Please enable JavaScript.
Coggle requires JavaScript to display documents.
SECURITY ASSESSMENT (:red_cross:Vulnerability Identification and…
SECURITY ASSESSMENT
:red_cross:
Vulnerability Identification and Assessment
SW
vulnerabilities areas
system software [most serious]
application software (3reasons) [largest number of vulnerabilities]
control software.(2 reasons)
humanware
HW
the 4 reasons
system security policies and procedures.
policy is building blocks of an organization's security
When compared to a similar industry, weaknesses should be noted in quality, conformity, and comprehensiveness.
:red_cross:
System Security Policy
Why it is important?
Firewall installations
User discipline
To be successful
Have the backing of the organization top management
Involve every one in the organization
Precisely describe a clear vision of a secure environment
Set priorities and costs of what needs to be protected.
Be a good teaching tool for everyone in the organization about security and what needs to be protected, why, and how it is to be protected.
Set boundaries on what constitutes behavior as far as security and privacy
Create a security clearing house and authority.
Be flexible enough to adopt to new changes.
Be consistently implemented throughout the organization.
The 5 steps to achieve its goals
Determine the resources that must be protected and draw a profile of its characteristics.
For each identifiable resource determine the type of threat and the likelihood of such a threat.
For each identifiable resource determine what measures will protect it the best and from whom.
Develop a policy team consisting of at least one member from senior administration, legal staff, employees, member of IT department, and an editor or writer to help with drafting the policy.
Determine what needs to be audited.
Define the acceptable use of system resources such as Email, News, Web
Consider how to deal with each of the following: Encryption, Password, Key creation and distributions, Wireless devices that connect on the organization's network
Provide for remote access
schedule a time to review these structures regularly
:red_cross:
Security Requirements Specification
For the user:
user name, location, and phone number of the responsible system owner, and data/application owner. The range of security clearance levels, the set of formal access approvals, and the need-to-know of users of the system.
For the resources:
resource type, document any special physical protection, brief description of a secure operating system.
if the resource is data then also do the following:
classification level: top secret, secret, confidential; and categories of data: restricted, formally restricted
any special access programs for the data
any special formal access approval necessary for access to the data o any special handling instructions
any need-to-know restrictions on users
any sensitive classification or lack of.
:red_cross:
Security Certification
Attempts to achieve
Employs a set of structured verification techniques and verification procedures
Demonstrates that the security controls of the system are implemented correctly
Identifies risks to confidentiality, integrity, and availability of information and resources
:red_cross:
Threat Identification
sources
Natural Disasters
ways to plan for the natural disaster
up-to-date backups stored at different locations
Contingency plans
Human factor
Communication
Human-machine interface
Data design, analysis and interpretation
New tools and technologies
Workload and user capacity
Work environment
Training
Performance
Infrastructure Failures
SW
failer causes
human error
nature of software
the environment in which software is produced and used
HW
approaches to overcome hardware threats
Redundancy
Monitoring system
self-healing hardware
humanware
The human component in a computer system is so unpredictable and so unreliable
:red_cross:
Threat Analysis
Approaches
Threat Analysis by Annualized Loss Expectations
Schneierls Attack Tree Method
:red_cross:
Security Monitoring and Auditing
monitoring tools categories
System Performance
Network Security
Network Performance and Diagnosis
Networking links
Dynamic IP and DNS event logger
Remote Control and File Sharing applications event logger
File Transfer Tools
report formats
– Alert – Chart – Log – Report
Audit steps
Review all aspects of the system's stated criteria.
Review all threats identified.
Choose a frequency of audits whether daily, weekly, or monthly .
Review practices to ensure compliance to written guidelines.