a) Defense in Depth is the multi layer approach to security. Defense in Depth is one of the major parts of the security architecture. In order to achieve this one organization must implement multiple layers of security controls and safeguards represented in policy, training and education, and technology. Policy is important since it prepares the organization to handle attack proper way, and in combination with technology and training and education can provide a proper defense. Training and education is particularly important when it comes to social engineering and internal (employee) mistakes that can lead to attacks. Technology on the other hand is the main operation layer of Defense in Depth approach since it can detect the attack and also
…show more content…
In order to address security incidents that may occur one organization needs to have Mitigate control strategy, also known as Contingency strategy. This strategy has the goal to reduce the impact of the vulnerability exploitation by properly plan and prepare for it. As a part of contingency strategy organization has to prepare three types of plans: Incident Response Plan (IRP), Disaster Recovery Plan (DRP), and Business Continuity Plan (BCP). Incident Response Plan (IRP) consist of actions that takes place while the incident is still in progress. This is the immediate response, and is usually done as soon as the incident is detected. IRP has details of what should be done, who is responsible, and what should be documented. IRP helps the organization to take coordinated actions in situations where incident occurs. This planning process is associated with the identification, classification, response, and recovery from an incident. If the incident escalades or is disastrous, then the organization needs to use Disaster Recovery Plan (DRP). This is the most common of all three, since it revolves around restoring systems after the disastrous incident already occurred. DRP is the planning process associated with the preparation for and recovery from a disaster, whether natural or man-made. DRP include preparation for recovery, strategies to limit losses, and detailed steps to follow after the disaster. This plan also allows organization to take coordinated, planned actions in these types of situation explained
In order to address security incidents that may occur one organization needs to have Mitigate control strategy, also known as Contingency strategy. This strategy has the goal to reduce the impact of the vulnerability exploitation by properly plan and prepare for it. As a part of contingency strategy organization has to prepare three types of plans: Incident Response Plan (IRP), Disaster Recovery Plan (DRP), and Business Continuity Plan (BCP). Incident Response Plan (IRP) consist of actions that takes place while the incident is still in progress. This is the immediate response, and is usually done as soon as the incident is detected. IRP has details of what should be done, who is responsible, and what should be documented. IRP helps the organization to take coordinated actions in situations where incident occurs. This planning process is associated with the identification, classification, response, and recovery from an incident. If the incident escalades or is disastrous, then the organization needs to use Disaster Recovery Plan (DRP). This is the most common of all three, since it revolves around restoring systems after the disastrous incident already occurred. DRP is the planning process associated with the preparation for and recovery from a disaster, whether natural or man-made. DRP include preparation for recovery, strategies to limit losses, and detailed steps to follow after the disaster. This plan also allows organization to take coordinated, planned actions in these types of situation explained