Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
103 Cards in this Set
- Front
- Back
|
Security Awareness
|
To be effective, security policies must be supported by top management:
A security charter. A management document explaining general security rules. Don’t treat users as the enemy: users have to understand that they protect their own assets. Security awareness programs should be part of the general security strategy. Not every member in an organisation has to become a security expert, but all members should know: Why security is important for themselves and for the organisation. What is expected of each member. Which good practices they should follow. |
|
|
Computer Security
|
protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).
|
|
|
Computer Security Challenges
|
1.not simple
2.must consider potential attacks 3.procedures used counter-intuitive 4.involve algorithms and secret info 5.must decide where to deploy mechanisms 6.battle of wits between attacker / admin 7.not perceived on benefit until fails 8.requires regular monitoring 9.too often an after-thought 10.regarded as impediment to using system |
|
|
Vulnerabilities and Attacks
|
system resource vulnerabilities may
be corrupted (loss of integrity) become leaky (loss of confidentiality) become unavailable (loss of availability) attacks are threats carried out and may be passive active insider outsider |
|
|
Threat Consequences
|
unauthorized disclosure
exposure, interception, inference, intrusion deception masquerade, falsification, repudiation disruption incapacitation, corruption, obstruction usurpation misappropriation, misuse |
|
|
Network Security Attacks
|
classify as passive or active
passive attacks are eavesdropping release of message contents traffic analysis are hard to detect so aim to prevent active attacks modify/fake data masquerade replay modification denial of service hard to prevent so aim to detect |
|
|
X.800 Security Architecture
|
X.800, Security Architecture for OSI
systematic way of defining requirements for security and characterizing approaches to satisfying them defines: security attacks -compromise security security mechanism -act to detect, prevent, recover from attack security service -counter security attacks |
|
|
ISO 17799 (27001)
|
1.Establishing organisational security policy
2.Organizational security infrastructure 3.Asset classification and control 4.Physical and environmental security 5.Personnel security 6.Communications and operations management 7.Access control 8.Systems development and maintenance 9.Business continuity planning 10.Compliance |
|
|
Organizational Security Infrastructure
|
Responsibilities for security within an enterprise have to be properly organized.
Qualifications of chief security officer? Formerly: ex-police, ex-military Today: increasingly lawyers, IT experts Management has to get an accurate view of the state of security within an enterprise. |
|
|
Physical and Environmental Security
|
Physical security measures (fences, locked doors, …) protect access to premises or to sensitive areas (rooms) within a building.
E.g., only authorized personnel gets access to server rooms. Environmental factors can influence the likelihood of natural disasters. E.g., is the area subject to flooding? |
|
|
Communications and Operations Management
|
The day-to-day management of IT systems and of business processes has to ensure that security is maintained.
|
|
|
Systems Development and Maintenance
|
Security issues should be considered when an IT system is being developed.
Operational security depends on proper maintenance (e.g., patching vulnerable code, updating virus scanners). IT projects have to be managed with security in mind. (Who is writing sensitive applications, who gets access to sensitive data?) |
|
|
Compliance
|
Organisations have to comply with legal, regulatory, and contractual obligations, as well as with standards and their own organisational security policy.
The auditing process should be put to efficient use while trying to minimize its interference with business processes. In practice, compliance often poses a greater challenge than fielding technical security measures. |
|
|
Means of User Authentication
|
four means of authenticating user's identity
based one something the individual knows -e.g. password, PIN possesses -e.g. key, token, smartcard is (static biometrics) -e.g. fingerprint, retina does (dynamic biometrics) -e.g. voice, sign can use alone or combined all can provide user authentication all have issues |
|
|
Password Vulnerabilities
|
offline dictionary attack
specific account attack popular password attack password guessing against single user workstation hijacking exploiting user mistakes exploiting multiple password use electronic monitoring |
|
|
Improved Implementations
|
have other, stronger, hash/salt variants
many systems now use MD5 with 48-bit salt password length is unlimited is hashed with 1000 times inner loop produces 128-bit hash OpenBSD uses Blowfish block cipher based hash algorithm called Bcrypt uses 128-bit salt to create 192-bit hash value |
|
|
Password Choices
|
users may pick short passwords
e.g. 3% were 3 chars or less, easily guessed system can reject choices that are too short users may pick guessable passwords so crackers use lists of likely passwords e.g. one study of 14000 encrypted passwords guessed nearly 1/4 of them would take about 1 hour on fastest systems to compute all variants, and only need 1 break! |
|
|
Using Better Passwords
|
clearly have problems with passwords
goal to eliminate guessable passwords whilst still easy for user to remember techniques: user education computer-generated passwords reactive password checking proactive password checking |
|
|
Token Authentication
|
object user possesses to authenticate, e.g.
embossed card magnetic stripe card memory card smartcard |
|
|
Smartcard
|
credit-card like
has own processor, memory, I/O ports wired or wireless access by reader may have crypto co-processor ROM, EEPROM, RAM memory executes protocol to authenticate with reader/computer also have USB dongles |
|
|
Biometric Authentication
|
Iris
Fingerprint Face Recognition |
|
|
Biometric Accuracy
|
never get identical templates
problems of false match / false non-match |
|
|
Remote User Authentication
|
authentication over network more complex
problems of eavesdropping, replay generally use challenge-response user sends identity host responds with random number user computes f(r,h(P)) and sends back host compares value from user with own computed value, if match user authenticated protects against a number of attacks |
|
|
Access Control Function
|
Authentication:Verification that the claimed identity of a user or other system entity is valid.
Authorization:The granting of a right or permission to a system entity to access a system resource. This function determines who is trusted for a given purposes. |
|
|
Access Control Requirements
|
reliable input
fine and coarse specifications least privilege separation of duty open and closed policies policy combinations, conflict resolution administrative policies |
|
|
Discretionary Access Control
|
often provided using an access matrix
lists subjects in one dimension (rows) lists objects in the other dimension (columns) each entry specifies access rights of the specified subject to that object access matrix is often sparse can decompose by either row or column |
|
|
What is the ITU-T Recommendation X.800?
|
The ITU-T Recommendation X.800 is a series of end-to-end security recommendations defined by the ITU
The ITU Telecommunication Standardization Sector(ITU-T) coordinates standards for telecommunicationson behalf of the International Telecommunication Union (ITU) |
|
|
Origin of the ITU-T Recommendation X.805
|
ITU-T Recommendation X.805 Security architecture for systems providing end-to-end communicationshad been developed by ITU-T SG 17 (ITU-T Lead Study Group on Telecommunication Security) and was published in October 2003.
•The group has developed a set of the well-recognized Recommendations on security. Among them are X.800 Series of recommendations on security |
|
|
ITU-T X.800 Threat Model
|
1 -Destruction(an attack on availability):
–Destruction of information and/or network resources 2 -Corruption(an attack on integrity): –Unauthorized tampering with an asset 3 -Removal(an attack on availability): –Theft, removal or loss of information and/or other resources 4 -Disclosure(an attack on confidentiality): –Unauthorized access to an asset 5 -Interruption(an attack on availability): –Interruption of services. Network becomes unavailable or unusable |
|
|
Security25Three Security Layers
|
Layer1 -Infrastructure Security Layer:
•Fundamental building blocks of networks services and applications •Examples: –Individual routers, switches, servers –Point-to-point WAN links –Ethernet links links2 -Services Security Layer: •Services Provided to End-Users •Examples: –Frame Relay, ATM, IP –Cellular, Wi-Fi, –VoIP, QoS, IM, Location services –Toll free call services services 3 -Applications Security Layer: •Network-based applications accessed by end-users •Examples: –Web browsing –Directory assistance –E-commerce |
|
|
Security Planes
|
•Concept of Security Planes could be instrumental for ensuring that essential network activities are protected independently (e.g. compromise of security at the End-user Security Plane does not affect functions associated with the Management Security Plane).
•Concept of Security Planes allows identification of potential network vulnerabilities that may occur when distinct network activities depend on the same security measures for protection. |
|
|
Examples of Intrusion
|
remote root compromise
web server defacement guessing / cracking passwords copying viewing sensitive data / databases running a packet sniffer distributing pirated software using an unsecured modem to access net impersonating a user to reset password using an unattended workstation |
|
|
Hackers
|
motivated by thrill of access and status
hacking community a strong meritocracy status is determined by level of competence benign intruders might be tolerable do consume resources and may slow performance can’t know in advance whether benign or malign IDS / IPS / VPNs can help counter awareness led to establishment of CERTs collect / disseminate vulnerability info / responses |
|
|
Insider Attacks
|
among most difficult to detect and prevent
employees have access & systems knowledge may be motivated by revenge / entitlement when employment terminated taking customer data when move to competitor IDS / IPS may help but also need: least privilege, monitor logs, strong authentication, termination process to block access & mirror data |
|
|
IDS Principles
|
assume intruder behavior differs from legitimate users
expect overlap as shown observe deviations from past history problems of: false positives false negatives must compromise |
|
|
Host-Based IDS
|
specialized software to monitor system activity to detect suspicious behavior
primary purpose is to detect intrusions, log suspicious events, and send alerts can detect both external and internal intrusions two approaches, often used in combination: anomaly detection -defines normal/expected behavior threshold detection profile based signature detection -defines proper behavior |
|
|
Anomaly Detection
|
threshold detection
checks excessive event occurrences over time alone a crude and ineffective intruder detector must determine both thresholds and time intervals profile based characterize past behavior of users / groups then detect significant deviations based on analysis of audit records gather metrics: counter, guage, interval timer, resource utilization analyze: mean and standard deviation, multivariate, markov process, time series, operational model |
|
|
Network-Based IDS
|
network-based IDS (NIDS)
monitor traffic at selected points on a network in (near) real time to detect intrusion patterns may examine network, transport and/or application level protocol activity directed toward systems comprises a number of sensors inline (possibly as part of other net device) passive (monitors copy of traffic) |
|
|
Intrusion Detection Techniques
|
signature detection
at application, transport, network layers; unexpected application services, policy violations anomaly detection of denial of service attacks, scanning, worms when potential violation detected sensor sends an alert and logs information used by analysis module to refine intrusion detection parameters and algorithms by security admin to improve protection |
|
|
SNORT Rules
|
use a simple, flexible rule definition language
with fixed header and zero or more options header includes: action, protocol, source IP, source port, direction, dest IP, dest port many options example rule to detect TCP SYN-FIN attack: Alert tcp $EXTERNAL_NET any -> $HOME_NET any \ (msg: "SCAN SYN FIN"; flags: SF, 12; \ reference: arachnids, 198; classtype: attempted-recon;) |
|
|
Malware Terminology
|
Virus
Worm Logic bomb Trojan horse Backdoor (trapdoor) Mobile code Auto-rooter Kit (virus generator) Spammer and Flooder programs Keyloggers Rootkit Zombie, bot |
|
|
Virus Structure
|
components:
infection mechanism -enables replication trigger -event that makes payload activate payload -what it does, malicious or benign prepended / postpended / embedded when infected program invoked, executes virus code then original program code can block initial infection (difficult) or propogation (with access controls) |
|
|
Macro Virus
|
became very common in mid-1990s since
platform independent infect documents easily spread exploit macro capability of office apps executable program embedded in office doc often a form of Basic more recent releases include protection recognized by many anti-virus programs |
|
|
Virus Countermeasures
|
prevention -ideal solution but difficult
realistically need: detection identification removal if detect but can’t identify or remove, must discard and replace infected program |
|
|
Generic Decryption
|
runs executable files through GD scanner:
CPU emulator to interpret instructions virus scanner to check known virus signatures emulation control module to manage process lets virus decrypt itself in interpreter periodically scan for virus signatures issue is long to interpret and scan tradeoff chance of detection vs time delay |
|
|
Morris Worm
|
one of best know worms
released by Robert Morris in 1988 various attacks on UNIX systems cracking password file to use login/password to logon to other systems exploiting a bug in the finger protocol exploiting a bug in sendmail if succeed have remote shell access sent bootstrap program to copy worm over |
|
|
Recent Worm Attacks
|
Code Red
July 2001 exploiting MS IIS bug probes random IP address, does DDoS attack consumes significant net capacity when active Code Red II variant includes backdoor SQL Slammer early 2003, attacks MS SQL Server compact and very rapid spread Mydoom mass-mailing e-mail worm that appeared in 2004 installed remote access backdoor in infected systems |
|
|
Worm Countermeasures
|
overlaps with anti-virus techniques
once worm on system A/V can detect worms also cause significant net activity worm defense approaches include: signature-based worm scan filtering filter-based worm containment payload-classification-based worm containment threshold random walk scan detection rate limiting and rate halting |
|
|
Rootkits
|
set of programs installed for admin access
malicious and stealthy changes to host O/S may hide its existence subverting report mechanisms on processes, files, registry entries etc may be: persisitent or memory-based user or kernel mode installed by user via trojan or intruder on system range of countermeasures needed |
|
|
Classic Denial of Service Attacks
|
can use simple flooding ping
from higher capacity link to lower causing loss of traffic source of flood traffic easily identified |
|
|
Source Address Spoofing
|
use forged source addresses
given sufficient privilege to “raw sockets” easy to create generate large volumes of packets directed at target with different, random, source addresses cause same congestion responses are scattered across Internet real source is much harder to identify |
|
|
SYN Spoofing Attack
|
attacker often uses either
random source addresses or that of an overloaded server to block return of (most) reset packets has much lower traffic volume attacker can be on a much lower capacity link |
|
|
UDP Flood
|
UDP Flood
alternative uses UDP packets to some port User Datagram Protocol UDP is part of the Internet Protocol suite, programs running on different computers on a network can send short messages known as Datagram's to one another. Unlike TCP, it does not guarantee reliability or the right sequencing of data. Datagram's may go missing without notice, or arrive in a different order from the one in which they were sent. |
|
|
Distributed Denial of Service Attacks
|
have limited volume if single source used
multiple systems allow much higher traffic volumes to form a Distributed Denial of Service (DDoS) Attack often compromised PC’s / workstations zombies with backdoor programs installed forming a botnet e.g. Tribe Flood Network (TFN), TFN2K |
|
|
Reflection Attacks
|
use normal behavior of network
attacker sends packet with spoofed source address being that of target to a server server response is directed at target if send many requests to multiple servers, response can flood target various protocols e.g. UDP or TCP/SYN ideally want response larger than request prevent if block source spoofed packets |
|
|
DoS Attack Defenses
|
high traffic volumes may be legitimate
result of high publicity, e.g. “slash-dotted” or to a very popular site, e.g. Olympics etc or legitimate traffic created by an attacker three lines of defense against (D)DoS: attack prevention and preemption attack detection and filtering attack source traceback and identification |
|
|
Attack Prevention
|
block IP directed broadcasts
block suspicious services & combinations manage application attacks with “puzzles” to distinguish legitimate human requests good general system security practices use mirrored and replicated servers when high-performance and reliability required |
|
|
Responding to Attacks
|
identify type of attack
capture and analyze packets design filters to block attack traffic upstream or identify and correct system/application bug have ISP trace packet flow back to source may be difficult and time consuming necessary if legal action desired implement contingency plan update incident response plan |
|
|
Firewall Capabilities & Limits
|
capabilities:
defines a single choke point provides a location for monitoring security events convenient platform for some Internet functions such as NAT, usage monitoring, IPSEC VPNs limitations: cannot protect against attacks bypassing firewall may not protect fully against internal threats improperly secure wireless LAN laptop, PDA, portable storage device infected outside then used inside |
|
|
Packet Filtering Firewall
|
applies rules to packets in/out of firewall
based on information in packet header src/dest IP addr & port, IP protocol, interface typically a list of rules of matches on fields if match rule says if forward or discard packet two default policies: discard -prohibit unless expressly permitted more conservative, controlled, visible to users forward -permit unless expressly prohibited easier to manage/use but less secure |
|
|
Packet Filter Weaknesses
|
weaknesses
cannot prevent attack on application bugs limited logging functionality do not support advanced user authentication vulnerable to attacks on TCP/IP protocol bugs improper configuration can lead to breaches attacks IP address spoofing, source route attacks, tiny fragment attacks |
|
|
Application-Level Gateway
|
acts as a relay of application-level traffic
user contacts gateway with remote host name authenticates themselves gateway contacts application on remote host and relays TCP segments between server and user must have proxy code for each application may restrict application features supported more secure than packet filters but have higher overheads |
|
|
SOCKS Circuit-Level Gateway
|
SOCKS v5 defined as RFC1928 to allow TCP/UDP applications to use firewall
components: SOCKS server on firewall SOCKS client library on all internal hosts SOCKS-ified client applications client app contacts SOCKS server, authenticates, sends relay request server evaluates & establishes relay connection UDP handled with parallel TCP control channel |
|
|
Bastion Hosts
|
critical strongpoint in network
hosts application/circuit-level gateways common characteristics: runs secure O/S, only essential services may require user auth to access proxy or host each proxy can restrict features, hosts accessed each proxy small, simple, checked for security each proxy is independent, non-privileged limited disk use, hence read-only code |
|
|
Personal Firewall
|
controls traffic flow to/from PC/workstation
for both home or corporate use may be software module on PC or in home cable/DSL router/gateway typically much less complex primary role to deny unauthorized access may also monitor outgoing traffic to detect/block worm/malware activity |
|
|
Firewall Topologies
|
host-resident firewall
screening router single bastion inline single bastion T double bastion inline double bastion T distributed firewall configuration |
|
|
Host-Based IPS
|
identifies attacksusing both:
signature techniques malicious application packets anomaly detection techniques behavior patterns that indicate malware can be tailored to the specific platform e.g. general purpose, web/database server specific can also sandbox applets to monitor behavior may give desktop file, registry, I/O protection |
|
|
Formal Model for Computer Security
|
two fundamental computer security facts:
all complex software systems have flaw/bugs It is extraordinarily difficult to build computer hardware/software not vulnerable to attack hence desire to prove design and implementation satisfy security requirements led to development of formal security models initially funded by US DoD Bell-LaPadula (BLP) model very influential |
|
|
BLP Rules
|
1.get access
2.release access 3.change object level 4.change current level 5.give access permission 6.rescind access permission 7.create an object 8.delete a group of objects |
|
|
MLS Security for Role-Based Access Control
|
rule based access control (RBAC) can implement BLP MLS rules given:
security constraints on users constraints on read/write permissions read and write level role access definitions constraint on user-role assignments |
|
|
Trusted Platform Module (TPM)
|
concept from Trusted Computing Group
hardware module at heart of hardware / software approach to trusted computing uses a TPM chip on motherboard, smart card, processor working with approved hardware / software generating and using crypto keys has 3 basic services: authenticated boot, certification, encryption |
|
|
Certification Service
|
once have authenticated boot
TPM can certify configuration to others with a digital certificate of configuration info giving another user confidence in it include challenge value in certificate to also ensure it is timely provides hierarchical certification approach trust TPM then O/S then applications |
|
|
Trusted Systems
|
security models aimed at enhancing trust
work started in early 1970’s leading to: Trusted Computer System Evaluation Criteria (TCSEC), Orange Book, in early 1980s further work by other countries resulting in Common Criteria in late 1990s also Computer Security Center in NSA with Commercial Product Evaluation Program evaluates commercially available products required for Defense use, freely published |
|
|
CC Requirements
|
have a common set of potential security requirements for use in evaluation
target of evaluation (TOE) refers product / system subject to evaluation functional requirements define desired security behavior assurance requirements that security measures effective correct have classes of families of components |
|
|
Smartcard PP
|
simple PP example
describes IT security requirements for smart card use by sensitive applications lists threats PP requirements: 42 TOE security functional requirements 24 TOE security assurance requirements IT environment security requirements with rationale for selection |
|
|
CC Assurance Levels
|
EAL 1 -functionally tested
EAL 2: structurally tested EAL 3: methodically tested and checked EAL 4: methodically designed, tested, and reviewed EAL 5: semiformally designed and tested EAL 6: semiformally verified design and tested EAL 7: formally verified design and tested |
|
|
Evaluation Parties & Phases
|
evaluation parties:
sponsor -customer or vendor developer -provides evidence for evaluation evaluator -confirms requirements satisfied) certifier -agency monitoring evaluation process phases: preparation, conduct of evaluation, conclusion government agency regulates, e.g. US CCEVS have peering agreements between countries saving time / expense by sharing results |
|
|
Physical Security
|
protect physical assets that support the storage and processing of information
involves two complementary requirements: prevent damage to physical infrastructure information system hardware physical facility supporting facilities personnel prevent physical infrastructure misuse leading to misuse / damage of protected information |
|
|
Physical Security Threats
|
look at physical situations / occurrences that threaten information systems:
environmental threats (incl. natural disasters) technical threats human-caused threats first consider natural disasters |
|
|
Environmental Threats
|
inappropriate temperature and humidity
fire and smoke water chemical, radiological, biological hazards dust infestation |
|
|
Human-Caused Threats
|
less predictable, may be targeted, harder to deal with
include: unauthorized physical access leading to other threats theft of equipment / data vandalism of equipment / data misuse of resources |
|
|
Mitigation MeasuresTechnical Threats
|
electrical power for critical equipment use
use uninterruptible power supply (UPS) emergency power generator electromagnetic interference (EMI) filters and shielding |
|
|
Recovery from Physical Security Breaches
|
redundancy
to provide recovery from loss of data ideally off-site, updated as often as feasible can use batch encrypted remote backup extreme is remote hot-site with live data physical equipment damage recovery depends on nature of damage and cleanup may need disaster recovery specialists |
|
|
Planning and Implementation
|
after assessment then develop a plan for threat prevention, mitigation, recovery
typical steps: 1.assess internal and external resources 2.identify challenges and prioritize activities 3.develop a plan 4.implement the plan |
|
|
Physical / Logical Security Integration
|
have many detection / prevention devices
more effective if have central control hence desire to integrate physical and logical security, esp access control need standards in this area FIPS 201-1 “Personal Identity Verification (PIV) of Federal Employees and Contractors” |
|
|
IT Security Management
|
IT Security Management:a process used to achieve and maintain appropriate levels of confidentiality, integrity, availability, accountability, authenticity and reliability. IT security management functions include:
organizational IT security objectives, strategies and policies determining organizational IT security requirements identifying and analyzing security threats to IT assets identifying and analyzing risks specifying appropriate safeguards monitoring the implementation and operation of safeguards developing and implement a security awareness program detecting and reacting to incidents |
|
|
Organizational Context and Security Policy
|
first examine organization’s IT security:
objectives -wanted IT security outcomes strategies -how to meet objectives policies -identify what needs to be done maintained and updated regularly using periodic security reviews reflect changing technical / risk environments examine role of IT systems in organization |
|
|
Management Support
|
IT security policy must be supported by senior management
need IT security officer to provide consistent overall supervision manage process handle incidents large organizations needs IT security officers on major projects / teams manage process within their areas |
|
|
Baseline Approach
|
use “industry best practice”
easy, cheap, can be replicated but gives no special consideration to org may give too much or too little security implement safeguards against most common threats baseline recommendations and checklist documents available from various bodies alone only suitable for small organizations |
|
|
Detailed Risk Analysis
|
most comprehensive alternative
assess using formal structured process with a number of stages identify likelihood of risk and consequences hence have confidence controls appropriate costly and slow, requires expert analysts may be a legal requirement to use suitable for large organizations with IT systems critical to their business objectives |
|
|
Asset Identification
|
identify assets
“anything which needs to be protected” of value to organization to meet its objectives tangible or intangible in practice try to identify significant assets draw on expertise of people in relevant areas of organization to identify key assets identify and interview such personnel see checklists in various standards |
|
|
Threat Identification
|
to identify threats or risks to assets ask
1.who or what could cause it harm? 2.how could this occur? threats are anything that hinders or prevents an asset providing appropriate levels of the key security services: confidentiality, integrity, availability, accountability, authenticity and reliability assets may have multiple threats |
|
|
Threat Identification
|
depends on risk assessors experience
uses variety of sources natural threat chance from insurance stats lists of potential threats in standards, IT security surveys, info from governments tailored to organization’s environment and any vulnerabilities in its IT systems |
|
|
Analyze Risks
|
specify likelihood of occurrence of each identified threat to asset given existing controls
management, operational, technical processes and procedures to reduce exposure of org to some risks specify consequence should threat occur hence derive overall risk rating for each threat risk = probability threat occurs x cost to organization in practice very hard to determine exactly use qualitative not quantitative, ratings for each aim to order resulting risks in order to treat them |
|
|
Risk Treatment Alternatives
|
risk acceptance
risk avoidance risk transferal reduce consequence reduce likelihood |
|
|
Controls or Safeguards
|
controls or safeguards are
practices, procedures or mechanisms which may protect against a threat, reduce a vulnerability, limit the impact of an unwanted incident, detect unwanted incidents and facilitate recover classes of controls: management operational technical |
|
|
Cost-Benefit Analysis
|
conduct to determine appropriate controls
greatest benefit given resources available qualitative or quantitative show cost justified by reduction in risk contrast impact of implementing it or not management chooses selection of controls considers if it reduces risk too much or not enough, is too costly or appropriate fundamentally a business decision |
|
|
Security Training / Awareness
|
responsible personnel need training
on details of design and implementation awareness of operational procedures also need general awareness for all spanning all levels in organization essential to meet security objectives lack leads to poor practices reducing security aim to convince personnel that risks exist and breaches may have significant consequences |
|
|
Implementation Follow-up
|
security management is cyclic, repeated
need to monitor implemented controls evaluate changes for security implications otherwise increase chance of security breach have a number of aspects which may indicate need for changes in previous stages of process |
|
|
Security Compliance
|
audit process to review security processes
to verify compliance with security plan using internal or external personnel usually based on checklists to check suitable policies and plans were created suitable selection of controls were chosen that they are maintained and used correctly often as part of wider general audit |
|
|
Incident Handling
|
need procedures specifying how to respond to a security incident
given will most likely occur sometime reflect range of consequences on org codify action to avoid panic e.g. mass email worm exploiting vulnerabilities in common apps propagating via email in high volumes should disconnect from Internet or not? |
|
|
Responding to Incidents
|
need documented response procedures
how to identify cause of the security incident describe action taken to recover from it procedures should identify typical categories of incidents and approach taken to respond identify management personnel responsible for making critical decisions and their contacts whether to report incident to police / CERT etc |
|
|
Case Study: Silver Star Mines
|
given risk assessment, identify controls
clearly many categories not in use general issue of systems not being patched or upgraded plus need for contingency plans SCADA: add intrusion detection system info integrity: better centralize storage email: provide backup system |
