SlideShare ist ein Scribd-Unternehmen logo

Enterprise Security Critical Security Functions version 1.0

Als PPTX, PDF herunterladen
Marc-Andre Heroux
Marc-Andre Heroux

Security subjects within this article: Enterprise Security Security Governance IT Risk Management Information System Management Threat & Incident Management Vulnerability Management Protecting Information Resources BCP Management Identity and Access Control Management Change Management Physical Security

Technologie
1 von 13
Enterprise Security - Critical Security Functions  There are several elements to consider to properly protect an organization. In order to align security adequately, it is possible to refer to an information security standard such as ISO 27002.  For many organizations, a smaller framework scope can be necessary in order to quickly implement security controls and bring the organization to an acceptable security posture.  In this article, we describe the main areas where it is possible to focus to quickly increase the security posture of an enterprise.  This guide does not encompass all controls and controls objectives and its main focus is to provide guidance on critical aspects often forgotten or not properly addressed. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
Among the biggest security challenges  One of the biggest challenge for organization is to established roles for security.  Undefined roles lead to inappropriate security management and practice. In this circumstance, everyone give best effort to maintain the overall security in an unstructured way.  It can give positive result for a certain time, but on a long period, the security posture of the organization will almost always decrease.  The planning, organization, implementation and verification of security is challenging for every organization. How to improve? Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
Security Governance  Establish authoritative role for Information Security with accountability and responsibility in a security program.  There must be a management role for Information Security Management such as CISO, CSO, etc. This person must determine roles and responsibilities of the Information Security members (incident management, vulnerability management, system change/update, etc.). Formalize Operational Security Role & Responsibility and Processes.  Roles and responsibilities must be officially defined and integrated to work functions of each members of the security team. Interaction with other team such as the system administration group and other department must be defined and understood by the security members.  Security members must be adequately trained and a security awareness and training standard practice must be in place. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
IT Risk Management  An IT Risk Management standard practice must be in place in order to implement appropriate controls and justify decisions according to the risk and impact on the enterprise of various situations or scenarios (ex.: cyber-attack, natural disaster, human error such as misconfiguration, etc.).  Standard methodology and templates must exist for information classification and risk/impact analysis.  Controls to reduce the capability of threat/attack and controls to reduce vulnerabilities must be identified, implemented, audit and verified regularly.  When a necessary control cannot be implemented according to the identified risk/impact, a justification must exist with compensatory measures. Justification must be reviewed periodically and are valid only for a certain period of time. All effort must be made to eliminate the justification and implement the control to reduce the risk/impact. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
Information System Management  Protection equipment, according to the identified risk and impact must be selected, implemented, audit and verified regularly (ex.: servers, firewall, IPS, etc.).  Appropriate systems and equipment must be available to security members to conduct their task, such as a ticketing system for incident management.  Protection systems must be kept up-to-date and modifications must follow a change management process in place.  Following an incident, according to the result of the investigation, protective systems must be updated when applicable (ex.: increase logging, update protective rules, etc.). Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
Threat & Incident Management  Role regarding incident management must be identified (ex.: security manager, IT Security Leader, IT Security Analyst, other team responsibilities/interaction, etc.).  A plan, a process and a practice must be in place regarding threat and incident management.  Manual threat and incident activities must be in place to identify irregularity (ex.: log review, system audit, etc.).  Automation must exist to automatically detect known threat at the organizational boundaries or at sub-layer network if passed main defensive systems.  A threat and intelligence mechanism is strongly suggested (ex.: correlation between internal network/systems events with an external threat feeds).  An incident management systems must be available and used to track and manage incidents.  Investigation standard must exist in the organization specifying the way to investigate incidents, systems to be used and the procedure to follow. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
Vulnerability Management  A process and a practice must be in place regarding vulnerability management.  Role of the security, system administration, assets owners, change management, compliance, etc. must be defined in a process and RACI chart.  There must be a mechanism to be informed of know vulnerabilities for systems in scope (ex.: external advisory feeds).  There must be a procedure for emergency or critical update in order to quickly implement fix and remain secured.  Every significant change must be logged, verified, confirmed and conducted according to a change management practice in place. Enterprise Security - Critical Security Functions version 1.0 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM June 10th 2015
Protecting Information Resources  According to the classification scheme defined in the risk management activities, we must classify data according to confidentiality, integrity and availability.  To be able to protect the information, we must create a protection map (ex.: a map of all information and systems of the organization).  There must be roles specifying management, prevention, detection, response and correction of security issue or disruption to maintain integrity/availability/confidentiality (daily).  Standards must be in place for encryption (ex.: hashing for integrity, symmetric encryption for confidentiality, asymmetric keys for authenticity, etc.).  Encryption mechanisms must implemented and used according to the information classification, risk and impact defined in risk management activities where security controls are defined. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
BCP Management  Backup systems and data must be available in a timely fashion in order to maintain operation, especially in case of incident.  Backup must be verified regularly to ensure the viability of the information and systems.  It is strongly suggested to use virtual environment with ready image backup. In case of incident, an image can be restore, updated to current stable and bring live to production to continue the operation normally. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
Identity and Access Control Management  Policies must exist regarding internal access and external access to ensure they are managed according to different criteria and needs (ex.: vendor access, employee access, etc.) and different rules must be implemented accordingly.  It is strongly suggested to follow the least privileges principles at all time and remove right at the moment someone doesn't have the need to know or to use in order to accomplish his work.  It is also strongly suggested to follow the principle:”all user are considered untrust until they prove the needs to know or use according to criteria (ex.: group, ID, system integrity check)”. Even an employe account can be considered untrust at first and according to criteria, gain more access. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
Identity and Access Control Management  A security architecture must defined the various zones of the organization (ex.: Intranet, Extranet, shared services, etc.), control objectives defined for each zone with controls to respect the control objectives. Risk and impact are important elements to consider when defining control objectives (ex.: everyone can access the zone, employee can access the zone, remote user cannot access the zone, etc.).  Two factor authentication is strongly suggested for access to sensitive or critical systems.  A process must be in place for commissioning and decommissioning account. If possible, automation can be used. A practice must be in place and defining the management of identifies in the organization (ex.: account review, password strength/change).  Privilege account disclosure can lead to greater impact and must be managed, monitor and verified closely. In the case of external access, such for vendors, it can be appropriate that a security analyst monitor the session (remote session opening, monitor changes, ensure remote session is closed). Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
Change Management  We must distinguished “significant change” vs “non-significant change” (ex.: kernel update is significant, virus definition update is not a significant change.  A policy, a process and the according procedures must be defined, understood and followed for any significant change.  There must be rules defined for emergency/critical changes in order to bring the necessary flexibility to react quickly and properly. These rules must not be pass-trough rules, every exception must be justified. Usually, standard change management steps are just delayed, but followed as usual.  There must be roll-back process, procedure with the information and systems ready to go back to a stable state in case of unsuccessful change. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
Physical Security  With the current tendencies, information is becoming more and more accessible electronically and often online. Many objects are now integrating electronic remote access (ex.: car) and physical security must be rethink to include electronic emissions, radio frequency, mobile and WIFI transmissions and access to interfaces/protocols.  Biometrics mechanisms are becoming standards in many organizations. False positive is when an individual gain access while he is not supposed to and those incident are very critical; tests and evidences must exist to confirm effectiveness of the device.  Physical security can prevent, detect , deter, etc. (ex.: outside light, fence).  Data center must be chose carefully (ex.: not close to river, with multiple road access, etc.) and disaster center must be in an appropriate distance and location to prevent any impact from a geographical disaster.  Any privileges access must be supported by two factor authentication (ex.: magnetic cards/pin pad locks and finger print). June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM

Empfohlen

SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
Ivanti
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
WGroup
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
newbie2019
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016
Leon Blum
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
Divya Tiwari
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
james morris
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
Conferencias FIST
 

Empfohlen

SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
Ivanti
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
WGroup
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
newbie2019
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016
Leon Blum
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
Divya Tiwari
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
james morris
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
Conferencias FIST
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practice
parves kamal
 
Information Security Risk Management Overview
Information Security Risk Management OverviewInformation Security Risk Management Overview
Information Security Risk Management Overview
Wesley Moore
 
DojoSec FISMA Presentation
DojoSec FISMA PresentationDojoSec FISMA Presentation
DojoSec FISMA Presentation
danphilpott
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
Vskills
 
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSRISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
Christina33713
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)
Rois Solihin
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
newbie2019
 
Scada implement secure - architecture
Scada implement secure - architectureScada implement secure - architecture
Scada implement secure - architecture
Felipe Prado
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
phanleson
 
Risk Management
Risk ManagementRisk Management
Risk Management
ijtsrd
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
phanleson
 
Is awareness government
Is awareness governmentIs awareness government
Is awareness government
Hamisi Kibonde
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
Hiran Kanishka
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
What is Enterprise Security Architecture (ESA)?
What is Enterprise Security Architecture (ESA)?What is Enterprise Security Architecture (ESA)?
What is Enterprise Security Architecture (ESA)?
John Gardner, CMC
 
Risk management ISO 27001 Standard
Risk management ISO 27001 StandardRisk management ISO 27001 Standard
Risk management ISO 27001 Standard
Tharindunuwan9
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Tripwire
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
Skoda Minotti
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
Vladimir Jirasek
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
phanleson
 
Risk Management
Risk ManagementRisk Management
Risk Management
ijtsrd
 
Is awareness government
Is awareness governmentIs awareness government
Is awareness government
Hamisi Kibonde
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Tripwire
 

Was ist angesagt? (20)

Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practice
 
Information Security Risk Management Overview
Information Security Risk Management OverviewInformation Security Risk Management Overview
Information Security Risk Management Overview
 
DojoSec FISMA Presentation
DojoSec FISMA PresentationDojoSec FISMA Presentation
DojoSec FISMA Presentation
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSRISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
Scada implement secure - architecture
Scada implement secure - architectureScada implement secure - architecture
Scada implement secure - architecture
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Is awareness government
Is awareness governmentIs awareness government
Is awareness government
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
What is Enterprise Security Architecture (ESA)?
What is Enterprise Security Architecture (ESA)?What is Enterprise Security Architecture (ESA)?
What is Enterprise Security Architecture (ESA)?
 
Risk management ISO 27001 Standard
Risk management ISO 27001 StandardRisk management ISO 27001 Standard
Risk management ISO 27001 Standard
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
 

Andere mochten auch

Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
Argyle Executive Forum
 

Andere mochten auch (9)

IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Framework for a business process management competency centre
Framework for a business process management competency centreFramework for a business process management competency centre
Framework for a business process management competency centre
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 
Expert talk strategic building blocks for the digital transformation strategy
Expert talk strategic building blocks for the digital transformation strategyExpert talk strategic building blocks for the digital transformation strategy
Expert talk strategic building blocks for the digital transformation strategy
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 

Ähnlich wie Enterprise Security Critical Security Functions version 1.0

Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Sundas Kayani
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
Ram Srivastava
 
Symantec Managed AV Service - KAZ
Symantec Managed AV Service - KAZSymantec Managed AV Service - KAZ
Symantec Managed AV Service - KAZ
Grant Chapman
 
Implementation of security standards and procedures
Implementation of security standards and proceduresImplementation of security standards and procedures
Implementation of security standards and procedures
StevenSegaert
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Risk
amiable_indian
 

Ähnlich wie Enterprise Security Critical Security Functions version 1.0 (20)

The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
 
PSIM: Why Should I Be Interested?
PSIM: Why Should I Be Interested?PSIM: Why Should I Be Interested?
PSIM: Why Should I Be Interested?
 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptx
 
InTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdfInTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdf
 
Managing Compliance
Managing ComplianceManaging Compliance
Managing Compliance
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
 
Se project-methodology-for-security-project-web
Se project-methodology-for-security-project-webSe project-methodology-for-security-project-web
Se project-methodology-for-security-project-web
 
Symantec Managed AV Service - KAZ
Symantec Managed AV Service - KAZSymantec Managed AV Service - KAZ
Symantec Managed AV Service - KAZ
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
 
Implementation of security standards and procedures
Implementation of security standards and proceduresImplementation of security standards and procedures
Implementation of security standards and procedures
 
Automated Incident Handling Using SIM
Automated Incident Handling Using SIMAutomated Incident Handling Using SIM
Automated Incident Handling Using SIM
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
MATH215 Introduction To Analysis.docx
MATH215 Introduction To Analysis.docxMATH215 Introduction To Analysis.docx
MATH215 Introduction To Analysis.docx
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Risk
 

Mehr von Marc-Andre Heroux

Mehr von Marc-Andre Heroux (9)

Linux encrypted container
Linux encrypted containerLinux encrypted container
Linux encrypted container
 
IT Control Framework
IT Control FrameworkIT Control Framework
IT Control Framework
 
Online Authentication
Online AuthenticationOnline Authentication
Online Authentication
 
Monitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMonitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System Control
 
Frame - MAC Address Threats & Vulnerabilities
Frame - MAC Address Threats & VulnerabilitiesFrame - MAC Address Threats & Vulnerabilities
Frame - MAC Address Threats & Vulnerabilities
 
Modèle de sécurité organisationnelle
Modèle de sécurité organisationnelleModèle de sécurité organisationnelle
Modèle de sécurité organisationnelle
 
Méthodologie - adoption d'une norme en 7 étapes
Méthodologie - adoption d'une norme en 7 étapesMéthodologie - adoption d'une norme en 7 étapes
Méthodologie - adoption d'une norme en 7 étapes
 
BUSINESS MATURITY LIFE CYCLE
BUSINESS MATURITY LIFE CYCLEBUSINESS MATURITY LIFE CYCLE
BUSINESS MATURITY LIFE CYCLE
 
Assurance compliance management system
Assurance compliance management systemAssurance compliance management system
Assurance compliance management system
 

Kürzlich hochgeladen

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Kürzlich hochgeladen (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Enterprise Security Critical Security Functions version 1.0

  • 1. Enterprise Security - Critical Security Functions  There are several elements to consider to properly protect an organization. In order to align security adequately, it is possible to refer to an information security standard such as ISO 27002.  For many organizations, a smaller framework scope can be necessary in order to quickly implement security controls and bring the organization to an acceptable security posture.  In this article, we describe the main areas where it is possible to focus to quickly increase the security posture of an enterprise.  This guide does not encompass all controls and controls objectives and its main focus is to provide guidance on critical aspects often forgotten or not properly addressed. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
  • 2. Among the biggest security challenges  One of the biggest challenge for organization is to established roles for security.  Undefined roles lead to inappropriate security management and practice. In this circumstance, everyone give best effort to maintain the overall security in an unstructured way.  It can give positive result for a certain time, but on a long period, the security posture of the organization will almost always decrease.  The planning, organization, implementation and verification of security is challenging for every organization. How to improve? Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
  • 3. Security Governance  Establish authoritative role for Information Security with accountability and responsibility in a security program.  There must be a management role for Information Security Management such as CISO, CSO, etc. This person must determine roles and responsibilities of the Information Security members (incident management, vulnerability management, system change/update, etc.). Formalize Operational Security Role & Responsibility and Processes.  Roles and responsibilities must be officially defined and integrated to work functions of each members of the security team. Interaction with other team such as the system administration group and other department must be defined and understood by the security members.  Security members must be adequately trained and a security awareness and training standard practice must be in place. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
  • 4. IT Risk Management  An IT Risk Management standard practice must be in place in order to implement appropriate controls and justify decisions according to the risk and impact on the enterprise of various situations or scenarios (ex.: cyber-attack, natural disaster, human error such as misconfiguration, etc.).  Standard methodology and templates must exist for information classification and risk/impact analysis.  Controls to reduce the capability of threat/attack and controls to reduce vulnerabilities must be identified, implemented, audit and verified regularly.  When a necessary control cannot be implemented according to the identified risk/impact, a justification must exist with compensatory measures. Justification must be reviewed periodically and are valid only for a certain period of time. All effort must be made to eliminate the justification and implement the control to reduce the risk/impact. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
  • 5. Information System Management  Protection equipment, according to the identified risk and impact must be selected, implemented, audit and verified regularly (ex.: servers, firewall, IPS, etc.).  Appropriate systems and equipment must be available to security members to conduct their task, such as a ticketing system for incident management.  Protection systems must be kept up-to-date and modifications must follow a change management process in place.  Following an incident, according to the result of the investigation, protective systems must be updated when applicable (ex.: increase logging, update protective rules, etc.). Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
  • 6. Threat & Incident Management  Role regarding incident management must be identified (ex.: security manager, IT Security Leader, IT Security Analyst, other team responsibilities/interaction, etc.).  A plan, a process and a practice must be in place regarding threat and incident management.  Manual threat and incident activities must be in place to identify irregularity (ex.: log review, system audit, etc.).  Automation must exist to automatically detect known threat at the organizational boundaries or at sub-layer network if passed main defensive systems.  A threat and intelligence mechanism is strongly suggested (ex.: correlation between internal network/systems events with an external threat feeds).  An incident management systems must be available and used to track and manage incidents.  Investigation standard must exist in the organization specifying the way to investigate incidents, systems to be used and the procedure to follow. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
  • 7. Vulnerability Management  A process and a practice must be in place regarding vulnerability management.  Role of the security, system administration, assets owners, change management, compliance, etc. must be defined in a process and RACI chart.  There must be a mechanism to be informed of know vulnerabilities for systems in scope (ex.: external advisory feeds).  There must be a procedure for emergency or critical update in order to quickly implement fix and remain secured.  Every significant change must be logged, verified, confirmed and conducted according to a change management practice in place. Enterprise Security - Critical Security Functions version 1.0 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM June 10th 2015
  • 8. Protecting Information Resources  According to the classification scheme defined in the risk management activities, we must classify data according to confidentiality, integrity and availability.  To be able to protect the information, we must create a protection map (ex.: a map of all information and systems of the organization).  There must be roles specifying management, prevention, detection, response and correction of security issue or disruption to maintain integrity/availability/confidentiality (daily).  Standards must be in place for encryption (ex.: hashing for integrity, symmetric encryption for confidentiality, asymmetric keys for authenticity, etc.).  Encryption mechanisms must implemented and used according to the information classification, risk and impact defined in risk management activities where security controls are defined. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
  • 9. BCP Management  Backup systems and data must be available in a timely fashion in order to maintain operation, especially in case of incident.  Backup must be verified regularly to ensure the viability of the information and systems.  It is strongly suggested to use virtual environment with ready image backup. In case of incident, an image can be restore, updated to current stable and bring live to production to continue the operation normally. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
  • 10. Identity and Access Control Management  Policies must exist regarding internal access and external access to ensure they are managed according to different criteria and needs (ex.: vendor access, employee access, etc.) and different rules must be implemented accordingly.  It is strongly suggested to follow the least privileges principles at all time and remove right at the moment someone doesn't have the need to know or to use in order to accomplish his work.  It is also strongly suggested to follow the principle:”all user are considered untrust until they prove the needs to know or use according to criteria (ex.: group, ID, system integrity check)”. Even an employe account can be considered untrust at first and according to criteria, gain more access. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
  • 11. Identity and Access Control Management  A security architecture must defined the various zones of the organization (ex.: Intranet, Extranet, shared services, etc.), control objectives defined for each zone with controls to respect the control objectives. Risk and impact are important elements to consider when defining control objectives (ex.: everyone can access the zone, employee can access the zone, remote user cannot access the zone, etc.).  Two factor authentication is strongly suggested for access to sensitive or critical systems.  A process must be in place for commissioning and decommissioning account. If possible, automation can be used. A practice must be in place and defining the management of identifies in the organization (ex.: account review, password strength/change).  Privilege account disclosure can lead to greater impact and must be managed, monitor and verified closely. In the case of external access, such for vendors, it can be appropriate that a security analyst monitor the session (remote session opening, monitor changes, ensure remote session is closed). Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
  • 12. Change Management  We must distinguished “significant change” vs “non-significant change” (ex.: kernel update is significant, virus definition update is not a significant change.  A policy, a process and the according procedures must be defined, understood and followed for any significant change.  There must be rules defined for emergency/critical changes in order to bring the necessary flexibility to react quickly and properly. These rules must not be pass-trough rules, every exception must be justified. Usually, standard change management steps are just delayed, but followed as usual.  There must be roll-back process, procedure with the information and systems ready to go back to a stable state in case of unsuccessful change. Enterprise Security - Critical Security Functions version 1.0 June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM
  • 13. Physical Security  With the current tendencies, information is becoming more and more accessible electronically and often online. Many objects are now integrating electronic remote access (ex.: car) and physical security must be rethink to include electronic emissions, radio frequency, mobile and WIFI transmissions and access to interfaces/protocols.  Biometrics mechanisms are becoming standards in many organizations. False positive is when an individual gain access while he is not supposed to and those incident are very critical; tests and evidences must exist to confirm effectiveness of the device.  Physical security can prevent, detect , deter, etc. (ex.: outside light, fence).  Data center must be chose carefully (ex.: not close to river, with multiple road access, etc.) and disaster center must be in an appropriate distance and location to prevent any impact from a geographical disaster.  Any privileges access must be supported by two factor authentication (ex.: magnetic cards/pin pad locks and finger print). June 10th 2015 Marc-Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA-IAM, NSA-IEM