SlideShare ist ein Scribd-Unternehmen logo

File000169

•
•
Desmond Devendran
Desmond Devendran
TechnologieBusiness
1 von 35
Downloaden Sie, um offline zu lesen
Module LVI - Security Policies
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: How to Stop the Grinch from Stealing your Corporate Data Organizations are feeling the effects of data leakage every day: the average cost of a data breach for a publicly traded company is $6.3 million and the stock price drops five percent and it takes a full year to recover. Companies spend millions of dollars each year to protect their information from outside threats, but it is becoming more evident that they need to secure data from within by developing an effective Data Leakage Prevention (DLP) strategy. Safend, a leading provider of enterprise endpoint DLP solutions, has devised the top-five tips for keeping your data safe during the holidays and beyond. These tips include: -- Employ a Sound Auditing Process: Portable storage devices such as iPods, PDAs, smart phones and other mobile devices, have become pervasive in the workplace. Allowing your employees to use their iPods at work may be a good way to increase morale but it also poses a security threat. Knowing what devices are connecting to what endpoints will help administrators monitor and avoid these threats. –Written Data Security Policies: The major concern with portable devices is the fear that the device may be lost or stolen, putting the data it contains at serious risk. In order to truly ensure the security of confidential data stored on portable devices, effective DLP strategies and policies need to be deployed, including written usage policies. -- Access Control: To make sure that users cannot easily circumvent security policies, it is important to first make sure the policies in place are flexible enough that they don't hinder productivity, but strong enough to prevent data leakage threats. -- Encrypt Everything: Many enterprises feel that they have covered all their security bases with the implementation of security policies, employee training and endpoint protection technology and are reluctant to invest in another product or add another level of security. Source: http://www.reuters.com/
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Access Control Policy • Administrative Security Policies & Procedures • Audit Trails and Logging Policies • Documentation Policy • Evidence Collection Preservation Policies • Information Security Policy • National Information Assurance (IA) Certification and Accreditation ( C&A) Process Policy • Personal Security Policies & Guidance This module will familiarize you with:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Evidence Collection and Preservation Policies Information Security Policy National Information Assurance (IA) Certification and Accreditation ( C&A) Process Policy Personnel Security Policies & Guidance Access Control Policy Administrative Security Policies and Procedures Audit Trails and Logging Policies Documentation Policy
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy Access control policy is a permission for a user to perform a set of actions on set of resources User cannot access a system unless, authorized through one or more access control policies • Users: The one who uses the system • Resources: The objects that are to be protected • Actions: Activities performed by the user on resources • Relationships: Conditions that exists between users and resources Basic elements of an access control policy:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy (cont’d) • Access group : Group of users to which the policy applies • Action group : Group of actions performed by the user on resources • Resource group : Resources controlled by the policy • Relationship : Each resource class can have a set of relationships associated with it; each resource can have a set of users that fulfill each relationship Basic elements of an access control policy:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy (cont’d) • Access group to which a user belongs • Actions to which the user is permitted to perform on a specific action group • How long the user can satisfy a particular relationship with respect to the resource Access group policy defines: Example: [AllUsers,UpdateDoc,doc,creator] implies that the users can update a document, if they are the creator of the document
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy (cont’d) • Access groups • Implicit access group • Explicit access group • User groups Member groups: • Action groups Action: • Resources • Controller command resources • Data bean resources • Data resources Resource category: The different sections associated with access control:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy (cont’d) • Implicit resource groups • Explicit resource groups Resource groups: • Relationship groups • Relationship chains Relationships:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy (cont’d) • Control access to information • Manage the allocation of access rights • Encourage responsible access practices • Control access to computer networks • Restrict access at operating system level • Manage access to application systems • Monitor system access and use • Protect mobile and teleworking assets Steps involved in access control management:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Administrative Security Policies and Procedures Administrative security practices describe the resources needed to achieve risk management Specifies the responsibility to manage the information security risk of the organization Organization security policies describes the way of maintaining security within the organization Employees should understand and follow the organizational security policies Policies may not be followed in certain circumstances because of business requirements Policies are ignored in situations where they are difficult to be followed Policies are to be included for the purpose of strong security although they are not followed or ignored every time
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Administrative Security Policies and Procedures (cont’d) Administrative security policy best practices: • Describes the information sensitivity in an organization • Defines methods of proper storage, transmission, marking to that information Information Policy: • Describes the security configurations and technical controls that are to be implemented on computer systems by the users and administrators Security Policy:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Administrative Security Policies and Procedures (cont’d) • Also called an acceptable use policy • Identifies the authenticated uses and penalties for misusing organizational systems • Identifies the standard method of installing software on organizational computers Use Policy: • Describes the frequency of information backups and moving them to off-site storage • These policies identify length of the time backups must be stored prior to reuse Backup Policy:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Administrative Security Policies and Procedures (cont’d) Security policies help the employees in performing their duties and identify steps to respond to security incidents The organizational security procedures are defined as follows: • This procedure contains the information who can authorize access to an organization’s computer system • Identifies the Information that is to be maintained by the system administrator to identify users calling for assistance • Defines who has responsibility to inform system administrator to terminate an account Procedure for user management:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Administrative Security Policies and Procedures (cont’d) • Defines the procedure to implement security policies in an organization • Defines the procedure to manage patches and apply on systems System administration procedures: • Defines procedures to make changes in production systems • Changes can also include software and hardware upgrades, initializing new systems and removing systems that are no longer used Configuration management procedures:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Audit Trails and Logging Policies Audit trails maintain a record of system activities such as computer events, applications, or user activities They help to detect security violations, performance problems and flaws • Audit Data Collector which collects the audit data • Audit Data Analyzer that analyzes the audit data transferred to it by the Audit Data Collector A simple auditing model consists of two parts:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Audit Trails and Logging Policies (cont’d) Benefits of Audit trails in the area of computer security: • Tracking Individual’s actions in an audit trail • Users are completely responsible for violating the security policies Individual Accountability: • Audit trails are used for reconstructing events after a problem has occurred • The amount of damage and reasons for occurring a problem can be known through an audit trail Reconstructing Events: • Audit trails can be used as online tools for problem monitoring • This helps to detect disk failures and excess utilization of system resources Problem Monitoring: • Audit trail helps in discovering the route cause of a problem and assessing the damage due to an incident Intrusion Detection:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Audit Trails and Logging Policies (cont’d) System activity is examined by checking the logs These logs are generated by systems and major software packages Logs produced can record the users activity on a system or a network Logging policies vary according to environment It is impossible to log every command executed on a computer system Logging policies should define the relevant events that are to be logged
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Audit Trails and Logging Policies (cont’d) Logging policies should include security relevant events in the logs This could guaranty the forensic information and security violations that required to know how the security violations manifested themselves • Logs should maintain auditing in a way consistent with the system that generates their entries • Logs should provide sufficient information in order to support accountability and traceability for all privilege system commands • Logs should maintain the details regarding user initiated, security-relevant activities • Logs must be able to rebuild production information for databases Other logging policy considerations include:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Documentation Policy Documentation policy determines the documentation needs of an organization such as network and server documentation Network Documentation defines the documentation about switch ports connected to rooms and computers Server Documentation defines the documentation of configuration information and running services • Who has the authority to access, read and change the network or server documentation • Defines the authorized person to be notified about the changes made in the network or server Both the server and network documentation policies defines:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Documentation Policy (cont’d) • Name, location, and function of the server • Hardware components of the system • List of software running on the server • Configuration information about the sever • Types of data and the owners of the data stored on the server • Data on the server that is to be backed up • Users or groups having the access to the data stored on server and their authentication process and protocols • Administrators on the server and the authentication process and protocols • Data and Authentication encryption requirements • User accessing data from remote locations • Administrators administrating the server from remote locations In server documentation, the following list of items are to be documented and reviewed :
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Documentation Policy (cont’d) • Locations and IP addresses of all hubs, switches, routers, and firewalls on the network • Various security zones on the network and devices that control access between them • Locations of every network drop and the associated switch and port on the switch supplying that connection • Interrelationship between all network devices showing lines running between the network devices • All subnets on the network and their relationships • All wide area network (WAN) or metropolitan area network (MAN) • Network devices configuration information • DHCP server settings Things to be documented in network documentation are as follows:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Evidence Collection and Preservation Policies Evidence collection policies are required whenever a security incident occurs A security incident is defined as an event where the security policy is breached • Engage a Law Enforcement personnel holding your site’s security policy • Make a note of time and the dates • Get prepared to be a witness outlining all the actions along with time • Do not minimize or update the collected data • Analysis of data should be done after collection • Adopt a methodical approach Guiding Principles of evidence collection:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Evidence Collection and Preservation Policies (cont’d) • List out the systems from which evidence is to be collected • Find the data which is relevant and acceptable • Obtain the relevant order of volatility for every system • Note the level of the system's clock drift • Think and guess the further evidences from the collected data • Maintain a clear documentation of every step • Note the witness of the people involved in the incident Steps involved in evidence collection:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Evidence Collection and Preservation Policies (cont’d) • Evidence collected should be secured properly and the chain of custody should be documented • Use a common storage media than a obscure storage media • Access to the evidence is to be restricted • Document the following details: • Where, when and by whom the evidence was discovered • Where, when and by whom was the evidence handled or examined • Where the evidence was stored • Where and when the shipment of evidence occurred Steps involved in preserving the evidence:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Information Security Policy Information security policies strengthens the security of information resources They lay foundation for information security within an organization • Define the integrity, confidentiality, and availability requirements for the information being used • Ensure that these requirements effectively communicate with the individuals who interact with the information • Use, manage, and distribute such information in the way consistent with these requirements The goal of information security policy is to :
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Information Security Policy (cont’d) Information security is achieved by the security practices such as the management of vulnerable points and securing system files In the case of applications, information security is applied to data input and output by encoding information using electronic keys • Identification of security controls • Input data validation • Control of internal processing • Message integrity • Output data validation • Cryptographic controls use policy • Key management • Operational software control • System test data Protection • Access control to program source code • Security in development and support processes • Vulnerability Management The security requirements of information systems are as follows:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited National Information Assurance (IA) Certification & Accreditation (C&A) Process Policy NIACAP setup a standard national process, set of activities, general tasks, and a management structure It certify and recognize systems which maintain information assurance and security posture of a system This process accomplishes the requirements of documented security Accredited security posture is maintained all through the system life cycle The process comprises existing system certifications and product evaluations Process users must arrange the process with their program strategies and incorporate the activities into their enterprise system life cycle
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited National Information Assurance (IA) Certification & Accreditation (C&A) Process Policy (cont’d) Agreement between the IS program manager, Designated Approving Authority (DAA), certification agent (certifier), and user representative is the main aspect to NIACAP Critical schedule, budget, security, functionality, and performance issues are determined by these individuals System Security Authorization Agreement (SSAA) contains the documentation of NIACAP agreements The results of Certification and Accreditation (C&A) are documented using SSAA The objective is to use the SSAA to establish an evolving yet binding agreement on the level of security required before the system development begins or changes to
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Personnel Security Policies & Guidance Personnel security policies include the safety measures to be taken regarding company employees It also concerns about the individuals visiting the place for business purposes • Ensure trustworthiness of the people in the posts who require access to official information • Protect the official information before granting them access • Provide the terms and conditions to the employee accessing the official information Manager should implement the personnel security policies to:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Personnel Security Policies & Guidance (cont’d) Elements of personnel security: • It is a pre-employment check while recruiting employees which involves the employees background check • This is done as the employee is given access to the official information • While recruiting employee for a permanent staff position, he must be checked for: • Satisfactory character referees • Accuracy of the curriculum vitae and qualifications • Before appointing an employee verify his identity and character through referees and request a criminal background check report from police • Similarly, Employee being recruited for a temporary staff position can be checked through an agency Personal Screening:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Personnel Security Policies & Guidance (cont’d) • The authority given to access official information • Chief executives should grant access to the permanent staff to access official information after verifying their credentials through: • Pre-employment checks • Periodic reviews • Approval procedures • Sound terms & conditions of the employment • Avoid granting access to the most sensitive sites as there are chances of indirect exposure by staff or visitors • Access granted individuals must be issued a pass or access or identity card • A basic check can be done further after the pre-employment check, about staff or contractors who needs a frequent access to sensitive sites Granting access:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Access control policy is a permission for a user to perform a set of actions on set of resources Administrative security practices describe the resources needed to achieve risk management Backup Policy describes the frequency of information backups and moving them to off- site storage Audit trails maintain a record of system activities like computer events, applications, or user activities Documentation policy determines the requirements for documentation like networks and servers Information security policies strengthens the security of information resources
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Empfohlen

File000171
File000171File000171
File000171
Desmond Devendran
 
File000162
File000162File000162
File000162
Desmond Devendran
 
File000170
File000170File000170
File000170
Desmond Devendran
 
File000176
File000176File000176
File000176
Desmond Devendran
 
File000163
File000163File000163
File000163
Desmond Devendran
 
File000117
File000117File000117
File000117
Desmond Devendran
 
File000114
File000114File000114
File000114
Desmond Devendran
 
File000166
File000166File000166
File000166
Desmond Devendran
 

Empfohlen

File000171
File000171File000171
File000171
Desmond Devendran
 
File000162
File000162File000162
File000162
Desmond Devendran
 
File000170
File000170File000170
File000170
Desmond Devendran
 
File000176
File000176File000176
File000176
Desmond Devendran
 
File000163
File000163File000163
File000163
Desmond Devendran
 
File000117
File000117File000117
File000117
Desmond Devendran
 
File000114
File000114File000114
File000114
Desmond Devendran
 
File000166
File000166File000166
File000166
Desmond Devendran
 
File000120
File000120File000120
File000120
Desmond Devendran
 
File000119
File000119File000119
File000119
Desmond Devendran
 
File000113
File000113File000113
File000113
Desmond Devendran
 
File000115
File000115File000115
File000115
Desmond Devendran
 
File000175
File000175File000175
File000175
Desmond Devendran
 
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data lossCe hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
Vi TĂ­nh HoĂ ng Nam
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
Resilient Systems
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
CMDLMS
 
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasuresCe hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasures
Vi TĂ­nh HoĂ ng Nam
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
Ollie Whitehouse
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
Anne Starr
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.
Vishal Tandel
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT V
ArthyR3
 
9780840024220 ppt ch12
9780840024220 ppt ch129780840024220 ppt ch12
9780840024220 ppt ch12
Kristin Harrison
 
File000136
File000136File000136
File000136
Desmond Devendran
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
Yansi Keim
 
9780840024220 ppt ch10
9780840024220 ppt ch109780840024220 ppt ch10
9780840024220 ppt ch10
Kristin Harrison
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
Ambuj Kumar
 
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesCe hv6 module 49 creating security policies
Ce hv6 module 49 creating security policies
Vi TĂ­nh HoĂ ng Nam
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
AlliedConSapCourses
 

Weitere ähnliche Inhalte

Was ist angesagt?

How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
Resilient Systems
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
Anne Starr
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 

Was ist angesagt? (20)

File000120
File000120File000120
File000120
 
File000119
File000119File000119
File000119
 
File000113
File000113File000113
File000113
 
File000115
File000115File000115
File000115
 
File000175
File000175File000175
File000175
 
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data lossCe hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
 
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasuresCe hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasures
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT V
 
9780840024220 ppt ch12
9780840024220 ppt ch129780840024220 ppt ch12
9780840024220 ppt ch12
 
File000136
File000136File000136
File000136
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
9780840024220 ppt ch10
9780840024220 ppt ch109780840024220 ppt ch10
9780840024220 ppt ch10
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 

Ă„hnlich wie File000169

Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
phanleson
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
phanleson
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
ImXaib
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
kevlekalakala
 
Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
PECB
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
oswald1horne84988
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
Tammy Clark
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
Prashant Singh
 

Ă„hnlich wie File000169 (20)

Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesCe hv6 module 49 creating security policies
Ce hv6 module 49 creating security policies
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
HIPAA and Security Management for Physician Practices
HIPAA and Security Management for Physician PracticesHIPAA and Security Management for Physician Practices
HIPAA and Security Management for Physician Practices
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
 
Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
 
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M RizviGeneral Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
12 security policies
12 security policies12 security policies
12 security policies
 

Mehr von Desmond Devendran

Mehr von Desmond Devendran (20)

Siam key-facts
Siam key-factsSiam key-facts
Siam key-facts
 
Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guides
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentials
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
 
CHFI 1
CHFI 1CHFI 1
CHFI 1
 
File000174
File000174File000174
File000174
 
File000173
File000173File000173
File000173
 
File000172
File000172File000172
File000172
 
File000168
File000168File000168
File000168
 
File000167
File000167File000167
File000167
 
File000165
File000165File000165
File000165
 
File000164
File000164File000164
File000164
 
File000161
File000161File000161
File000161
 
File000160
File000160File000160
File000160
 
File000159
File000159File000159
File000159
 
File000158
File000158File000158
File000158
 
File000157
File000157File000157
File000157
 
File000156
File000156File000156
File000156
 

KĂĽrzlich hochgeladen

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

KĂĽrzlich hochgeladen (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

File000169

  • 1. Module LVI - Security Policies
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: How to Stop the Grinch from Stealing your Corporate Data Organizations are feeling the effects of data leakage every day: the average cost of a data breach for a publicly traded company is $6.3 million and the stock price drops five percent and it takes a full year to recover. Companies spend millions of dollars each year to protect their information from outside threats, but it is becoming more evident that they need to secure data from within by developing an effective Data Leakage Prevention (DLP) strategy. Safend, a leading provider of enterprise endpoint DLP solutions, has devised the top-five tips for keeping your data safe during the holidays and beyond. These tips include: -- Employ a Sound Auditing Process: Portable storage devices such as iPods, PDAs, smart phones and other mobile devices, have become pervasive in the workplace. Allowing your employees to use their iPods at work may be a good way to increase morale but it also poses a security threat. Knowing what devices are connecting to what endpoints will help administrators monitor and avoid these threats. –Written Data Security Policies: The major concern with portable devices is the fear that the device may be lost or stolen, putting the data it contains at serious risk. In order to truly ensure the security of confidential data stored on portable devices, effective DLP strategies and policies need to be deployed, including written usage policies. -- Access Control: To make sure that users cannot easily circumvent security policies, it is important to first make sure the policies in place are flexible enough that they don't hinder productivity, but strong enough to prevent data leakage threats. -- Encrypt Everything: Many enterprises feel that they have covered all their security bases with the implementation of security policies, employee training and endpoint protection technology and are reluctant to invest in another product or add another level of security. Source: http://www.reuters.com/
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Access Control Policy • Administrative Security Policies & Procedures • Audit Trails and Logging Policies • Documentation Policy • Evidence Collection Preservation Policies • Information Security Policy • National Information Assurance (IA) Certification and Accreditation ( C&A) Process Policy • Personal Security Policies & Guidance This module will familiarize you with:
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Evidence Collection and Preservation Policies Information Security Policy National Information Assurance (IA) Certification and Accreditation ( C&A) Process Policy Personnel Security Policies & Guidance Access Control Policy Administrative Security Policies and Procedures Audit Trails and Logging Policies Documentation Policy
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy Access control policy is a permission for a user to perform a set of actions on set of resources User cannot access a system unless, authorized through one or more access control policies • Users: The one who uses the system • Resources: The objects that are to be protected • Actions: Activities performed by the user on resources • Relationships: Conditions that exists between users and resources Basic elements of an access control policy:
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy (cont’d) • Access group : Group of users to which the policy applies • Action group : Group of actions performed by the user on resources • Resource group : Resources controlled by the policy • Relationship : Each resource class can have a set of relationships associated with it; each resource can have a set of users that fulfill each relationship Basic elements of an access control policy:
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy (cont’d) • Access group to which a user belongs • Actions to which the user is permitted to perform on a specific action group • How long the user can satisfy a particular relationship with respect to the resource Access group policy defines: Example: [AllUsers,UpdateDoc,doc,creator] implies that the users can update a document, if they are the creator of the document
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy (cont’d) • Access groups • Implicit access group • Explicit access group • User groups Member groups: • Action groups Action: • Resources • Controller command resources • Data bean resources • Data resources Resource category: The different sections associated with access control:
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy (cont’d) • Implicit resource groups • Explicit resource groups Resource groups: • Relationship groups • Relationship chains Relationships:
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access Control Policy (cont’d) • Control access to information • Manage the allocation of access rights • Encourage responsible access practices • Control access to computer networks • Restrict access at operating system level • Manage access to application systems • Monitor system access and use • Protect mobile and teleworking assets Steps involved in access control management:
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Administrative Security Policies and Procedures Administrative security practices describe the resources needed to achieve risk management Specifies the responsibility to manage the information security risk of the organization Organization security policies describes the way of maintaining security within the organization Employees should understand and follow the organizational security policies Policies may not be followed in certain circumstances because of business requirements Policies are ignored in situations where they are difficult to be followed Policies are to be included for the purpose of strong security although they are not followed or ignored every time
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Administrative Security Policies and Procedures (cont’d) Administrative security policy best practices: • Describes the information sensitivity in an organization • Defines methods of proper storage, transmission, marking to that information Information Policy: • Describes the security configurations and technical controls that are to be implemented on computer systems by the users and administrators Security Policy:
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Administrative Security Policies and Procedures (cont’d) • Also called an acceptable use policy • Identifies the authenticated uses and penalties for misusing organizational systems • Identifies the standard method of installing software on organizational computers Use Policy: • Describes the frequency of information backups and moving them to off-site storage • These policies identify length of the time backups must be stored prior to reuse Backup Policy:
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Administrative Security Policies and Procedures (cont’d) Security policies help the employees in performing their duties and identify steps to respond to security incidents The organizational security procedures are defined as follows: • This procedure contains the information who can authorize access to an organization’s computer system • Identifies the Information that is to be maintained by the system administrator to identify users calling for assistance • Defines who has responsibility to inform system administrator to terminate an account Procedure for user management:
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Administrative Security Policies and Procedures (cont’d) • Defines the procedure to implement security policies in an organization • Defines the procedure to manage patches and apply on systems System administration procedures: • Defines procedures to make changes in production systems • Changes can also include software and hardware upgrades, initializing new systems and removing systems that are no longer used Configuration management procedures:
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Audit Trails and Logging Policies Audit trails maintain a record of system activities such as computer events, applications, or user activities They help to detect security violations, performance problems and flaws • Audit Data Collector which collects the audit data • Audit Data Analyzer that analyzes the audit data transferred to it by the Audit Data Collector A simple auditing model consists of two parts:
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Audit Trails and Logging Policies (cont’d) Benefits of Audit trails in the area of computer security: • Tracking Individual’s actions in an audit trail • Users are completely responsible for violating the security policies Individual Accountability: • Audit trails are used for reconstructing events after a problem has occurred • The amount of damage and reasons for occurring a problem can be known through an audit trail Reconstructing Events: • Audit trails can be used as online tools for problem monitoring • This helps to detect disk failures and excess utilization of system resources Problem Monitoring: • Audit trail helps in discovering the route cause of a problem and assessing the damage due to an incident Intrusion Detection:
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Audit Trails and Logging Policies (cont’d) System activity is examined by checking the logs These logs are generated by systems and major software packages Logs produced can record the users activity on a system or a network Logging policies vary according to environment It is impossible to log every command executed on a computer system Logging policies should define the relevant events that are to be logged
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Audit Trails and Logging Policies (cont’d) Logging policies should include security relevant events in the logs This could guaranty the forensic information and security violations that required to know how the security violations manifested themselves • Logs should maintain auditing in a way consistent with the system that generates their entries • Logs should provide sufficient information in order to support accountability and traceability for all privilege system commands • Logs should maintain the details regarding user initiated, security-relevant activities • Logs must be able to rebuild production information for databases Other logging policy considerations include:
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Documentation Policy Documentation policy determines the documentation needs of an organization such as network and server documentation Network Documentation defines the documentation about switch ports connected to rooms and computers Server Documentation defines the documentation of configuration information and running services • Who has the authority to access, read and change the network or server documentation • Defines the authorized person to be notified about the changes made in the network or server Both the server and network documentation policies defines:
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Documentation Policy (cont’d) • Name, location, and function of the server • Hardware components of the system • List of software running on the server • Configuration information about the sever • Types of data and the owners of the data stored on the server • Data on the server that is to be backed up • Users or groups having the access to the data stored on server and their authentication process and protocols • Administrators on the server and the authentication process and protocols • Data and Authentication encryption requirements • User accessing data from remote locations • Administrators administrating the server from remote locations In server documentation, the following list of items are to be documented and reviewed :
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Documentation Policy (cont’d) • Locations and IP addresses of all hubs, switches, routers, and firewalls on the network • Various security zones on the network and devices that control access between them • Locations of every network drop and the associated switch and port on the switch supplying that connection • Interrelationship between all network devices showing lines running between the network devices • All subnets on the network and their relationships • All wide area network (WAN) or metropolitan area network (MAN) • Network devices configuration information • DHCP server settings Things to be documented in network documentation are as follows:
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Evidence Collection and Preservation Policies Evidence collection policies are required whenever a security incident occurs A security incident is defined as an event where the security policy is breached • Engage a Law Enforcement personnel holding your site’s security policy • Make a note of time and the dates • Get prepared to be a witness outlining all the actions along with time • Do not minimize or update the collected data • Analysis of data should be done after collection • Adopt a methodical approach Guiding Principles of evidence collection:
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Evidence Collection and Preservation Policies (cont’d) • List out the systems from which evidence is to be collected • Find the data which is relevant and acceptable • Obtain the relevant order of volatility for every system • Note the level of the system's clock drift • Think and guess the further evidences from the collected data • Maintain a clear documentation of every step • Note the witness of the people involved in the incident Steps involved in evidence collection:
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Evidence Collection and Preservation Policies (cont’d) • Evidence collected should be secured properly and the chain of custody should be documented • Use a common storage media than a obscure storage media • Access to the evidence is to be restricted • Document the following details: • Where, when and by whom the evidence was discovered • Where, when and by whom was the evidence handled or examined • Where the evidence was stored • Where and when the shipment of evidence occurred Steps involved in preserving the evidence:
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Information Security Policy Information security policies strengthens the security of information resources They lay foundation for information security within an organization • Define the integrity, confidentiality, and availability requirements for the information being used • Ensure that these requirements effectively communicate with the individuals who interact with the information • Use, manage, and distribute such information in the way consistent with these requirements The goal of information security policy is to :
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Information Security Policy (cont’d) Information security is achieved by the security practices such as the management of vulnerable points and securing system files In the case of applications, information security is applied to data input and output by encoding information using electronic keys • Identification of security controls • Input data validation • Control of internal processing • Message integrity • Output data validation • Cryptographic controls use policy • Key management • Operational software control • System test data Protection • Access control to program source code • Security in development and support processes • Vulnerability Management The security requirements of information systems are as follows:
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited National Information Assurance (IA) Certification & Accreditation (C&A) Process Policy NIACAP setup a standard national process, set of activities, general tasks, and a management structure It certify and recognize systems which maintain information assurance and security posture of a system This process accomplishes the requirements of documented security Accredited security posture is maintained all through the system life cycle The process comprises existing system certifications and product evaluations Process users must arrange the process with their program strategies and incorporate the activities into their enterprise system life cycle
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited National Information Assurance (IA) Certification & Accreditation (C&A) Process Policy (cont’d) Agreement between the IS program manager, Designated Approving Authority (DAA), certification agent (certifier), and user representative is the main aspect to NIACAP Critical schedule, budget, security, functionality, and performance issues are determined by these individuals System Security Authorization Agreement (SSAA) contains the documentation of NIACAP agreements The results of Certification and Accreditation (C&A) are documented using SSAA The objective is to use the SSAA to establish an evolving yet binding agreement on the level of security required before the system development begins or changes to
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Personnel Security Policies & Guidance Personnel security policies include the safety measures to be taken regarding company employees It also concerns about the individuals visiting the place for business purposes • Ensure trustworthiness of the people in the posts who require access to official information • Protect the official information before granting them access • Provide the terms and conditions to the employee accessing the official information Manager should implement the personnel security policies to:
  • 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Personnel Security Policies & Guidance (cont’d) Elements of personnel security: • It is a pre-employment check while recruiting employees which involves the employees background check • This is done as the employee is given access to the official information • While recruiting employee for a permanent staff position, he must be checked for: • Satisfactory character referees • Accuracy of the curriculum vitae and qualifications • Before appointing an employee verify his identity and character through referees and request a criminal background check report from police • Similarly, Employee being recruited for a temporary staff position can be checked through an agency Personal Screening:
  • 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Personnel Security Policies & Guidance (cont’d) • The authority given to access official information • Chief executives should grant access to the permanent staff to access official information after verifying their credentials through: • Pre-employment checks • Periodic reviews • Approval procedures • Sound terms & conditions of the employment • Avoid granting access to the most sensitive sites as there are chances of indirect exposure by staff or visitors • Access granted individuals must be issued a pass or access or identity card • A basic check can be done further after the pre-employment check, about staff or contractors who needs a frequent access to sensitive sites Granting access:
  • 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Access control policy is a permission for a user to perform a set of actions on set of resources Administrative security practices describe the resources needed to achieve risk management Backup Policy describes the frequency of information backups and moving them to off- site storage Audit trails maintain a record of system activities like computer events, applications, or user activities Documentation policy determines the requirements for documentation like networks and servers Information security policies strengthens the security of information resources
  • 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited