technical Controls for GSS • 5.MA.1 Identification and Authentication • 5.MA.1.1 Identification • 5.MA.1.2 Authentication • 5.MA.2 Logical Access Controls 5.MA.3 Public Access Controls • 5.MA.4 Audit Trails • 5.GSS.1 Identification and Authentication • 5.GSS.1.1 Identification • 5.GSS.1.2 Authentication • 5.GSS.2 Logical Access Controls5.GSS.3 Audit Trails

  10. Chapter 6 for MA or GSS 6.1 Periodic Reviews 6.2 Monitoring the SP Progress

  11. SP Methodology 1. Strategic Security Definition 2. Strategic Security Analysis 3. Strategic Security Design 4. Strategic Security Choice 5. Strategic Security Review

  12. SP is a book of 6 Chapters Chapter 5: TechnicalControls (3/4 sections) Chapter 1: Introduction/Executive Summary (1 section) Chapter 2: System Definition (10 sections) Chapter 3: ManagerialControls (3 sections) Chapter 4: OperationalControls (8 sections) Chapter 6: Conclusions (1 section) 5.StrategicReviewPhase 2.StrategicAnalysisPhase 1.StrategicDefinitionPhase 3.StrategicDesignPhase 4.StrategicChoicePhase

  13. Strategic Security Definition -Security plan certification and acceptance page;-Security plan document handling/control;-Date of study;-Responsible organization; -Information contacts.-System name/title;-System category;-General description and purpose;-System environment and special considerations; and-Systems interconnections and information sharing.

  14. Strategic Security Design Restructuring -Reorganization -Process reengineering Security control measures -Management controls -Operational controls -Technical controls

  15. Management Controls -Administration controls: ■Assignment of Security Responsibility ■Personnel security -Development/Implementation controls: ■ Authorization of Processing ■Security Specifications ■Acquisition Specifications ■Design Review and Testing

  16. Operational Controls -Physical and Environmental Protection -Production -Hardware and System Software Maintenance Controls -Security Awareness and Training -Documentation -Contingency Plan -Audit and Variance Detection

  17. Technical Controls -User Identification and Authentication --Identification --Authentication -Authorization/Access Controls --Logical access controls --Dial-In Access --Wide Area Networks --Screen Warning Banners (SWB) -Public Access Controls -Data Integrity/Validation Controls --Malicious Programs --Virus Protection --Message Authentication --Integrity Verification --Reconciliation --Digital Signature -Audit Trail Mechanisms -Confidentiality Controls -Incident Response Capability

  18. Strategic Security Choice -The security plan phases performed so far may produce different versions of a security plan -SPW meets with system owners and the security admin to review new organizational changes, new security policy additions, new security change requests before presenting the prevailing versions of the completed security plan. -The purpose of the strategic security choice is to make sure that all recommendations included in the final version of the security plan is the most appropriate possible -System owners have to approve all security controls adopted in the security plan

  19. Security Strategic Review The purpose of the strategic review is to ensure that the system or application behaves according to the Design Manual containing the security solutions included in the security plan.

  20. Strategic Security Review -Life cycle: set arbitrarily to 3 years. -System owners have periodically evaluate risks -System owners have to periodically evaluate the validity of security controls included in the security plan -Any change in the security risks or in the security controls, corrective actions should be applied. -Security controls become invalid or lose efficiency or effectiveness when an organizational change takes place, when a new technology emerges, when security policies change, etc. -Methodology proposes a security deficiency indicator called the security corrective score that should be periodically computed. If the security corrective score goes below a prescribed threshold, for example 0.4, the security plan should be revised.

  21. Research in Risk Methodology

  22. Security Risk Model

  23. Layer T Threat Relative Security Layer S Vulnerabilities Layer V Layer A Affected Asset Damage RS4: unsecured Asset

  24. Layer T Threat Relative Security Layer S No Vulnerabilities Layer V Layer A Affected Asset No Damage RS4: Secure Asset

  25. Equation (T,S,V,B)? Business value Threat Vulnerability Security Basic Risk (S=0) ? Residual Risk (S>0)

  26. t =.5 Layer T Threat T Relative SecurityS=.8 Layer S V =.2 VulnerabilitiesV=.2 Layer V Layer A Damage Risk=$400? A B=$20,000 Risk to loose $400?

  27. t =.8 Layer T Threat T Relative SecurityS=.2 Layer S V =.2 VulnerabilitiesV=.9 Layer V Layer A Damage Risk=$11,520 A B=$20,000 Risk to loose $11,520

  28. Prob that threat would take place. t =.5 Layer T T Relative Security S=0 V2=.6 V2=.4 Layer S V3=.3 V4=.5 Prob that threat has effect on asset T given threat T has taken place. V1=.2 Layer V V=(v1+v2+v3+v4+v5)//5=.4 Layer A Expected loss of asset A due to threat =4,000 A B=$20,000 Risk to loose $4,000

  29. Prob that threat would take place. t =.5 Layer T T Relative Security S=(.8,.6,.0,1.0,.6) S5=.6 S2=.6 Layer S S3=.0 S4=1 Prob that threat has effect on asset T given threat T has taken place. S1=.8 Layer V Layer A Expected loss of asset A due to threat T= $1,480 A B=$20,000 Risk in $: $1,480

  30. Mathematical Model

  31. Vulnerabilities Assets v11’(1-s11) L11 ζ1 Asset Economic weights A1 T w1 ζn v1n’(1-s1n) L1n All Assets Vj1’(1-sj1) Lj1 ζ1 wj R[Ω] T Aj ζn vjn’(1-sjn) Ljn Enterprise Risk Any exclusive threat T vm1’(1-sm1) Lm1 wm ζ1 Am T Probabilitiesof exclusivethreats ζn vmn’(1-smn) Lmn vij’=Transpose vector of Asset Aj’s vulnerabilities associated with Threat Ti. SecurityControls Business Loss due to Threat*Vulnerability

  32. Security Taxonomy & Policy Flow Diagram

  33. The Vital Defense Strategy: Raggad’s Taxonomy

  34. 3 Discrimination Parameters:-SECURITY DISRUPTION-ACTING ENTITY-ATTACK MODEL

  35. 3 SECURITY DISRUPTIONS: (F. COHEN, 1995)-INFORMATION LEAKAGE-INFORMATION CORRUPTION-INFORMATION/SERVICE DENIAL

  36. 5 ACTING ENTITIES:(Whitten, Bentley, and Barlow, 1996)-PEOPLE-ACTIVITY-NETWORK-TECHNOLOGY-DATA

  37. 4 ATTACK MODELS:-PROBE MODEL-AUTHORIZED ACCESS MODEL-FACTORY MODEL-INFRASTRUCTURE MODEL

  38. DISRUPTION * ENTITY * MODEL60 TYPES of SECURITY INFORMATION SYSTEMS

  39. Disraption C L D 60 types of SISs A D N P T ENTITY IN, P, D How can People evoke an Infras attack and produce a DoS? AA FA IN PR Attack Model

  40. Linking Security Taxonomy to IDS?

  41. IDS Response: 1. IDS processing; 2. IDS monitoring; 3. IDS timing; 4. IDS analysis; 5. IDS distribution; 6. IDS embedding What SISs should be invoked? IDS Engine

  42. Linking Security Taxonomy to Policy?

  43. First-order policy flow context diagram

  44. Linking Security Taxonomy to Security Strategy?

  45. Phases for a security strategy Phase 1: Define a security strategy Phase 2: Develop security policy and controls

  46. Modified Benson’s methodology for defining a security strategy (MBSS) • Objective: help security professionals develop a strategy to protect the availability, integrity, and confidentiality of data in organization's information technology (IT) system. • Players: information resource managers, computer security officials, administrators, and policy staff. • Risks reduced: systematic approach to: • Establish contingency plans in case of a disaster. • Eliminate user errors and malicious and non-malicious attacks. • Detect and prevent from attackers who can gain access to the system and disrupt services, render systems useless, or alter, delete, or steal information.

  47. The process of MBSS Security administrators and management: • Decide how much time, money, and effort needs to be spent in order to develop the appropriate security policies and controls. • Analyze company’s specific needs and determine its resource and scheduling requirements and constraints. • Not a one-time activity: a security strategy can save the organization valuable time and provide important reminders of what needs to be done, but it is not a one-time activity. • An integral part of the system lifecycle: periodic updating or appropriate revision are needed, and when changes in configurations and other conditions and circumstances take place. • An iterative process: It is never finished and should be revised and tested periodically.

  48. MBSS: steps for a security strategy • Steps in defining a security strategy: • Reviewing current security policies • Identifying Assets and Vulnerabilities to Known Threats • Identifying Likely Attack Methods, Tools, and Techniques • Establishing Proactive and Reactive Strategies • Testing

  49. Review of current policies • Need for a strategy: to determine the vulnerabilities current security policies and controls that guard them. • Current status of security policy: Need to identify areas of deficiencies in the policies and examine all existing documents as: • Physical computer security policies such as physical access controls. • Network security policies (for example, e-mail and Internet policies). • Data security policies (access control and integrity controls). • Contingency and disaster recovery plans and tests. • Computer security awareness and training. • Computer security management and coordination policies. • Any other document that contains sensitive info, eg., computer BIOS passwords, router configuration passwords, access control documents, and other device management passwords

  50. Identifying Assets and Vulnerabilities to Known Threats • Assessing an organization's security needs: • determining its vulnerabilities to known threats. • recognizing the types of assets that an organization has, which will suggest the types of threats it needs to protect itself against. • Examples of some typical asset/threat situations: • The security admin of a bank knows that the integrity of the bank's information is a critical asset and that fraud, accomplished by compromising this integrity, is a major threat. Fraud can be attempted by inside or outside attackers. • The security admin of a Web site knows that supplying information reliably (data availability) is the site's principal asset. The threat to this information service is a denial of service attack, which is likely to come from an outside attacker.

More Related