SlideShare ist ein Scribd-Unternehmen logo

Security Baselines, Risk Assessments, and Information Security

Als PPTX, PDF herunterladen
P
Priyank Hada

This document provides an overview of conducting a security assessment. It discusses the importance of baselines and risk assessments to establish a starting point for measuring security. It outlines key areas to assess including security organization, policies, risk management programs, and technical controls. The document provides a detailed workplan and guidelines for assessing management controls, operations, applications, databases, networks, remote access, and emergency response. The goal is to identify strengths, weaknesses, and risks to help prioritize security improvements.

Technologie
1 von 55
Security Baselines and Risk Assessments
Baseline • When a new system is implemented, a preliminary assessment called a security baseline needs to be performed. • A baseline provides a starting point to measure changes in configurations and improvements to the system.
Risk assessments • Risk assessments educate the administrators about their systems. • Assessments are a mechanism to identify the strengths and implemented controls of a system, not just the weaknesses and risks.
INFORMATION SECURITY ASSESSMENT: A PHASED APPROACH • Areas of increased risk within an organization: – Operating environment – Security organization – Security planning, administration, and management – Information security policies, standards, and procedures – Information security risk assessment – Information classification and control
Requirements • Organization chart • Security policies, standards, and procedures documentation • Network diagrams • List of applications • List of network management tools • List of security assessment tools • Asset inventory • List of databases • Reports from previous assessments and audits
Information Security Assessment Workplan • Section I: – Provides an overview concentrating on the management of specific programs developed as a part of the ISA and the allocation of security responsibilities. • Section II: – Security monitoring – Computer virus controls – Microcomputer security – Compliance with legal and regulatory requirements
• Section III, Computer Operations, includes: – Physical and environmental security – Computer systems management – Backup and recovery – Problem management • Section IV reviews those areas related to applications: access controls, application development and implementation, and change management.
HIGH-LEVEL SECURITY ASSESSMENT (SECTION I) • Assessing the Organization of the Security Function – An assessment of the security organization should document the number of individuals performing security functions, including full-time security positions as well as individuals that dedicate only a portion of their time to security. – To whom these positions report.
• Assessing the Security Plan – The Information Security Plan should be documented and describe support for the goals and objectives of the Strategic Information Technology Plan. – Determine who is responsible for its development, review, approval, and implementation. – Responsibility for, as well as target completion dates, should be defined for each project, initiative, or strategy defined in the Plan.
• Assessing Security Policies, Standards, and Procedures – Determine how policies, standards, and procedures are developed, reviewed, approved, and modified and who is responsible for each step of this process. • Assessing Risk-Related Programs – Programs for risk assessment include classification methodologies, business impact analysis (BIA), incident and emergency reporting and response, disaster recovery planning (DRP), business continuity planning (BCP), and incident monitoring, investigation, and remediation.
– Determine who is responsible for each of these programs • Assessment Document Checklist – Organization chart – IT strategic plan – Information security plan – Security charter or mission statement – Security policies, standards, and procedures – Policy acknowledgment forms – Confidentiality agreements/statements
• Network diagrams • Maintenance and service contracts with third-party service providers • Application inventory • Hardware asset inventory • Network management tools inventory • Security assessment tools inventory • Database inventory • Classification methodology • Audit programs • Compliance checklists • Security assessment reports • Resource ownership matrix
SECURITY OPERATIONS (SECTION II) • Security Monitoring – Security monitoring includes those processes in place to identify and investigate suspected access violations and attempted system intrusions. – For Ex. • Daily review of remote access log-ins to identify failed access attempts • Review of system access logs for access to systems during non-work hours • Review of traffic on external gateways • Review of access to application system utilities and privileged user activities • Review of access to sensitive files or data
– Procedures are necessary for reporting and responding to suspected violations. • Computer Virus Controls – Effective computer virus controls are an absolute necessity.
For anti-virus security assessments, it is necessary to ensure that procedures exist to: • Download current definitions from the appropriate sources on a timely basis • Test virus software before distribution • Distribute and upload current definitions to all platforms (servers, mail servers, firewalls, and workstations) • Validate that distribution of software and definition files is effective • Ensure compliance with all anti-virus software procedures • Assess the communications mechanism between administrators and users on potential viruses and the reporting of suspected viruses
• Microcomputer Security: – Monitoring licenses registered versus licenses used – Inventorying PC software – Defining and distributing approved software lists – Developing software usage policies
COMPLIANCE WITH LEGAL AND REGULATORY REQUIREMENTS • A security review of these areas should be conducted to ensure: – Guidelines on the retention, storage, and handling of regulated information – Appropriate protection of classified data – Compliance with regulatory requirements – Compliance with legislation protecting information
COMPUTER OPERATIONS (SECTION III) • Computer operations personnel are responsible for the physical security of the central processing facility, ensuring the proper execution of programs, maintaining system and critical data backups, responding to and resolving execution errors, and providing assistance in the recovery of systems, programs, and information.
Physical and Environmental Security • Cypher or key pad locks • Fencing • Guards • Monitoring devices • Maintaining authorized personnel access lists • Limiting access to only essential operations personnel • Maintaining sign-in logs • Badges
Environmental controls include • Backup power (uninterruptible power systems [UPS]) • Air conditioning • Fire suppression devices (fire extinguishers, halon, other) • Fire detection devices (sensors) • Heat detection devices • Business continuity plans (BCPs) • Alternative processing facilities • Disaster recovery plans (DRPs) • System and data backups
Backup and Recovery • Removing backups from the facility creates a requirement for ensuring that those critical backups are not subject to unauthorized access by vendors or outside personnel. Review who, when, and how third-party vendors obtain, transport, and store those critical business system backup tapes.
• Internal tape management as well as by third- party vendors is also very important. • As a part of physical security, backup processing locations are important. • Recovery plans should be tested annually.
Computer Systems Management • Computer systems management includes the daily execution and maintenance of systems, applications, and information. • Maintain a log that details the execution, completion, and issues identified during the shift. • This log should be reviewed by management and jointly reviewed by both the outgoing shift personnel and incoming shift personnel so that continuity and efficiency are maintained.
• Computer operations personnel should be restricted from read, write, and delete access of computer programs. • Change logs: documentation of changes, validation of changes, and follow-up testing.
Problem Management • A problem management process needs to be in place to report, track, and resolve problems incurred in computer operations, as well as in dealing with security-related issues. • Reduction of failures to an acceptable level • Prevention of the reoccurrence of problems • Reduction of the impact on service
Problem resolution should include: • Providing a centralized point of contact for problems • Logging problem calls • Resolution of problems quickly and efficiently • Transferring unresolved problems to more technically qualified personnel • Tracking and managing difficult problems • Identifying recurring problems, analyzing root causes, and providing permanent resolution • Improving communication and training to end users • Reporting the status of issues to management, users, and departments impacted • Evaluating vendor performance and service-level contracts based on the level of support provided in resolving issues
APPLICATION CONTROLS ASSESSMENTS • Security control assessments related to applications primarily focus on the appropriate access of – users, – administrators, and – programmers to application data and functionality, system files, program modules, and hardware resources.
Access Controls • Data owners approve access based on job requirements and functionality. • Role-based access is the most logical method for setting up access to an application. • Role-based access is determined by an employee’s job function — not by who the employee is as a person. • Access control lists (ACLs) • Application access is typically controlled by menus that restrict user access to certain functionalities of the application.
Separation (or Segregation) of Duties • Separation of duties ensures that no single employee has control of a transaction from beginning to end. • Separation of duties guards against manipulating a transaction for personal gain.
Audit Trails • Audit logs are a record of system activities that provide the capability to reconstruct the sequence of events related to a transaction. • Audit logs can be used to determine errors in system processing as well as misuse of the system. • Violation reports that log security-related events, such as unsuccessful access attempts, should be monitored daily.
• It is necessary to test that users cannot break out of the menu and obtain the system prompt. • Application system utilities are sensitive because they bypass application access controls and allow direct access to production code and data. • These utilities should be protected by passwords and should not be accessible from the application.
Authentication • Authentication as it relates to application access is defined as the reconciliation of evidence of user identity. • The use of a password for authenticating a user is the most common method and is known as simple authentication.
There are three ways a user can identify himself to an application or system: • Presenting something that only the user knows. • Presenting something that only the user has. • Presenting something that the user is.
• Passwords are something that a user knows. • It is the least secure method of authentication because a password can be stolen and used by someone else. Presenting something that only the user knows.
Something the user has • Secure token. • An example of secure tokens are credit card- size hardware that produce a one-time password only valid and usable for a small window of time, such as one minute.
Something that the user is • Passwords and tokens can be stolen. • Fingerprints and retinas are unique to every person and they represent who the person is.
Using combinations of methods increases the strength of the authentication. • something you know + something you have = two-factor authentication • something you know + something you are = two-factor authentication • something you have + something you are = two-factor authentication • something you know + something you know = two-factor authentication • something you have + something you have = two-factor authentication • something you are + something you are = two-factor authentication
Password parameters include: • Application lockout after so many failed attempts to log on (e.g., three failed attempts) • Minimum password length (e.g., eight characters) • Specified password structure • Password change frequency (e.g., every 30 days)
• Passwords must be unique • Passwords must be encrypted • Maintain encrypted password files • Maintain password history (e.g., last ten passwords cannot be reused) • Establish password cycle time • Non-displayed fields • Validation of password before passwords can be changed • Limitations on sharing passwords
Application Development and Implementation • A formal program for application development and implementation is necessary to ensure that appropriate controls are built into the application to provide authentication, authorization, and integrity.
The application development and implementation program should ensure: • Appropriate access to source libraries • The ability to audit access to source libraries • Integrity checks for the input of data to detect out-of-range values, invalid characters in data fields, incomplete data, upper and lower data volume limits, two character data ranges, and inconsistent control data • Session or batch controls to reconcile file balances after transaction updates
• Balance controls to validate opening balances with previously closed balances, including run-to- run totals, file update totals, program-to-program totals, and hash totals on records and files • Management authorization for the initiation of application acquisition, development, and maintenance • Change requests documents that record the reason for the amendment, date of amendment, and appropriate approvals • Separate test and production environments • Documented acceptance criteria for test plans
• New programs and program changes are formally approved during appropriate phases of the development process and prior to implementation • Formal sign-off and acceptance procedures • Cut-over procedures to move applications from the test to the production environment • Programmers are prevented from updating production programs • Programmers are restricted from adding programs to the production libraries
• Segregation of duties in programming and execution of programs • System documentation and user documentation is updated to reflect all program and operations changes • Emergency maintenance and temporary fixes to application and system software are covered by the same procedures applied to normal maintenance • Backup versions of software are maintained prior to making any changes to the code
Change Management • Change management refers to changes in program code, operating system configurations, or network architectures. • An effective change management program uses an application or tool to register changes. • This tool should record the change requestor’s name, details of the request, business justification, approvers, estimated time to perform or implement the change, individuals responsible for modifications, individuals affected by the change, testing requirements, requestor’s approval on tests, management approval, and a scheduled date of change.
Check to make sure that: • The library control systems ensure that all changes to production programs are implemented by library control administrators — and not the programmers who coded the program • Only the applications programmers involved in the changes have access to application programs under development
• Only systems programmers have access to system programs under development • Only library administrators have write access to system and application libraries • Access to live data is only through programs that are in the application libraries
Database Security • Access is controlled through discretionary access controls (DACs) or mandatory access controls (MACs). • With DACs, access must be granted before a user can gain access to a view. • MACs secure information by assigning classification levels or labels to data.
Network Assessments • Obtain an understanding of the network architecture: – Review network diagrams and documentation – Interview data network administrators – Interview voice network administrators – Interview network device administrators – Review standards relating to networked systems – Review planned migration to new technologies – Review network software inventory – Review network hardware inventory – Identify business functions utilizing the network
• Obtain an understanding of network management: – Identify network management tools and other utility software used in managing the network – Identify how the network management tools are utilized – Identify the devices managed through network – Identify plans or changes to network managers • Obtain an understanding of network security administration: – Identify policies, procedures, standards, and guidelines for network security administration – Identify responsibilities for network security administration – Identify monitoring capabilities and reports used in network security administration
• Obtain an understanding of new technology assessments and deployment: – Identify responsibilities for change control – Identify audit/security participation in new technology plans – Identify documentation of risks in new technologies – Identify general control strategy used in introduction of new technologies – Identify testing/acceptance methods used for new technologies – Identify review process for approval of new technology plans
• Obtain an understanding of outage/threat response capabilities: – Identify tools and approaches to reducing risks – Identify responsibility for emergency response – Identify tools/strategies for responding to emergency conditions – Identify threat incidents and priorities
Emergency Response • It is necessary to ensure that bugs, security holes, and vulnerabilities are disseminated to the appropriate individuals and that those individuals are addressing the problem. • Include follow-up efforts to ensure that alerts, advisories, and fixes are applied in a timely manner.
Remote Access • For each of the dial-in connections, the following activities will be performed: • Evaluate external connections and dial access: – Identify external network service providers – Identify external network users (customers, business partners, employees, service providers) – Identify access methods – Identify frequency of access – Identify nature of access – Identify services used for access – Identify time-of-day access required – Identify services used when access granted
• Evaluate network security features: – Identify points of control for each access path – Identify points of control for each service accessed – Identify points of external control – Identify nature of control points (intended for authentication, monitoring, etc.) – Identify level of functionality for each control point – Identify responsibility for each control point • Develop access path schematic: – Document access paths and control points – Report observations and recommendations

Empfohlen

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 

Empfohlen

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Soc
SocSoc
SocMukesh Chaudhari
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial InstitutionsKhawar Nehal khawar.nehal@atrc.net.pk
 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat ModelingEC-Council
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4Obrina Candra, CISA, ISMS-LA
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptxDESTROYER39
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
Introduzione al web marketing
Introduzione al web marketingIntroduzione al web marketing
Introduzione al web marketingAlessandro Germano
 
Omnik solar-inverter-product-portfolio
Omnik solar-inverter-product-portfolioOmnik solar-inverter-product-portfolio
Omnik solar-inverter-product-portfolioOmnik Solar
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat ModelingEC-Council
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptxDESTROYER39
 

Was ist angesagt? (20)

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
Soc
SocSoc
Soc
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat Modeling
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Information security awareness
Information security awarenessInformation security awareness
Information security awareness
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
 
Incident response
Incident responseIncident response
Incident response
 

Andere mochten auch

Omnik solar-inverter-product-portfolio
Omnik solar-inverter-product-portfolioOmnik solar-inverter-product-portfolio
Omnik solar-inverter-product-portfolioOmnik Solar
 
GIS Day @ APIS IT 2012
GIS Day @ APIS IT 2012GIS Day @ APIS IT 2012
GIS Day @ APIS IT 2012Ana Car
 
0108ゲーミフィケーションインタレストレポート
0108ゲーミフィケーションインタレストレポート0108ゲーミフィケーションインタレストレポート
0108ゲーミフィケーションインタレストレポートYuri Nakayama
 
Me Myself and I
Me Myself and IMe Myself and I
Me Myself and IAna Car
 
World on your Finger Tips - IT
World on your Finger Tips - ITWorld on your Finger Tips - IT
World on your Finger Tips - ITHarin Sagar
 
ZGeoportal upute za korištenje
ZGeoportal upute za korištenjeZGeoportal upute za korištenje
ZGeoportal upute za korištenjeAna Car
 
What Others Are Saying Pelino
What Others Are Saying PelinoWhat Others Are Saying Pelino
What Others Are Saying Pelinodrloreleypelino
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
Pv-inverter-efficiency-photon-test
Pv-inverter-efficiency-photon-testPv-inverter-efficiency-photon-test
Pv-inverter-efficiency-photon-testOmnik Solar
 

Andere mochten auch (14)

Introduzione al web marketing
Introduzione al web marketingIntroduzione al web marketing
Introduzione al web marketing
 
Omnik solar-inverter-product-portfolio
Omnik solar-inverter-product-portfolioOmnik solar-inverter-product-portfolio
Omnik solar-inverter-product-portfolio
 
Teori antrian
Teori antrianTeori antrian
Teori antrian
 
GIS Day @ APIS IT 2012
GIS Day @ APIS IT 2012GIS Day @ APIS IT 2012
GIS Day @ APIS IT 2012
 
0108ゲーミフィケーションインタレストレポート
0108ゲーミフィケーションインタレストレポート0108ゲーミフィケーションインタレストレポート
0108ゲーミフィケーションインタレストレポート
 
Me Myself and I
Me Myself and IMe Myself and I
Me Myself and I
 
Compliance
ComplianceCompliance
Compliance
 
World on your Finger Tips - IT
World on your Finger Tips - ITWorld on your Finger Tips - IT
World on your Finger Tips - IT
 
Fail
FailFail
Fail
 
ZGeoportal upute za korištenje
ZGeoportal upute za korištenjeZGeoportal upute za korištenje
ZGeoportal upute za korištenje
 
What Others Are Saying Pelino
What Others Are Saying PelinoWhat Others Are Saying Pelino
What Others Are Saying Pelino
 
Biology
BiologyBiology
Biology
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Pv-inverter-efficiency-photon-test
Pv-inverter-efficiency-photon-testPv-inverter-efficiency-photon-test
Pv-inverter-efficiency-photon-test
 

Ähnlich wie Security Baselines, Risk Assessments, and Information Security

CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2 Jayant Dalvi
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptxdotco
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptxHardikKundra
 
IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13
IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13
IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13Jd Mercado
 
Software Engineering Introduction
Software Engineering IntroductionSoftware Engineering Introduction
Software Engineering IntroductionrajeswaricseAvinuty
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Unit-1 part 2.pptx
Unit-1 part 2.pptxUnit-1 part 2.pptx
Unit-1 part 2.pptxHKShab
 
Network Operations Center (NOC)
Network Operations Center (NOC)Network Operations Center (NOC)
Network Operations Center (NOC)Boni Yeamin
 
crisc_wk_4.pptx
crisc_wk_4.pptxcrisc_wk_4.pptx
crisc_wk_4.pptxdotco
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Chapter 12 Managing Systems Support and Security .pptx
Chapter 12 Managing Systems Support and Security .pptxChapter 12 Managing Systems Support and Security .pptx
Chapter 12 Managing Systems Support and Security .pptxAxmedMaxamuudYoonis
 
chapter12-120827115424-phpapp01.pdf
chapter12-120827115424-phpapp01.pdfchapter12-120827115424-phpapp01.pdf
chapter12-120827115424-phpapp01.pdfAxmedMaxamuud6
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxToxicHawk
 
Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering EthicsKapil Rajpurohit
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 

Ähnlich wie Security Baselines, Risk Assessments, and Information Security (20)

CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptx
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
 
IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13
IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13
IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13
 
Software Engineering Introduction
Software Engineering IntroductionSoftware Engineering Introduction
Software Engineering Introduction
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
 
Unit-1 part 2.pptx
Unit-1 part 2.pptxUnit-1 part 2.pptx
Unit-1 part 2.pptx
 
Network Operations Center (NOC)
Network Operations Center (NOC)Network Operations Center (NOC)
Network Operations Center (NOC)
 
crisc_wk_4.pptx
crisc_wk_4.pptxcrisc_wk_4.pptx
crisc_wk_4.pptx
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Chapter 12 Managing Systems Support and Security .pptx
Chapter 12 Managing Systems Support and Security .pptxChapter 12 Managing Systems Support and Security .pptx
Chapter 12 Managing Systems Support and Security .pptx
 
chapter12-120827115424-phpapp01.pdf
chapter12-120827115424-phpapp01.pdfchapter12-120827115424-phpapp01.pdf
chapter12-120827115424-phpapp01.pdf
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptx
 
Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering Ethics
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
 

Kürzlich hochgeladen

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Kürzlich hochgeladen (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Security Baselines, Risk Assessments, and Information Security

  • 1. Security Baselines and Risk Assessments
  • 2. Baseline • When a new system is implemented, a preliminary assessment called a security baseline needs to be performed. • A baseline provides a starting point to measure changes in configurations and improvements to the system.
  • 3. Risk assessments • Risk assessments educate the administrators about their systems. • Assessments are a mechanism to identify the strengths and implemented controls of a system, not just the weaknesses and risks.
  • 4. INFORMATION SECURITY ASSESSMENT: A PHASED APPROACH • Areas of increased risk within an organization: – Operating environment – Security organization – Security planning, administration, and management – Information security policies, standards, and procedures – Information security risk assessment – Information classification and control
  • 5. Requirements • Organization chart • Security policies, standards, and procedures documentation • Network diagrams • List of applications • List of network management tools • List of security assessment tools • Asset inventory • List of databases • Reports from previous assessments and audits
  • 6. Information Security Assessment Workplan • Section I: – Provides an overview concentrating on the management of specific programs developed as a part of the ISA and the allocation of security responsibilities. • Section II: – Security monitoring – Computer virus controls – Microcomputer security – Compliance with legal and regulatory requirements
  • 7. • Section III, Computer Operations, includes: – Physical and environmental security – Computer systems management – Backup and recovery – Problem management • Section IV reviews those areas related to applications: access controls, application development and implementation, and change management.
  • 8. HIGH-LEVEL SECURITY ASSESSMENT (SECTION I) • Assessing the Organization of the Security Function – An assessment of the security organization should document the number of individuals performing security functions, including full-time security positions as well as individuals that dedicate only a portion of their time to security. – To whom these positions report.
  • 9. • Assessing the Security Plan – The Information Security Plan should be documented and describe support for the goals and objectives of the Strategic Information Technology Plan. – Determine who is responsible for its development, review, approval, and implementation. – Responsibility for, as well as target completion dates, should be defined for each project, initiative, or strategy defined in the Plan.
  • 10. • Assessing Security Policies, Standards, and Procedures – Determine how policies, standards, and procedures are developed, reviewed, approved, and modified and who is responsible for each step of this process. • Assessing Risk-Related Programs – Programs for risk assessment include classification methodologies, business impact analysis (BIA), incident and emergency reporting and response, disaster recovery planning (DRP), business continuity planning (BCP), and incident monitoring, investigation, and remediation.
  • 11. – Determine who is responsible for each of these programs • Assessment Document Checklist – Organization chart – IT strategic plan – Information security plan – Security charter or mission statement – Security policies, standards, and procedures – Policy acknowledgment forms – Confidentiality agreements/statements
  • 12. • Network diagrams • Maintenance and service contracts with third-party service providers • Application inventory • Hardware asset inventory • Network management tools inventory • Security assessment tools inventory • Database inventory • Classification methodology • Audit programs • Compliance checklists • Security assessment reports • Resource ownership matrix
  • 13. SECURITY OPERATIONS (SECTION II) • Security Monitoring – Security monitoring includes those processes in place to identify and investigate suspected access violations and attempted system intrusions. – For Ex. • Daily review of remote access log-ins to identify failed access attempts • Review of system access logs for access to systems during non-work hours • Review of traffic on external gateways • Review of access to application system utilities and privileged user activities • Review of access to sensitive files or data
  • 14. – Procedures are necessary for reporting and responding to suspected violations. • Computer Virus Controls – Effective computer virus controls are an absolute necessity.
  • 15. For anti-virus security assessments, it is necessary to ensure that procedures exist to: • Download current definitions from the appropriate sources on a timely basis • Test virus software before distribution • Distribute and upload current definitions to all platforms (servers, mail servers, firewalls, and workstations) • Validate that distribution of software and definition files is effective • Ensure compliance with all anti-virus software procedures • Assess the communications mechanism between administrators and users on potential viruses and the reporting of suspected viruses
  • 16. • Microcomputer Security: – Monitoring licenses registered versus licenses used – Inventorying PC software – Defining and distributing approved software lists – Developing software usage policies
  • 17. COMPLIANCE WITH LEGAL AND REGULATORY REQUIREMENTS • A security review of these areas should be conducted to ensure: – Guidelines on the retention, storage, and handling of regulated information – Appropriate protection of classified data – Compliance with regulatory requirements – Compliance with legislation protecting information
  • 18. COMPUTER OPERATIONS (SECTION III) • Computer operations personnel are responsible for the physical security of the central processing facility, ensuring the proper execution of programs, maintaining system and critical data backups, responding to and resolving execution errors, and providing assistance in the recovery of systems, programs, and information.
  • 19. Physical and Environmental Security • Cypher or key pad locks • Fencing • Guards • Monitoring devices • Maintaining authorized personnel access lists • Limiting access to only essential operations personnel • Maintaining sign-in logs • Badges
  • 20. Environmental controls include • Backup power (uninterruptible power systems [UPS]) • Air conditioning • Fire suppression devices (fire extinguishers, halon, other) • Fire detection devices (sensors) • Heat detection devices • Business continuity plans (BCPs) • Alternative processing facilities • Disaster recovery plans (DRPs) • System and data backups
  • 21. Backup and Recovery • Removing backups from the facility creates a requirement for ensuring that those critical backups are not subject to unauthorized access by vendors or outside personnel. Review who, when, and how third-party vendors obtain, transport, and store those critical business system backup tapes.
  • 22. • Internal tape management as well as by third- party vendors is also very important. • As a part of physical security, backup processing locations are important. • Recovery plans should be tested annually.
  • 23. Computer Systems Management • Computer systems management includes the daily execution and maintenance of systems, applications, and information. • Maintain a log that details the execution, completion, and issues identified during the shift. • This log should be reviewed by management and jointly reviewed by both the outgoing shift personnel and incoming shift personnel so that continuity and efficiency are maintained.
  • 24. • Computer operations personnel should be restricted from read, write, and delete access of computer programs. • Change logs: documentation of changes, validation of changes, and follow-up testing.
  • 25. Problem Management • A problem management process needs to be in place to report, track, and resolve problems incurred in computer operations, as well as in dealing with security-related issues. • Reduction of failures to an acceptable level • Prevention of the reoccurrence of problems • Reduction of the impact on service
  • 26. Problem resolution should include: • Providing a centralized point of contact for problems • Logging problem calls • Resolution of problems quickly and efficiently • Transferring unresolved problems to more technically qualified personnel • Tracking and managing difficult problems • Identifying recurring problems, analyzing root causes, and providing permanent resolution • Improving communication and training to end users • Reporting the status of issues to management, users, and departments impacted • Evaluating vendor performance and service-level contracts based on the level of support provided in resolving issues
  • 27. APPLICATION CONTROLS ASSESSMENTS • Security control assessments related to applications primarily focus on the appropriate access of – users, – administrators, and – programmers to application data and functionality, system files, program modules, and hardware resources.
  • 28. Access Controls • Data owners approve access based on job requirements and functionality. • Role-based access is the most logical method for setting up access to an application. • Role-based access is determined by an employee’s job function — not by who the employee is as a person. • Access control lists (ACLs) • Application access is typically controlled by menus that restrict user access to certain functionalities of the application.
  • 29. Separation (or Segregation) of Duties • Separation of duties ensures that no single employee has control of a transaction from beginning to end. • Separation of duties guards against manipulating a transaction for personal gain.
  • 30. Audit Trails • Audit logs are a record of system activities that provide the capability to reconstruct the sequence of events related to a transaction. • Audit logs can be used to determine errors in system processing as well as misuse of the system. • Violation reports that log security-related events, such as unsuccessful access attempts, should be monitored daily.
  • 31. • It is necessary to test that users cannot break out of the menu and obtain the system prompt. • Application system utilities are sensitive because they bypass application access controls and allow direct access to production code and data. • These utilities should be protected by passwords and should not be accessible from the application.
  • 32. Authentication • Authentication as it relates to application access is defined as the reconciliation of evidence of user identity. • The use of a password for authenticating a user is the most common method and is known as simple authentication.
  • 33. There are three ways a user can identify himself to an application or system: • Presenting something that only the user knows. • Presenting something that only the user has. • Presenting something that the user is.
  • 34. • Passwords are something that a user knows. • It is the least secure method of authentication because a password can be stolen and used by someone else. Presenting something that only the user knows.
  • 35. Something the user has • Secure token. • An example of secure tokens are credit card- size hardware that produce a one-time password only valid and usable for a small window of time, such as one minute.
  • 36. Something that the user is • Passwords and tokens can be stolen. • Fingerprints and retinas are unique to every person and they represent who the person is.
  • 37. Using combinations of methods increases the strength of the authentication. • something you know + something you have = two-factor authentication • something you know + something you are = two-factor authentication • something you have + something you are = two-factor authentication • something you know + something you know = two-factor authentication • something you have + something you have = two-factor authentication • something you are + something you are = two-factor authentication
  • 38. Password parameters include: • Application lockout after so many failed attempts to log on (e.g., three failed attempts) • Minimum password length (e.g., eight characters) • Specified password structure • Password change frequency (e.g., every 30 days)
  • 39. • Passwords must be unique • Passwords must be encrypted • Maintain encrypted password files • Maintain password history (e.g., last ten passwords cannot be reused) • Establish password cycle time • Non-displayed fields • Validation of password before passwords can be changed • Limitations on sharing passwords
  • 40. Application Development and Implementation • A formal program for application development and implementation is necessary to ensure that appropriate controls are built into the application to provide authentication, authorization, and integrity.
  • 41. The application development and implementation program should ensure: • Appropriate access to source libraries • The ability to audit access to source libraries • Integrity checks for the input of data to detect out-of-range values, invalid characters in data fields, incomplete data, upper and lower data volume limits, two character data ranges, and inconsistent control data • Session or batch controls to reconcile file balances after transaction updates
  • 42. • Balance controls to validate opening balances with previously closed balances, including run-to- run totals, file update totals, program-to-program totals, and hash totals on records and files • Management authorization for the initiation of application acquisition, development, and maintenance • Change requests documents that record the reason for the amendment, date of amendment, and appropriate approvals • Separate test and production environments • Documented acceptance criteria for test plans
  • 43. • New programs and program changes are formally approved during appropriate phases of the development process and prior to implementation • Formal sign-off and acceptance procedures • Cut-over procedures to move applications from the test to the production environment • Programmers are prevented from updating production programs • Programmers are restricted from adding programs to the production libraries
  • 44. • Segregation of duties in programming and execution of programs • System documentation and user documentation is updated to reflect all program and operations changes • Emergency maintenance and temporary fixes to application and system software are covered by the same procedures applied to normal maintenance • Backup versions of software are maintained prior to making any changes to the code
  • 45. Change Management • Change management refers to changes in program code, operating system configurations, or network architectures. • An effective change management program uses an application or tool to register changes. • This tool should record the change requestor’s name, details of the request, business justification, approvers, estimated time to perform or implement the change, individuals responsible for modifications, individuals affected by the change, testing requirements, requestor’s approval on tests, management approval, and a scheduled date of change.
  • 46. Check to make sure that: • The library control systems ensure that all changes to production programs are implemented by library control administrators — and not the programmers who coded the program • Only the applications programmers involved in the changes have access to application programs under development
  • 47. • Only systems programmers have access to system programs under development • Only library administrators have write access to system and application libraries • Access to live data is only through programs that are in the application libraries
  • 48. Database Security • Access is controlled through discretionary access controls (DACs) or mandatory access controls (MACs). • With DACs, access must be granted before a user can gain access to a view. • MACs secure information by assigning classification levels or labels to data.
  • 49. Network Assessments • Obtain an understanding of the network architecture: – Review network diagrams and documentation – Interview data network administrators – Interview voice network administrators – Interview network device administrators – Review standards relating to networked systems – Review planned migration to new technologies – Review network software inventory – Review network hardware inventory – Identify business functions utilizing the network
  • 50. • Obtain an understanding of network management: – Identify network management tools and other utility software used in managing the network – Identify how the network management tools are utilized – Identify the devices managed through network – Identify plans or changes to network managers • Obtain an understanding of network security administration: – Identify policies, procedures, standards, and guidelines for network security administration – Identify responsibilities for network security administration – Identify monitoring capabilities and reports used in network security administration
  • 51. • Obtain an understanding of new technology assessments and deployment: – Identify responsibilities for change control – Identify audit/security participation in new technology plans – Identify documentation of risks in new technologies – Identify general control strategy used in introduction of new technologies – Identify testing/acceptance methods used for new technologies – Identify review process for approval of new technology plans
  • 52. • Obtain an understanding of outage/threat response capabilities: – Identify tools and approaches to reducing risks – Identify responsibility for emergency response – Identify tools/strategies for responding to emergency conditions – Identify threat incidents and priorities
  • 53. Emergency Response • It is necessary to ensure that bugs, security holes, and vulnerabilities are disseminated to the appropriate individuals and that those individuals are addressing the problem. • Include follow-up efforts to ensure that alerts, advisories, and fixes are applied in a timely manner.
  • 54. Remote Access • For each of the dial-in connections, the following activities will be performed: • Evaluate external connections and dial access: – Identify external network service providers – Identify external network users (customers, business partners, employees, service providers) – Identify access methods – Identify frequency of access – Identify nature of access – Identify services used for access – Identify time-of-day access required – Identify services used when access granted
  • 55. • Evaluate network security features: – Identify points of control for each access path – Identify points of control for each service accessed – Identify points of external control – Identify nature of control points (intended for authentication, monitoring, etc.) – Identify level of functionality for each control point – Identify responsibility for each control point • Develop access path schematic: – Document access paths and control points – Report observations and recommendations