Suche senden
Hochladen
Jennings it security overview 1 2
•
Als DOC, PDF herunterladen
•
0 gefällt mir
•
547 views
Donald Jennings
Folgen
IT Network Security Engineering Resource
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 41
Jetzt herunterladen
Empfohlen
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian Lee
Ian Lee
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protection
FindWhitePapers
The Economic Impact of File Virtualization
The Economic Impact of File Virtualization
FindWhitePapers
PwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO Reprint
Kim Jensen
Ijnsa050215
Ijnsa050215
IJNSA Journal
Is your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computers
FindWhitePapers
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
Booz Allen Hamilton
Security annual report_mid2010
Security annual report_mid2010
thaiantivirus
Empfohlen
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian Lee
Ian Lee
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protection
FindWhitePapers
The Economic Impact of File Virtualization
The Economic Impact of File Virtualization
FindWhitePapers
PwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO Reprint
Kim Jensen
Ijnsa050215
Ijnsa050215
IJNSA Journal
Is your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computers
FindWhitePapers
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
Booz Allen Hamilton
Security annual report_mid2010
Security annual report_mid2010
thaiantivirus
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
Don Grauel
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection Platforms
FindWhitePapers
Cyber security: challenges for society- literature review
Cyber security: challenges for society- literature review
IOSR Journals
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
Mighty Guides, Inc.
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
Enow Eyong
McNair_Paper_Hill
McNair_Paper_Hill
Dennis Hill
Securing a mobile oriented enterprise
Securing a mobile oriented enterprise
infra-si
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
IJNSA Journal
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Gerry Skipwith
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
CompTIA
IT Security for Oil and Gas Companies
IT Security for Oil and Gas Companies
Richard Cole
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
Lumension
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's Enterprise
ReadWrite
OS17 Brochure
OS17 Brochure
Dominic Vogel
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final
Larry Taylor Ph.D.
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
Kashif Ali
Hybrid Technology
Hybrid Technology
GFI Software
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBM
Rick Bouter
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive Level
Koen Maris
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act Brings
Robert 'Bob' Reyes
Weitere ähnliche Inhalte
Was ist angesagt?
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
Don Grauel
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection Platforms
FindWhitePapers
Cyber security: challenges for society- literature review
Cyber security: challenges for society- literature review
IOSR Journals
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
Mighty Guides, Inc.
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
Enow Eyong
McNair_Paper_Hill
McNair_Paper_Hill
Dennis Hill
Securing a mobile oriented enterprise
Securing a mobile oriented enterprise
infra-si
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
IJNSA Journal
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Gerry Skipwith
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
CompTIA
IT Security for Oil and Gas Companies
IT Security for Oil and Gas Companies
Richard Cole
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
Lumension
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's Enterprise
ReadWrite
OS17 Brochure
OS17 Brochure
Dominic Vogel
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final
Larry Taylor Ph.D.
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
Kashif Ali
Hybrid Technology
Hybrid Technology
GFI Software
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBM
Rick Bouter
Was ist angesagt?
(19)
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection Platforms
Cyber security: challenges for society- literature review
Cyber security: challenges for society- literature review
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
McNair_Paper_Hill
McNair_Paper_Hill
Securing a mobile oriented enterprise
Securing a mobile oriented enterprise
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
IT Security for Oil and Gas Companies
IT Security for Oil and Gas Companies
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's Enterprise
OS17 Brochure
OS17 Brochure
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
Hybrid Technology
Hybrid Technology
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBM
Ähnlich wie Jennings it security overview 1 2
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive Level
Koen Maris
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act Brings
Robert 'Bob' Reyes
Securing the digital economy
Securing the digital economy
accenture
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
accenture
Secure your Space: The Internet of Things
Secure your Space: The Internet of Things
The Security of Things Forum
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
IJNSA Journal
Current topic in it presentation
Current topic in it presentation
Mihreteab F
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
Hansa Edirisinghe
Term assignment
Term assignment
Jenny Shimbashi
Case Study.pdf
Case Study.pdf
DamaineFranklinMScBE
Safeguarding the Enterprise
Safeguarding the Enterprise
ADGP, Public Grivences, Bangalore
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
christiandean12115
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
accenture
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
accenture
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
IT Security - Guidelines
IT Security - Guidelines
Pedro Espinosa
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
Bernard Marr
ID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptx
FahimMuntasir21
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
mistryritesh
Ähnlich wie Jennings it security overview 1 2
(20)
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive Level
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act Brings
Securing the digital economy
Securing the digital economy
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
Secure your Space: The Internet of Things
Secure your Space: The Internet of Things
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
Current topic in it presentation
Current topic in it presentation
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
Term assignment
Term assignment
Case Study.pdf
Case Study.pdf
Safeguarding the Enterprise
Safeguarding the Enterprise
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
IT Security - Guidelines
IT Security - Guidelines
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
ID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptx
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
Kürzlich hochgeladen
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Rick Flair
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Zilliz
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Nathaniel Shimoni
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
BkGupta21
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
HarshalMandlekar2
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
blackmambaettijean
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Kürzlich hochgeladen
(20)
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Jennings it security overview 1 2
1.
Network Security Overview Secure
computing and communications using a Layered Defense Strategy An IT Engineering Resource Version 1.2 D. E Jennings April 2012
2.
CONTENTS: 1.INTRODUCTION:...............................................................................................................................................3 2.HOW WE GOT
TO THIS POINT:.............................................................................................................................3 3.PROTECTING THE COMPANY FROM CYBER CRIME:.................................................................................................4 4.SECURITY PLANS AND POLICIES:........................................................................................................................5 5.SECURITY OPERATIONS:....................................................................................................................................6 6.RISK MANAGEMENT:.......................................................................................................................................9 7.CATEGORIES OF RISK:....................................................................................................................................10 8.PERSONNEL SECURITY:...................................................................................................................................15 9.BUILDING SECURITY:.....................................................................................................................................16 10.ACCESS CONTROL:......................................................................................................................................17 11.TELECOMMUNICATIONS: ...............................................................................................................................20 12.NETWORK SECURITY....................................................................................................................................21 13.ARCHITECTURE............................................................................................................................................25 14.INTRUSION DETECTION SYSTEM (IDS)...........................................................................................................27 15.ELECTRONIC MAIL SECURITY: ......................................................................................................................29 16.DISASTER RECOVERY...................................................................................................................................31 APPENDIX I Security Policy 35 APPENDIX II Vulnerability Assessment 37 APPENDIX III Roles Matrix & Organization Chart 38 APPENDIX IV Typical Network Design 39 © Copyright: April 2012, D. E. Jennings Page 2 of 41
3.
1. Introduction: This document
presents a discussion of concepts, plans and process used to protect the assets and maintain business continuity for a typical small to medium sized company. Although most of the measures discussed here are applicable to the large and extremely companies, these organizations usually have international locations and require additional measures not discussed in this document. The approach taken here differs from the traditional approach and to understand why, it is useful to look very briefly at the history of Corporate Security. Before computer networks security was a physical lockdown kind of thing. It was handled by the same people who managed other physical requirements of the company. Because the primary threat has changed, we believe that Security should now be managed by the Information Technology-Security department. In many companies today there are two departments: Physical security where security guards man the doors and the IT Security department where computer technicians keep the network safe. When there is a split responsibility there is room for a gap. With two departments managing different access lists, and different access procedures, there is the possibility of too much or too little security. Most companies are suffering from this problem. The approach suggested in this paper is to administer a unified policy for all security under one department, i.e. the IT Security department. Therefore they would include physical security in their mandate. At the center of security is an automated Identity Management System. 2. How we got to this point: When corporate computer networks came into existence security did not seem to be an issue. They were very big and very expensive, run by large institutions or the largest corporations only. In the 1980’s, using a “dumb terminal” over dial up phone lines, from home, an employee could access the corporate computing center across the country. It was possible to input data that would be run as a “batch” file overnight and printed at the office in the morning - no passwords involved. The probability of anyone getting in and doing damage was extremely small and they really couldn’t do any damage. Computers were managed by a small group of very highly trained professionals and the knowledge as to what they were doing was not known to the general public. Then Atari and others invented computer game machines. Around that time the personal © Copyright: April 2012, D. E. Jennings Page 3 of 41
4.
computer was invented
and then came dial up bulletin boards. Security was not built into programs and hacking them was easy. Lots of cracked1 commercial software (mostly games) appeared on bulletin boards. This went on for many years with computer cracked software and games passing from one dial-up bulletin board to another. The International community “got it” and computer uses all over world paid literally “$0.0” for quality software and games (and continue to do so). Then the “internet” arrived. The number of “hackers” multiplied… the amount of commercial (software, games, audio files, video, etc.) products being “cracked” is still increasing. Hacking into high profile institutions was and is considered a “badge” of honor and garners great admiration from fellow hackers. The monetary gain incentive is at least as enticing as the “just see if you can do it” incentive.2 A report from the anti-virus company, Norton, said most of us are not secure and the cost of all this in the US alone is over $139 billion dollars a year. 3 So in spite of this background, companies have embraced the use of the internet to conduct business in a big way. The same highway, known well and used by hackers to infiltrate, is used by companies to conduct billions of dollars worth of business daily. Although the benefits outweigh the risks, the risks are still there and must be … mitigated. Although the threats from outside are enormous, the fact of life is that the greatest threat for small businesses is from their own employees. 4 3. Protecting the company from Cyber Crime: As we see in the preceding the type and severity of cyber crime is still evolving. Protecting the company is always a challenge, and IT security departments must keep pace with the changing threats. The size of the company, the location and nature of the facilities, the number of locations and the Information Technology (IT) requirements of each affect the level and type of security required. For example a company that utilizes a mobile sales force will need encrypted laptops and robust secure communications channels to enable sales teams to keep in touch with the office. Also, a company with two geographically separated locations can use the other location as a data backup facility for disaster recovery. A centralized security policy and access control model is a model where all company locations are governed by the same security policy. A decentralized model allows each domain (or location) to control its own security. This may be advisable when there is a wide difference in © Copyright: April 2012, D. E. Jennings Page 4 of 41
5.
requirements from one
location or domain to another. An example: one location must meet Top Secret security requirements, and others may not. For most small to medium companies a centralized policy is more efficient to administer and maintain. This document is not the Security Policy, the Operational Security Plan, or the Business Continuity Plan, but an overview of what goes into these and other documents. 4. Security Plans and Policies: 1. This document: A description of Security Plans and Operations. 2. Security Policy: Senior management’s directives to create an information security program to protect the corporation’s assets, establish security related goals and security measures, as well as target and assign responsibilities.5 The Security Policy contains sections on: Purpose, Scope, Responsibilities and Compliance. It is a high-level statement of management’s intentions about how security should be practiced within the organization. It identifies what actions are acceptable, and what level of risk the company is willing to accept. Reviewed by Security department and Corporate Management for updating every 1 year and approved by Corporate Management. 3. Operational Security Plan.6 This document is the detailed plan that contains instructions for putting the policy into action. It is basically a “manual” on how to get it done. It contains a breakdown of each security measure implemented. Audience: Program Management, IT Management, Program Operations Staff, IT Staff, Auditors. Reviewed by Security department for updating every 6 months, The Operational Security Plan is developed and revised by Security department, and approved Corporate Management. 4. Business Continuity Plan. (BCP) This is a plan to preserve the business activities when faced with disruptions or disasters. The plan includes the identification of real risks, risk assessment, and countermeasure implementation plans. Although many organizations use the phrases Business Continuity Planning or Disaster Recovery Planning interchangeably, they are two distinct disciplines. Though both plans are essential to the effective management of disasters and other disruptive events, their goals are different. The goal of a BCP is for ensuring that the business will continue to operate before, throughout, and after a disaster event is experienced. The focus of a BCP is on the business as a whole, and ensuring that those critical services that © Copyright: April 2012, D. E. Jennings Page 5 of 41
6.
the business provides
or critical functions that the business regularly performs can still be carried out both in the wake of a disruption as well as after the disruption. In order to ensure that the critical business functions are still operable, the plan takes into account the common threats to their critical functions as well as any associated vulnerabilities that might make a disruption more likely. 5. Disaster Recovery Planning (DRP) is considered tactical rather than strategic and provides a means for immediate response to disasters. The DRP can be, but is not necessary within the BCP. The DRP is developed by Security Department, and reviewed yearly with representatives of each department and approved by Corporate Management. The DRP is exercised once a year. (a simulated disaster is staged and response team must respond according to the plan enabling continuity of operations.) For example, the plan to locate two manufacturing facilities in different geographic areas in case one is disabled by a disaster is BCP and the plan to allow workers to “work from home” via a secure Virtual Private Network (VPN) using virtual facilities on secure databases is DRP. The DRP should be exercised at least yearly. The exercise (a simulated disaster event) is planned on a weekend or time when normal business low… i.e. over Christmas, or super bowl weekend, etc. For the exercise the normal facilities are disabled and the “backup” plan to operate, possibly on a limited basis, goes into effect. 5. Security Operations: The role of Security Operations is to: 1) Protect the assets both physical and information, of the organization. 2) Protect the employees from harm both inside the building and on the premises. 3) Enable company operations after a loss of functionality. 4) Accomplish this in a cost effective way that does not unduly hinder operations. These goals are accomplished through the implementation a “Defense in Depth” layered plan of physical, administrative, managerial, technical and operational controls.7 The methods of layering defensive technologies included in defense in Depth (DiD) are physical, logical and virtual security solutions. The information assets are secured to reduce the risk of loss of confidentiality, integrity or availability. © Copyright: April 2012, D. E. Jennings Page 6 of 41
7.
Confidentiality provides a
degree of assurance that data has not been made available or disclosed to unauthorized individuals, processes, or other entities. In essence, it assures that data can only be read or understood between trusted parties. Confidentiality can be breached or bypassed by someone shoulder surfing, sniffing or network monitoring, stealing passwords, or social engineering (an attacker posing as a trusted individual). In the network, confidentiality is accomplished through encryption. Threats to confidentiality include: Hackers/crackers Masqueraders/spoofing Unauthorized user activity Unprotected downloaded files Network sniffing Trojan horses Social engineering Integrity includes the issue of protecting against unauthorized modification or destruction of information. It includes the assurance that data leaving point A and arriving at point B arrives without modification and assures that point A and point B are who they claim to be. The three basic principles used to establish integrity in the enterprise: Need-to-Know Access - Users should be granted access only to those files and programs they absolutely need to fulfill their duties. (Role based security) Separation of Duties - No single person has control of a critical transaction from beginning to end. Two or more people should be responsible for an entire critical transaction. Rotation of Duties - Job responsibilities should be periodically changed so that users will find collaboration more difficult to exercise complete control of a transaction or subvert © Copyright: April 2012, D. E. Jennings Page 7 of 41
8.
one for fraudulent
purposes. This also has many other beneficial effects including redundancy and continuity of operations in the event of loss of key personnel. Availability is the attribute that ensures the reliable and timely access of resources to authorized individuals. The means the corporation is expecting IT resources: Perform or function properly. The IT resource or Network is available / accessible. The IT resource or Network is available when it is needed. Availability can be compromised by Denial-of-Service (DoS) attacks. These are actions by users or attackers that tie up computing resources in such a way that renders the system unusable. Availability is lost when natural disasters (fire, flood, earthquake) or human action (bombs, strikes, malicious code) create loss of IT or Network capabilities. Availability is also lost due to normal equipment failure. The IT security department works with the IT Architect to ensure high availability design of the network. In some cases the IT Architecture is within the Security Department as security and availability is paramount in the network design. The security department utilizes the Protect, Detect and React paradigm. In order to accomplish this the department incorporates protection mechanisms and utilizes detection tools and procedures and logs that allow the discovery, and ability to react and recover from attacks or disasters. The security department focus is on People, Technology and Operations. The company Security Policy (see overview - Appendix I) is the foundation of the security operations of the company. The Security Policy, Operational Security Plan and Disaster Recovery Plan is evaluated and updated if required on an annual basis. The updates are based on data provided by the network information controls, re-evaluation of risks and stakeholder input as to usability and effectiveness. The Operational Security Plan includes the detail processes for physical security, access control, telecommunications and network security, and operations security. © Copyright: April 2012, D. E. Jennings Page 8 of 41
9.
6. Risk Management: In
order to determine what level of security an asset requires, we first identify and rank the assets to be protected, and then determine what level of protection is required. This is accomplished by a risk analysis, a risk assessment and a business impact analysis. These are completed by the security team with the business unit management that has custody of the asset with an overview of corporate management. Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. It’s interesting that the Federal Government has revised their Risk Analysis approach to more closely follow industry standards.8 A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. A Risk Analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. A Risk Assessment involves evaluating existing physical and environmental security and controls, and assessing their adequacy relative to the potential threats of the organization. See example table in Appendix II. A Business Impact Analysis involves identifying the critical business functions within the organization and determining the impact of not performing the business function beyond the maximum acceptable outage. Types of criteria that can be used to evaluate the impact include: customer service, internal operations, legal/statutory and financial. The Risk Analysis is the first step in the risk management methodology.9 1. Identify and prioritizing assets; 2. Identify vulnerabilities; 3. Identify threats and their probabilities; 4. Identify countermeasures; 5. Develop Cost benefit analysis; 6. Develop security policies and procedures. © Copyright: April 2012, D. E. Jennings Page 9 of 41
10.
Using the formula:
Risk = Threat * Vulnerability. A risk analysis is completed for each corporate asset. Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps: 1. Cataloging assets and capabilities (resources) in a system. 2. Assigning quantifiable value (or at least rank order) and importance to those resources 3. Identifying the vulnerabilities or potential threats to each resource 4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources 7. Categories of Risk: 1. Damage - Results in physical loss of an asset or the inability to access the asset as in the case of a cut in a network cable. 2. Disclosure - Disclosing critical information regardless of where or how it was disclosed. 3. Losses - Can be permanent or temporary, including the altering of data or the inability to access data. 4. Physical damage - Can result from natural disasters or other factors as in the case of a power loss or vandalism. 5. Malfunctions - The failure of systems, networks, or peripherals 6. Attacks - Purposeful acts whether from the inside or outside. Misuse of data, as in unauthorized disclosure, is an attack on that information asset. 7. Human errors - Usually considered accidental incidents as compared to attacks that are purposeful incidents. 8. Application errors - Failures of the application, including the operating system. Application errors are usually accidental errors while exploits of buffer overflows or viruses are considered attacks. © Copyright: April 2012, D. E. Jennings Page 10 of 41
11.
A Risk Assessment
chart is used to rank the effect of threats and vulnerabilities that are determined to be risks. Cost benefit analysis is used to determine when a risk is worthy of mitigation. An earthquake although is very unlikely would have a catastrophic effect. Therefore a plan for continuing operations in the event of an earthquake will be advisable, however the cost of maintaining complete redundant facilities my not be warranted, unless the business is located in a heavy earthquake zone. The tables in the following pages are intended to show examples of how the risk analysis and mitigation is documented. There is no one “correct” table. The analysis should drill down to the level of detail that you will be able to manage. The team that conducts and reviews the assets and risks will include department managers that have ownership of the assets. For personnel, we suggest that a professional from the Human Resource (HR) department take the lead in the personnel risk analysis by role. The table below is an example of a Risk Assessment Chart for loss of personnel, in this case the Chief Information Officer. Risk: Loss of personnel: Chief Information Officer Likelihood > A. Very B. C. Unlikely Mitigation: Consequence Likely Somewhat Likely Catastrophic The market is Although the Two or more trained in this in short CIO is being position within the company at all supply, many recruited he/she times to mitigate the risk of loss recruiters are is content and since it is a critical position and contacting does not seem to difficult to replace. Retention our CIO want to leave policy (bonus, vacation, etc.). w/offers Very Disruptive Inconvenient Note: The difference between “Very Likely” and “Unlikely” above is that the Corporate management is aware of the first scenario and makes an effort to retain the CIO making the likelihood of he/she leaving “unlikely”. Never- the-less in either case the result would be “catastrophic” so planning for his/her leaving is done by identifying a “backup” person and making sure that person is able to assume the duties by using the policy of “rotation of duties”.10 In this economy there is less likelihood of people changing jobs, however key positions should be looked at in terms of duplication of capability and personnel retention. This is not necessarily a function of the security department, however when risks such as these are identified they should be brought up to corporate management for inclusion in the overall company risk management process. Example of a Risk Assessment Chart for less critical roles. Risk: Loss of personnel: Assistant Staff Likelihood > A. Very B. Somewhat C. Unlikely Mitigation: © Copyright: April 2012, D. E. Jennings Page 11 of 41
12.
Consequence
Likely Likely Catastrophic Very Disruptive Inconvenient Personnel for this This position, although very useful and position are important to the company is not available in the considered a high risk. Except for normal marketplace. role documentation and training materials other mitigation is not necessary. For less critical roles, turnover is always inconvenient and may be very disruptive even though the positions are quickly replaced. Therefore each role / position is looked at in detail and effort is made to ensure continuity of operations and minimize the effects of loss of personnel. Risk Assessment Chart for Information Technology / Computing and Network hardware. Hardware failure (general) Likelihood: Very Likely Somewhat Unlikely Mitigation Likely Consequence: (1) (2) (3) (1) (2) (3) (1) (2) (3) Router - Core We can reduce the consequence to inconvenient by deploying redundant X routers or diverse paths. The failure rate is a function of the equipment design and environment. Router - As the router controls less critical branches Distribution of the network we might economize and X only utilize diverse routing to ensure high availability. Switch (non Diverse paths may be able to move the X redundant) consequence to “inconvenient”. Server (non Servers are usually deployed in redundant redundant) modes as the cost of servers had dropped X in relation to their critical use in the network. Consequence: 1) Catastrophic, 2) Very Disruptive, 3) Inconvenient Hardware fails. Depending on the age, vendor, maintenance, environment (heat / cold) etc. Constant temperature is usually preferred, as heating and cooling expand and contract metal and substrates that have different expansion coefficients and can separate and crack. The life of equipment is variable. Redundancy for key equipment is almost always cost effective. A much more detailed / extensive analysis should be completed for an actual risk analysis. The consequence can be rated as: 1= Catastrophic, Major damage to the equipment and/or facilities, interruption in operations for more than 48 hours, 2= Very Disruptive, interruption in operations for up to 8 hours, 3= Inconvenient or little impact or interruption in operations. The table below lists common Cyber Attacks and mitigation strategies. This table is pretty much on the top of the list for evaluation and re-evaluation by the IT Security Department. This is what they deal with on a day to day basis. New attacks are coming out daily. Operating systems patches are automatically reviewed daily and updates made as required. Software version numbers are important and tracked by date. All software used by the company must be maintained and kept up to date with the latest release. There is a function in the Security IT department devoted to this process. © Copyright: April 2012, D. E. Jennings Page 12 of 41
13.
Common Network Cyber
Attacks Likelihood: Very Likely Somewhat Unlikely Mitigation Likely Consequence: (1) (2) (3) (1) (2) (3) (1) (2) (3) Denial of service Malformed bits / false IP addresses can be mitigated by keeping OS up to date and X logging frequent connection attempts against one service. SYN Flood An overload of packets that have the SYN flag set can be blocked by a firewall and X keeping the OS up to date and review of log files. Malware Up to date antivirus signatures are essential in combating viruses, Trojans, worms, spyware etc. Also restricting access to non- essential web surfing, especially in critical X branches of the network. Segmenting the network critical assets. Restrict access to administrator privileges on user computers to keep unauthorized software off machines or change security settings. Social Engineering Servers are usually deployed in redundant X modes as the cost of servers had dropped in relation to their critical use in the network. Port Scanning Firewall will protect from port scanning with X intention to infiltrate network. ICMP abuse Packet Filtering via a firewall will block X abusive ICMP echo requests. Host Attack A Proxy Server will keep attackers from accessing IP addresses, hostnames and X passwords which can be used to find other hosts to attack. Man in middle VPN Virtual Private Network encryption can attack keep an attacker from operating between X computers, impersonating one to intercept communications. New Files on Use system auditing software to control this X network as a behavioral monitor / block. Remote Procedure Intrusion Detection System will defeat this calls X threat as well as keeping OS patches up to date. Consequence: 1) Catastrophic, 2) Very Disruptive, 3) Inconvenient The following table takes the credible threats from individual analysis charts in a summary form on one chart. These charts are not meant to be exhaustive but rather illustrative of the process. Example: Threat / Vulnerability and Mitigation Summary Table: Vulnerability: Threat: Risk Assessment: Mitigation: Probability Consequence © Copyright: April 2012, D. E. Jennings Page 13 of 41
14.
Personnel
Employees may be Mugging, theft, Unlikely / Cost benefit analysis Injury while vulnerable between the panhandling or other Catastrophic makes lighting and entering /leaving time they leave their personal attacks most locations - risk cameras feasible for building vehicles and when they while alone walking is “unlikely” / this threat. enter the building. to car. consequence can be “catastrophic” Personnel Key operation may be Loss of Likely / Catastrophic Make sure each Resignations at risk functionality, leave role / duty has back Key employees are company, Illness at more likely to be up. Capture and critical time. document key recruited by other companies. information. Personnel Employees with access Sabotage, theft, Unlikely / Critical assets Disgruntled to assets disruption of Disruptive identified and inside teamwork Most lost assets – protected: Locked / non critical, critical RFID tags similar to assets must be those used in retail. protected Personnel Former employee with Sabotage, theft, Unlikely / Identity Disgruntled passwords enabled logs disruption of Disruptive Management System outside onto network via teamwork Although most and Log File review. borrowed laptop or dial assets can be lost in access. with only disruptive consequences, critical assets must be protected Social Sensitive information is PII theft can lead to Unlikely / Education and Engineering vulnerable. Inadvertent identity theft. Disruptive periodic test / release of Password release This has to be probing to keep information… PII, can lead to actual evaluated employees alert and passwords, etc. infiltration of the periodically, in most aware. network cases this threat is unlikely Hardware Loss of Servers, Functionality / Unlikely / Utilize Redundant failure routers, etc. through availability of the Catastrophic Equipment where equip. failure cause heat network This can be feasible lack of maintenance determined on an equip by equip basis Hardware theft Located in unlocked Sabotage or Unlikely / Keep in locked tamper room Accessible to inadvertent damage Catastrophic secure environment employees due to error After the initial installation equipment is often ignored. Software Category A: necessary Loss / tamper / out Unlikely / Very Backups must be to company operations. of date Disruptive maintained. software versions up to date with patches, antivirus protection. Software Category B: used to Loss / tamper / out Unlikely / Keep non-critical support / promote of date Disruptive software up to date business with patches, antivirus protection. © Copyright: April 2012, D. E. Jennings Page 14 of 41
15.
Information
Key inventions – Theft – duplication Unlikely / Knowledge is most intellectual property if in the hands of Catastrophic valuable. competitor Information Customer lists, PII Illicit use if in the Unlikely / hands of Catastrophic competitor / thief 8. Personnel Security: Although not generally thought of in an IT Security Plan, Personnel security is always a part of the overall security considerations, and with IT Security responsible for the entire company security this becomes part of their responsibility. The main thrust here is to make sure employees are safe. Vulnerabilities exist mostly while moving between the parking lot and the building. The other aspect of security involving personnel is the risk to the company when personnel end their employment with the company (voluntarily or otherwise). Several security issues are involved with employees who move on. These are mostly handled by with the help of the automated Identity Management System. Security starting at the parking lot is designed to accomplish two things. First: physical security or safety of employees. The plan is designed to protect employees from the threat of personal harm when they are between their cars and the building. This is accomplished by the use of 8ft. high fencing integrated into landscaping and color coordinated to be less visible, intrusion detection sensors, cameras and lighting. The parking lots will have cameras installed at locations that enable viewing of activity anywhere in the lots. The entire area, building and parking lot will be fenced and lighting and cameras will be deployed in strategic areas. This will enhance the landscaping which will be designed to enhance security, leaving areas near the windows and building entrances free of large shrubs so as to enable greater visibility. Physical security is closely connected with Identity Management and starts with vehicle identification. The parking lots will be for employee use only. There will be a separate lot for visitors and clients. The employee lots will have Radio-Frequency Identification (RFID) transceivers installed and each employee will be issued tags (also called transponders) that will enable identification of their vehicles as they enter the lots. 11 There is one entrance at each location and the receptionist in the building who also functions as a security officer will have a © Copyright: April 2012, D. E. Jennings Page 15 of 41
16.
picture and name
of employee on her screen before they enter the front entrance. (Captured by the RFID system) If he/she sees a different person enter she will deal with that in a different way. Visitors may not be in the system until they have visited the first time and been identified and put in the database. First time visitors are treated slightly different from 2nd time visitors and employees. In each case the goal is to have flawless security and we want the person to feel good about the security measures and tolerate if not enjoy their participation in the process. We also do not want to delay a legitimate entry. Trained and motivated security personnel are essential to this process. One option is to institute a Rotation of Duties with all other roles in the company with the security point person which will enable all employees to appreciate the role of security. Front desk security would be a duty everyone would be able to enjoy. This would increase security awareness and allow everyone in the company eventually to meet everyone else. 9. Building Security: Windows and doors to the outside will be alarmed to a central alarm system. During business hours there will be one entrance for employees to enter the building. At that location they will use their RFID badge to open a door. Once inside there is a lobby where they will be allowed into the building after showing their ID badge to the receptionist. This process is two factor security, RFID badge and personal recognition by a human. After hours the building will be locked and secure by 24 hour security monitoring. The security monitoring will include the grounds, the parking lot and cameras at strategic locations within and outside the building. The cameras will be on a 24/7 recording schedule and archived and a regular schedule. Those who require after hours work must have prior approval and will be admitted by the security guard on duty. Sensitive rooms within each building will be secured from general employee access. Each employee RFID badge will give them access to specific areas divided by department. The Human Resources department will have a lobby area with soundproof rooms where employee interviews will be conducted. Also the finance area will have an area where non-finance employees will be admitted without having to enter the restricted “Finance” area which is restricted to finance employees only. Conference rooms, cafeteria, restrooms, etc., will be open to the general employee population. © Copyright: April 2012, D. E. Jennings Page 16 of 41
17.
10.Access Control: Access control
is enabled by an efficient Identity Management system.12 Identity Management is the management of user credentials and the means by which users log on to corporate network resources. With the emergence of phishing attacks good identity management became essential in maintaining the CIA triad. Phishing exploits the difficulty of properly identifying and authenticating identities. The evolution of identity management follows the progression of Internet technology closely. Typical identity management functionality includes the following: 1. User information self-service 2. Password resetting 3. Management of lost passwords 4. Workflow 5. Provisioning and de-provisioning of identities from resources Identity management also addresses the age-old 'N+1' problem — where every new application may entail the setting up of new data stores of users. The ability to centrally manage the provisioning and de-provisioning of identities, and consolidate the proliferation of identity stores, all form part of the identity management process. Identity management starts with the risk assessment to determine the need for particular controls to properly protect information, applications, and infrastructure as required. These controls set the lifecycle security objectives for creating and maintaining an identity, verifying and authenticating an identity, granting permissions and authorities, monitoring and accountability, and auditing and appraisal of the identity management processes. The identity management system defines the control objectives required to enforce the security policy: 1. Identification: The process that creates an entity and verifies the credentials of the individual, which together form a unique identity for authentication and authorization purposes). © Copyright: April 2012, D. E. Jennings Page 17 of 41
18.
2.
Authentication: Verifies credentials to support an interaction, transaction, message, or transmission). 3. Authorization: Grants permissions by verifying the authenticity of an individual’s identity and permissions to access specific categories of information or to carry out defined role based tasks). 4. Accountability: The process that records the linkage between an action and the identity of the individual or role who has invoked the action, thus providing an evidence trail for audit or non-repudiation purposes). 5. Audit: The process that examines data records, actions taken, changes made, and identities/roles invoking actions which together provide a reconstruction of events for evidential purposes). The control objectives above serve the requirement to provide an auditable chain of evidence. Using the Identity Management system, each employee is given access to physical locations, network locations, information databases, etc. based on their role and classification. Each role and title will imply certain tasks and levels of authorization to perform particular tasks. An example of a Role table is in Appendix III . Access to the required resources will be based on those roles. The identity management system enables efficient deployment of employees and removal of employees when they no longer are required to have the access or they leave the company. Maintaining access control in the enterprise requires several components for each category of access control. There are three main categories of access control:13 Administrative: 1. Policies and procedures - A high-level plan that lays out management’s plan on how security should be practiced in the company. It defines what actions are not acceptable and what level of risk the company is willing to accept. © Copyright: April 2012, D. E. Jennings Page 18 of 41
19.
2.
Personnel controls - Indicate how employees are expected to interact with corporate security, and how non-compliance will be enforced. 3. Supervisor structure - Defines the overall company hierarchy. Each employee has a supervisor they report to and that supervisor has a superior they report to. This chain of command dictates who is responsible for each employee’s actions. 4. Security awareness training - Users are usually the weakest chain in the security chain. Proper training on security issues can instill access control usage on the network. 5. Testing - Test access controls on the network to determine their effectiveness (or ineffectiveness). Physical: 1. Network segregation - Defining segregation points can help enforce access controls on ingress or egress to the segment. 2. Perimeter security - Defines how the perimeter of the company will be enforced such as guards, security badges, fences, gates. 3. Computer controls - Defines the physical controls on computer systems such as locks on systems to deter theft of internal parts, removal of floppy to deter copying. 4. Work area separation - Separation of work areas based on type of use such as server room, wiring closets, experimental room. 5. Data backups - This physical control is used to ensure access to information in case of system failure or natural disaster. 6. Cabling - Protecting the cabling from electrical interference, crimping, and sniffing. Technical: 1. System access - Controls that determine how resources on a system are accessed such as MAC architecture, DAC architecture, username/password, RADIUS, TACACS+, Kerberos. 2. Network architecture - Defines logical network segmentation to control how different network segments communicate. © Copyright: April 2012, D. E. Jennings Page 19 of 41
20.
3.
Network access - Defines access controls on routers, switches, and network interface cards, and bridges. Access control lists, filters, AAA, and firewalls would be used here. 4. Encryption and protocols - A technical control that encrypts traffic as it courses through untrusted network segments. Protocols could include IPSec, L2TP, PPTP, SSH, SSL/TLS. 5. Control zone - A specific area in the enterprise that surrounds and protects network devices that emit electrical signals. Electrical signals emanate from all computer systems and travel a certain distance before being drowned out by interference from other electrical fields. Control zones are both a technical and physical control. 6. Auditing - Tracks activity as resources are being used in the enterprise. 11.Telecommunications: Along with access to the network from the company intranet, employees may gain remote access via a remote log-on through a secure Virtual Private Network (VPN). Virtual Private Networks (VPNs) are secure private connections created using a public network. They are virtual in the sense that the public network is seen as a single hop between networks allowing the two networks to be virtually connected. They are private in the sense that data sent over the public network cannot be viewed by un-trusted personnel. Encryption techniques create the privacy. The four main VPN protocols are in use today: Layer two Forwarding (L2F) is a protocol developed by Cisco that supports the creation of secure virtual private dial-up networks (VPDNs) over the Internet. Point to Point Tunneling Protocol (PPTP) is a network protocol developed by Microsoft that enables the secure transfer of data from a remote client to a private enterprise server by creating a VPN across TCP/IP-based data networks. PPTP supports on-demand, multiprotocol, virtual private networking over public networks, such as the Internet. © Copyright: April 2012, D. E. Jennings Page 20 of 41
21.
Layer 2 Tunnel
Protocol (L2TP) is an Internet Engineering Task Force (IETF) standard that combines the best features of two existing tunneling protocols: Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). IPSec - The Security Architecture for the Internet Protocol is designed to provide interoperable, high quality, cryptographically based security for IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin authentication, detection and rejection of replays, a form of partial sequence integrity, confidentiality through encryption, and limited traffic flow confidentiality. The IP layer provides these services, offering protection in a standard fashion for all protocols that may be carried over IP, including IP itself. When the Identity Management System is used, the VPN access is seamlessly integrated with the Identity Management System. 12. Network Security Attackers are continuously attempting to gain access to corporate resources for profit or fun. Once the security world obtains an understanding of the exploit used, the application, algorithm, or protocol is updated to mitigate the threat. Attackers then try different avenues of attack, which leads to an endless exploit/mitigation loop. Examples of Network Attacks: Smurf: This is an attack with three entities: the attacker, the victim, and the amplifying network. The attacker spoofs, or changes the source Internet Protocol (IP) address in a packet header, to make an Internet Control Message Protocol (ICMP) ECHO packet seem as though it originated at the victim’s system. This ICMP ECHO message is broadcasted to the amplifying network, where all active nodes send replies to the source (the victim). The victims system and network become overwhelmed by the large amounts of ECHO replies. Fraggle: This is the same type of attack as the Smurf attack, except here the attacker broadcasts a spoofed UDP packet to the amplifying network, which in turn replies to the victim’s system. Denial of Service (DoS): This attack consumes the victim’s bandwidth or resources, causing the system to crash or stop processing other packets. DoS attacks are carried out by attackers with an intent to stop legitimate users from accessing certain resources. Their intent is malicious and not designed to obtain information. DoS attacks are usually the most formidable of attacks to deal © Copyright: April 2012, D. E. Jennings Page 21 of 41
22.
with as they
usually involve very large amounts of traffic that may or may not look on the wire as valid transmissions. Knowing how these attacks are sculpted and executed will allow network administrators to better deter them on their networks. Mitigation of DoS attacks can be performed at the ISP egress router into the company via rate limiting, via NIDS, HIDS, and by have up to date security patches and hot fixes installed on all critical servers and systems. To mitigate this type of attack, input-checking included in the login subsystem can easily stop this the DoS attack. Distributed Denial of Service (DDoS): This is a logical extension of the DoS attack. The attacker creates master controllers that can in turn control slaves/zombie machines, all of which can be configured to attack a single node. DNS DoS Attacks: In this attack a record at a domain name server (DNS) server is replaced with a new record pointing at a fake/false IP address. Cache Poisoning: Here the attacker inserts data into the cache of the server instead of replacing the actual records. A buffer overflow is a software-based attack created when a program does not check the length of data that is inputted into it, which will then be processed by the CPU. A buffer overflow exists when a particular program attempts to store more information in a buffer memory storage than it was intended to hold. Since the buffer was only intended to hold a certain amount of data, the additional data overflows into a different area of memory. It is this different area of memory where overflows cause the problem. Brute force attacks occur when a cracker attempts to obtain the correct password for an account by trying every conceivable value hoping to stumble across the correct one. Administrators have known about brute force attacks for many, many years and have come up with ways to mitigate these types of attacks. One of the easiest methods is to rename the administrator account to something else. In this way the cracker must know two things, the account name and the password. Administrators will also create passwords of at least eight characters in length. This technique helps because it takes time to brute force an attack on a password that is at least eight characters long. Hopefully, the administrator will notice the attack and take precautionary steps to block the cracker. The length of the password and number of possible values a password may © Copyright: April 2012, D. E. Jennings Page 22 of 41
23.
have will delay
the success but not stop this attack. Also, imposing a delay of say 20 seconds between failed attempts or locking the account after 10 failed attempts deters this type of attack. Dictionary attacks are another form of brute force attacks and take advantage of a well-known flaw in the password authentication scheme. That flaw is the fact that many people use common words as the password for an account. Attackers exploit this fact by using a source for common words (the dictionary) to try to obtain a password for an account. They simply try every possible word in the dictionary until a match is found. Proper password usage is key to the mitigation of this attack. Dictionary attacks are usually mitigated by systems that use pass phrases instead of passwords. Spoofing: Attackers can use many different types of spoofing attacks, but they all use spoofing for one reason, which is to impersonate another host. Sometimes the attacker does not care who he or she is impersonating; the attacker only cares that the packet he or she is transmitting does not identify him or her. Other times the attacker knows exactly what host he or she wants to impersonate and wants the return traffic to reach this host. A spoofing attack on a password system is one in which one person or process pretends to be another person or process that has more privileges. An example would be a fake login screen also called a Trojan horse login. In this attack, the attacker obtains low-level access to the system and installs a malicious code that mimics the user login screen. On the next attempt to login, the user enters his username and password into the fake login screen. The malicious code then stores the username and password in a certain location or may even email the information to an email account. The Trojan horse then calls the correct login process to execute. To the user, the entry appears to be an incorrect or mistyped username or password and he or she will try again. When they do, of course, they are let into the system. DNS spoofing attacks work by convincing the target machine that the machine that it wants to contact (for example, www.makebigchecks.com) is the machine of the attacker. When the target issues a DNS query, it could be intercepted and replied with the spoofed IP address, or the query could reach the DNS server, which has been tampered with in order to give the IP address of the cracker’s host, rather than the real server’s IP address. Either way the target receives a false IP address of the target and will attempt to contact it. © Copyright: April 2012, D. E. Jennings Page 23 of 41
24.
Sniffing: The act
of sniffing is the use of a program or device that monitors data traveling over a network. Sniffing is hard to detect because as a passive attack, it only receives information and never sends out information. The goal of sniffing is to capture sensitive information such as a password in order to perform a replay attack at a later time. Mitigation against sniffing attacks can include using a switched infrastructure, using one-time passwords, or enabling encryption. In a Transmission Control Protocol (TCP) takeover attack, the cracker will attempt to insert malicious data into an already existing TCP session between two hosts. In this type of attack, the attacker is either attempting to inject false data into the conversation, or take over the session completely. This type of attack is usually used in conjunction with a DoS attack to stop the host it is impersonating from sending any further packets. The DoS attack against the impersonated host will itself be using spoofed packets. In this way, the attacker will hide his or her identity from the host he or she took over the TCP session from, while the opposite end still believes its ongoing session is with the original host. A pseudo flaw is an apparent loophole deliberately implanted in an operating system or program as a trap for intruders. Pseudo flaws are inserted into programs to get attackers to spend time and energy attempting to uncover weaknesses in programs that they hope will allow them to gain access to other parts of the system. Because these are deliberate flaws, the attacker can spend weeks attempting to exploit the flaw, before he or she becomes discouraged and moves on to different parts of the program. Alteration of Authorized Code: Attackers often write small programs that create a patch in authorized code. Take a program that will not execute until the user enters a valid serial number or authorization code. The attacker does not have this information, yet still wants to execute the program. Using his or her knowledge of programming and off-the-shelf software, the attacker can identify where in the program the subroutine that performs authorization is called from. The attacker then writes a program that modifies that very same area of the program, but instead of calling the authorization subroutine, the instructions are now a series of NOPs (no operations). This alteration of authorized code simply bypasses the authorization subroutine and begins executing the program. Flooding is the process of overwhelming some portion of the information system. This could be bandwidth on a serial link or memory in a router or server. There are many uses of flooding for © Copyright: April 2012, D. E. Jennings Page 24 of 41
25.
attackers. Attackers could
hide their attacks in a flood of random attack packets, they could attempt to overwhelm a switch’s Address Resolution Protocol (ARP) table, or they could perform DoS attacks. SYN floods are an example of flooding used in a DoS attack. SYN floods take advantage of TCP’s three-way-handshake. In this DoS attack, the attacker sends many thousands of half-formed or embryonic TCP connection requests (SYN packets), usually with a spoofed source address, to the target server. The server that receives these connection requests sets aside a small amount of memory for each connection, and replies with an SYN-ACK to the spoofed address. The spoofed host (if it exists) receives the SYN-ACK packet and discards it. This leaves the server with an open or a half-formed connection, which will remain so for three minutes as it waits for the connection to complete. A few open connections will not cause harm to a server, but thousands upon thousands of open connections, each using a small amount of memory, will quickly consume all available resources on the server. When all resources are consumed, the server will no longer respond to the SYN requests of the attacker. Unfortunately, the server will also not respond to any SYN request from a valid user, which is what the DoS the attacker is trying to accomplish. These attacks are always changing and methods of mitigating them are also changing. 13. Architecture An example network architecture for a single location is located in Appendix IV. The network is segregated into 7 sub-networks which include the 10 functional areas. Fundamental Firewall Designs Firewall design has evolved, from flat designs such as dual-homed host and screened host, to layered designs such as the screened subnet. The evolution has incorporated network defense in depth, incorporating the use of DMZ and more secure networks. A Bastion host is any host placed on the Internet which is not protected by another device (such as a firewall). Bastion hosts must protect themselves, and be hardened to withstand attack. Bastion hosts usually provide a specific service, and all other services should be disabled. A Dual-homed host has two network interfaces: one connected to a trusted network, and the other connected to an untrusted network, such as the Internet. This design was more common © Copyright: April 2012, D. E. Jennings Page 25 of 41
26.
before the advent
of modern firewalls in the 1990s, and is still sometimes used to access legacy networks. Screened Host Architecture is an older flat network design using one router to filter external traffic to and from a bastion host via an access control list (ACL). The bastion host can reach other internal resources, but the router ACL forbids direct internal/external connectivity. The difference between dual-homed host and screened host design is screened host uses a screening router, which filters Internet traffic to other internal systems. Screened host network design does not employ network defense-in-depth: a failure of the bastion host puts the entire trusted network at risk. Screened subnet architecture evolved as a result, using network defense in depth via the use of DMZ networks. DMZ Networks and Screened Subnet Architecture. A DMZ is a dangerous “no-man’s land”: this is true for both military and network DMZ. Any server that receives traffic from an untrusted source such as the Internet is at risk of being compromised. We use defense-in-depth mitigation strategies to lower this risk, including patching, server hardening, NIDS, etc., but some risk always remains. Network servers that receive traffic from untrusted networks such as the Internet should be placed on DMZ networks for this reason. A DMZ is designed with the assumption that any DMZ host may be compromised: the DMZ is designed to contain the compromise, and prevent it from extending into internal trusted networks. Any host on a DMZ should be hardened. Hardening should consider attacks from untrusted networks, as well as attacks from compromised DMZ hosts. A “classic” DMZ uses two firewalls, also called a screened subnet dual firewall design. In this design two firewalls screen the DMZ subnet. A single-firewall DMZ uses one firewall. This is sometimes called a “three-legged” DMZ. The single firewall design requires a firewall that can filter traffic on all interfaces: untrusted, trusted, and DMZ. Dual-firewall designs are more complex, but more secure. In the event of compromise due to firewall failure, a dual firewall DMZ requires two firewall failures before the trusted network is exposed. Single firewall design requires one failure. © Copyright: April 2012, D. E. Jennings Page 26 of 41
27.
14.Intrusion Detection System
(IDS) An important tool in network defense is the Intrusion Detection System (IDS). An IDS utilizes audit records of all activities on a system. An IDS has three basic components: a sensor (agent), an analyzer, and a security interface (also called the director). The sensor collects information and forwards it to the analyzer. The analyzer receives this data and attempts to ascertain if the data constitutes and attack or intrusion. The security interface, which is usually a separate device, displays the output to the security administrator configures the sensors in the network. There are two basic types of intrusion detection mechanisms: Network-based Intrusion Detection Systems (NIDS) and Host-based Intrusion Detection Systems (HIDS). Intrusion detection devices attempt to identify any of the following types of intrusions: Input Validation Errors Buffer Overflow Boundary Conditions Access Validation Errors Exceptional Condition Handling Errors Environmental Errors Configuration Errors Race Conditions NIDS: Protects an entire network segment and is usually a passive device on the network. Users are unaware of NIDS existence unless they learn about it through the general security training sessions. NIDS cannot detect malicious code in encrypted packets, and is cost effective for mass protection. It requires its own sensor for each network segment. HIDS: Protects a single system. It uses system resources (CPU and memory) from the system and provides application level security. An advantage of HIDS is that it provides day-one security. Intrusion detection is performed after decryption so it is used on servers and sensitive workstations, but is costly for mass protection. © Copyright: April 2012, D. E. Jennings Page 27 of 41
28.
The two forms
of Intrusion Detection: Profile-based Intrusion Detection (Also known as anomaly detection): In profile-based detection, an alarm is generated when activity on the network goes outside of the profile. A profile is a baseline of what should be considered normal traffic for each system running on the network. A problem exists because most systems do not follow a consistent profile. What is normal today, might not be normal tomorrow. Signature-based Intrusion Detection: In signature-based detection, a signature or set of rules is used to determine intrusion activity. An alarm is generated when a specific pattern of traffic is matched or a signature is triggered. Typical responses to an attack include the following: Terminating the session (TCP resets) Block offending traffic (usually implemented with Access Control Lists - ACLs) Creating session log files Dropping the packet IDS Examples:14 Tripwire scans files and directories on Unix systems to create a snapshot record of their size, date, and signature hash. If you suspect an intrusion in the future, Tripwire will rescan your server and report any changed files by comparing the file signatures to the stored records. Tripwire was an open-source project of Purdue University, but it continues development as a licensed package of Tripwire Security Systems (www.tripwiresecurity.com ). Snort ( www.snort.org ) is an open-source intrusion detection system that relies upon raw packet capture (sniffing) and attack signature scanning to detect an extremely wide array of attacks. Snort is widely considered to be the best available intrusion detection system because of the enormous body of attack signatures that the open source community has created for it. The fact that it’s free and cross platform pretty much ensures that the commercial IDSs won’t develop much beyond where they are now. Snort was originally developed for Unix and has been ported to Windows. © Copyright: April 2012, D. E. Jennings Page 28 of 41
29.
Demarc PureSecure (
www.demarc.com ) is a best-of-breed network monitoring and intrusion detection system descended from Snort. PureSecure is a commercial product that uses Snort as its intrusion detector, but it adds typical network monitoring functions like CPU, network, memory, disk load, ping testing, and service monitoring to the sensors that run on every host. Demarc creates a web-based client/server architecture where the sensor clients report back to the central Demarc server, which runs the reporting website. By pointing your web browser at the Demarc server, you get an overview of the health of your network in one shot. Demarc can be configured to alert on all types of events, so keeping track of your network becomes quite easy. Demarc’s price is $1,500 for the monitoring software, plus $100 per sensor. Network Flight Recorder (NFR, www.nfr.com ) was one of the first inspector based intrusion detection systems on the market and was originally offered as a network appliance. Now available as both software and network appliances, NFR has evolved into a commercial product very similar to Snort in its capabilities. However, since it is a commercial product, NFR can consult with you directly to analyze intrusion attempts, to train your staff, and to provide product support for its products. 15.Electronic Mail Security: E-mail access was one of the first protocols defined under the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. The two main mail protocols are Post office Protocol 3 and Simple Mail Transfer Protocol. Post office Protocol 3 (POP3) is a lightweight e-mail client using TCP port 110, used to receive e-mail from a server. Simple Mail Transfer Protocol (SMTP). Is an effective mail transfer protocol, but not very secure. SMTP uses port 25 and is used to send e-mail from client to server and server to server forwarding. © Copyright: April 2012, D. E. Jennings Page 29 of 41
30.
SMTP protocol defines
the mechanism a sender uses to connect to, request, and send e-mail to the server. SMTP was an effective protocol, but is riddled with security holes. SMTP can be identified as using TCP port 25 on the network. SMTP takes up a lot of overhead. The Post Office Protocol version 3 (POP3) was created as a means of reducing the required overhead for a single workstation. POP3 is intended to permit a workstation to dynamically access a mail-drop on a server host. SMTP is used to send e-mail from an e-mail client to an e-mail server and POP3 is used to receive e-mail from the e-mail server to the e-mail client. POP3 can be identified as using TCP port 110 on the network. When e-mail first came into existence, e-mail messages were meant to be pure text only messages. As the Internet started to grow, graphic files, audio files, Hypertext Transport Protocol (HTTP), were a part of mail. The Multipurpose Internet Mail Extensions (MIME) protocol was developed to handle these. MIME allows a one-time modification to e-mail reading programs that would enable the program to display a wide variety of messages types. This e-mail extension allows you to view dynamic multitype email messages that include color, sound, animations, and moving graphics. The drawback of MIME is that it also lacks adequate security. E-mail was still subject to the same old hacks, such as sniffing and replay. Secure MIME (S/MIME) was created to enable a more secure MIME. S/MIME provides cryptographic security services for electronic messaging applications by providing authentication, message integrity, non-repudiation of origin (using digital signatures), and privacy and data security (using encryption). Using S/MIME is the preferred way of securing e-mail as it traverses the Internet. Public Encryption of E-Mail messages - PGP PGP uses a public key cryptosystem. In this method, each party creates an RSA public/private key pair. One of these keys is kept private (the private key), and one is given out to anyone in the public Internet (the public key). What one key encrypts, only its partner private key can decrypt. © Copyright: April 2012, D. E. Jennings Page 30 of 41
31.
This means if
user X obtains user Y’s public key and encrypts a message destined to user Y using its public key, the only person in the universe who can decrypt the message would be user Y, as he or she has the corresponding private key. PGP is a hybrid cryptosystem in that before encryption is performed the e-mail data is first compressed. Compression not only makes an e- mail message smaller, it also removes any patterns found in plain text, which mitigate many cryptanalysis techniques that look for these patterns. PGP performs the following security measures: confidentiality, data integrity, and sender authenticity. Secure Web based mail: For a small business utilizing a free open mail server has some advantages. Yahoo, for example has teamed with Zixit Corporation, a company that enables secure, certified email to any recipient. 15 16. Disaster Recovery Sometimes called Business Continuity Planning, the Disaster Recovery Plan is the tactical actualization of BCP. The DRP is the operational plan and is a requirement for the corporation that has the goal of remaining in business after a natural or manmade disaster. In this section we discuss the back up and restore plan and strategies for business continuity. First a listing of the types of events that might occur: Sabotage Bombings Loss of Electrical Power Arson Earthquakes Storm Security Incidents (major) Fire Communication system outage Strike (labor unrest) Flood Unavailability of Key Employees The planning committee (DRP team) is made up of management and technical experts from each area of the company meet at regular intervals. This team will hold yearly a disaster recovery exercise and participate in periodic probes and assessments of the company security practices and technologies. The general process of disaster recovery involves responding to the disruption; activation of the recovery team; ongoing tactical communication of the status of disaster and its associated © Copyright: April 2012, D. E. Jennings Page 31 of 41
32.
recovery; further assessment
of the damage caused by the disruptive event; and recovery of critical assets and processes in a manner consistent with the extent of the disaster. Respond: First there must be an initial response that begins the process of assessing the damage. Speed is essential during this initial assessment. There will be time later, to more thoroughly assess the full scope of the disaster. The initial assessment will determine if the event in question constitutes a disaster. An alternate data center may be required. If there is doubt that an alternate facility will be necessary, then the sooner this fact can be communicated, the better for the recoverability of the systems. The initial response team should also be mindful of assessing the facility’s safety for continued personnel usage, or seeking the counsel of those suitably trained for safety assessments of this nature. Activate Team: If during the initial response to a disruptive event a disaster is declared, then the team that will be responsible for recovery needs to be activated. Communicate: One of the most difficult aspects of disaster recovery is ensuring that consistent timely status updates are communicated back to the central team managing the response and recovery process. In addition to communication of internal status regarding the recovery activities, the organization must be prepared to provide external communications, which involves disseminating details regarding the organization’s recovery status with the public. Assess: Though an initial assessment was carried out during the initial response portion of the disaster recovery process, a more detailed and thorough assessment will be done by the disaster recovery team. The team determine the proper steps necessary to ensure the organization’s ability to meet its mission and Maximum Tolerable Downtime (MTD). Reconstitution: The goal of the reconstitution phase is to recover critical business operations either at primary or secondary (recovery) site. If an alternate site is used, adequate safety and security controls must be in place in order to maintain security continuity. In addition to the recovery team’s efforts at reconstitution of critical business functions at an alternate location, a salvage team will be employed to begin the recovery process at the primary facility that experienced the disaster. One key to data recovery and business continuity is the data backup process. Holding data backups at safe locations is a major requirement. Another aspect of DRP becoming more © Copyright: April 2012, D. E. Jennings Page 32 of 41
33.
prevalent is where
two companies agree to be the “backup” facility for the other. This can be where industries are similar and each company will set aside an area for the business continuity of the other. This may not work for dire competitors; however the cost benefit of these plans is such that cooperation among rivals is actually becoming cost effective. (see reciprocal agreement, below) The Alternate or Secondary (recovery) site: A redundant site is an exact production duplicate of a system that has the capability to seamlessly operate all necessary IT operations without loss of services to the end user of the system. A redundant site receives data backups in real time so that in the event of a disaster, the users of the system have no loss of data. It is a building configured exactly like the primary site and is the most expensive recovery option because it effectively more than doubles the cost of IT operations. To be fully redundant, a site must have real-time data backups to the production system and the end user should not notice any difference in IT services or operations in the event of a disruptive event. A hot site is a location that an organization may take time to relocate to following a major disruption or disaster. It could be a datacenter with a raised floor, power, utilities, computer peripherals, and fully configured computers. The hot site will have all necessary hardware and critical applications data mirrored in real time. A hot site will have the capability to allow the organization to resume critical operations within a very short period of time (hours). Hot sites can quickly recover critical IT functionality. However, a redundant site will appear as operating normally to the end user no matter what the state of operations is for the IT program. A hot site has all the same physical, technical, and administrative controls implemented of the production site. A warm site has readily-accessible hardware and connectivity, but it will have to rely upon backup data in order to reconstitute a system after a disruption. It may have a datacenter with a raised floor, power, utilities, computer peripherals, and fully configured computers. Because of the extensive costs involved with maintaining a hot or redundant site, many organizations will elect to use a warm site recovery solution. These organizations will have to be able to withstand © Copyright: April 2012, D. E. Jennings Page 33 of 41
34.
a Maximum Tolerable
Downtime (MTD) of at least 1-3 days in order to consider a warm site solution. The longer the MTD is, the less expensive the recovery solution will be. A cold site is the least expensive recovery solution to implement. It does not include backup copies of data, nor does it contain any immediately available hardware. After a disruptive event, a cold site will take the longest amount of time of all recovery solutions to implement and restore critical IT services for the organization. It could take weeks to get vendor hardware shipments in place so organizations using a cold site recovery solution will have to be able to withstand a significantly long MTD. A cold site is typically a datacenter with a raised floor, power, utilities, and physical security, but not much beyond that. Reciprocal agreements are a bi-directional agreement between two organizations in which one organization promises another organization that it can move in and share space if it experiences a disaster. It is documented in the form of a contract written to gain support from outside organizations in the event of a disaster. They are also referred to as Mutual Aid Agreements (MAAs) and they are structured so that each organization will assist the other in the event of an emergency. For each of these scenarios frequent testing for a simulated disaster and the associated recovery is absolutely essential. In this paper we have given a brief overview of some of the aspects of corporate security. We touched on physical security, network security, Identity Management and disaster recovery. There is no one correct way to maintain a secure operation. The emphasis should be on cost appropriate measures rather than the latest technological gimmick, lots of training to keep awareness of employees of the threats and risks. There should be a minimum of disruption to employees and their normal operations. © Copyright: April 2012, D. E. Jennings Page 34 of 41
35.
APPENDIX I Security Policy:
(Overview) 1.1 Goal: Secure and maintain company integrity, assets and personnel with minimum disruption to core operations. Updates: The security department will facilitate semi-annual meetings to update this policy. Feedback will be solicited from each department. Manufacturing Facilities: 2.0 Network assets (Listed) 2.1 Human Resources 2.2 Research and Development 2.3 Engineering 2.4 Corporate Management 3.0 Roles: Each Role is defined by: Task definitions and detail, education and training requirements, certification requirements, particular compliance requirements (Fire Safety, OSHA, HIPPA, Sarbanes Oxley, etc), pay and benefits scale, all maintained by the HR department. Security Levels: Each role will imply at least two security levels (Role - A) and (Role - B). The “A” level will be used for the employee who is completed the six month evaluation period required for each role. The Role definitions for each department will specify which function “B” level employee can complete alone and which would need to be completed with the oversight of an “A” level employee in the same role. For example creating or deleting corporate folders for data storage, creating, moving or modifying corporate data. The actual role detail is developed by management of the particular department and maintained by the Human Resources department. Corporate management develops the roles in the Management level I and Management level II roles. See appendix III for a matrix of Roles. 4.0 Security Breach: © Copyright: April 2012, D. E. Jennings Page 35 of 41
36.
The list of
information assets that requires protection and the level of protection is negotiated between the department heads and the Security department after the Risk Analysis has been completed by the management team with the facilitation of the Security Department. A security breach may or may not involve the actual release of information. Logs for each security measure are one of several sources of discovery used to identify a security breach. In the event of a security breach specific actions are to be taken and are different for each type of breach. Details are enumerated in the Security Policy. For example if a breach in Personally Identifiable Information, PII occurs the response team completes a specific process. PII refers to information that can be used to distinguish or trace an individual’s identity, e.g. name, social security number, date and place of birth, etc. The process is brief is: 1) Notify Security, your department manager. 2) Complete a report containing: a. Date of incident b. Number of individuals impacted c. Their status: Government / Military / Civilian. d. Description of the incident including circumstances of the breach, type of information lost of compromised and if the PII was encrypted or password protected. 3) Security department completes the process with the corporate Legal team depending on the actual incident. State laws differ on notifications; therefore the actual response may be different depending on where the incident occurred. The process for HIPPA information breach is somewhat different and is spelled out in the policy as well. © Copyright: April 2012, D. E. Jennings Page 36 of 41
37.
APPENDIX II
Vulnerability Assessment The table below shows the results of assessment that may be completed by an outside consulting firm. It should be repeated periodically asimprovements are made. This type of security audit or assessment is often required by Government contracts. It is presented for illustration only. Of course an actual list would depend on the particular network / implementation being assessed. Risk Assessment Vulnerability Business Impact Mitigation Finding Analysis Server located in unlocked room. Physical access by unauthorized Potentially cause loss of CIA for Install hardware locks with PIN alarm persons. email system through physical system (risk is reduced to acceptable attack on the system level). Software is out of date. This version is insecure and has Loss of CIA for email system Update system software (risk is reached end of life from vendor. through cyber attack. eliminated). Firewall weak or not properly Exposure to Internet without Loss of critical data possible. Move email server into a managed implemented. Need DMZ Firewall increases cyber threat. Potential catastrophic impact. hosting site (risk is transferred to protection due to network hosting organization). Conduct architecture and risk of intrusion. Penetration testing and resolve network breaches through improved network / firewall design and implementation. CIA = Confidentiality, Integrity, or Availability © Copyright: April 2012, D. E. Jennings Page 37 of 41
38.
Appendix III
Roles matrix and Organization Chart ROLES (Used for Security Authorization Purposes) Management Management Project Subject Matter Operator Operator Supervisor Compliance Level I Level II Manager Expert Class I Class II A&B A&B A&B A&B A&B A&B A&B A&B Human - X X - X X X X Resources Research and - X X X X X X X Development Engineering & - X X X X X X X DEPARTMENTS: Technology Corporate X X X - X X X X Management Marketing - X X - X X X X Sales Finance & - X X X X X X X Accounting Manufacturing - X X X X X X X & Operations IT Security & X X X X X X X X Architecture Information - X X X X X X X Technology Documentation - X X X X X X X & Training The matrix (above) outlines potential allocations of roles within departments for security level authorizations and does not indicate actual assignments. The Organization chart (below) represents the philosophy of utilizing the IT Security department to manage the IT department whereas in traditional organizations it may be reversed or often there are two competing organizations sometimes performing similar operations. Corporate Management Marketing & Engineering & Manufacturing & IT Security & Finance & Human Sales Technology Operations Architecture Accounting Resources Research & Information Documentation & Development Technology Training © Copyright: April 2012, D. E. Jennings Page 38 of 41
Jetzt herunterladen