170 likes | 476 Views
SECURITY CONCEPTS. An Holistic Approach By Gp Capt JN Rampal, VSM (Retd). AGENDA. Introduction Security : Definition Security : Functional View Security : Must Have Attributes Security : Rules for Cogent Design Security : Practices for Cogent Design Security : Summary Conclusion.
E N D
SECURITY CONCEPTS An Holistic Approach By Gp Capt JN Rampal, VSM (Retd)
AGENDA • Introduction • Security : Definition • Security : Functional View • Security : Must Have Attributes • Security : Rules for Cogent Design • Security : Practices for Cogent Design • Security : Summary • Conclusion
Introduction The First Thoughts A security solution or implementation is specific to • A situation • The space of interaction • The time window • The threat characterization • subject set (assets to be secured). So, do we develop a specific solutions for each of the threats/subject scenarios and situations. ???
Introduction The First Thoughts • Is it possible to think of “Security” as a process which has a cogent structure of a generic solution and can be tailored to these various threat/subject combinations. Answer, mercifully is, “challenging but possible”
Introduction The First Thoughts • So let us study what generic characteristics a security system should have. And how we can architect & configure security systems to apply to various scenarios.
Security : Sample Definitions • Security is a service that provides a safe environment for people and assets to be deployed on productive activities. or • Security is a system combining sensors, processes and management systems, which allow an environment from being disrupted by undesirable and inimical forces. or • Security is a system comprising of hardware and software that provides business processes safety from interruption by unwanted actions.
Security : A Realistic Definition • Security is all of these and a little more. • Security is an embedded part of the business process that keeps warding off disruptive influences on all facets of the business process, without being unduly visible or obtrusive. • Security may comprise of hardware, software, process framework and in most cases be an intrinsic sub-set of business process definition.
Security : Functional View • Always awake—MUST be 24*7. • Relation with Main business: MUST relate to everybody’s day to day work. • Universal Coverage: make all stakeholders safe • Involve All— members of the organization. • Constant Focus— MUST keep higher level focus & not be a plethora of micro level exercises. • Training— Security practices MUST be disseminated to all.
Security : Must Have Attributes • Security Systems : Must be • Simple in concept. • Modular and non-intrusive architecture. • Compatible and harmonized with the existing Operations management systems. • The burden of sophistication of security system components should be predominantly borne by the security specialists • Cost effective
Security : Rules for Cogent Design • Rule of Least priviledge • Rule of change • Rule of trust • Rule of weakest link • Rule of separation • Rule of Three fold process • Rule of preventive action (Proactive security) • Rule of immediate and proper response.
Security : Practices for Cogent Design • Zoning • Control Points • Layering • Data reduction • Ascertaining relationships • Dividing responsibilities • Failing securely
Security : Summary (1/3) The security systems must have macro features, which allow the security system to be cogent, consistent and effective. The features also serve as health indicator for the system efficacy.
Security : Summary (2/3) To keep the system simple, yet slim and effective, there are rules to be followed while implementing, usage or update of the system.
Security : Summary (3/3) The best practices can help us fine-tune the system to relate more to the real world and its various nuances. It modulates the process definition and procedures with non technical and behavioral aspects and hence increases efficacy of system operation.
Conclusion This presentation takes a birds eye view of the security concept and various macro level issues involved in implementation of such systems. The best solutions are simple, follow some basic principles and are guided by some standard practices .
Bissaj Advance Technologies can help you in, • Ascertaining your security requirements, present and evolving. • Present security solutions and architectures. • Help institutionalizing security processes and systems for your organization.