Please enable JavaScript.
Coggle requires JavaScript to display documents.
Conditions of Security Operations (Manage Security Operation…
Conditions of Security Operations
BCP = How To Recover From Incident
Project Scope and Plan Preparation
Resource Requirement: Manpower, time, Materials
Business & Org Analysis: Operation Department, Service Support departments, Senior Admin personnel and enterprise decision makers
DCP Team: Representative from "Each core business operation Department, Supporting Department, IT, Security, Legal, Senior Management"
Requirements of Law & Regulations
Business Impact Assessment
Possibility assessment
Risk identification
Priority Determination: using Maximum Tolerable Downtime
(MTD)
Impact assessment
Resource priority
Continuity Plan Preparation
3- Preparation and handling
4- Training and education
2- Plan implementation
5- Planning approval
1- Policy development
BCP Documentaion
Physical Security
Manage Security Operation
Configuration of protection resources: All Assets have the same security state config
Use resource protection technologies: Media Management & Asset Management
Understand and apply basic security operations principles
Patch and vulnerability management
Change management
Participate in the solution of personal safety
Incident Prevention and Operation
Performing and maintaining preventive measures
Managing logs and monitoring behavior
Implementing
incident Response management
1- Detect: Logs, Monitor
2- Respond: investigation
3- Mitigate: Prevent Impact
4- Report
5- Recover: To normal state but collect Evidence first
5- Remediate
6- Lessons learned
DRP
Include: Natural disasters, Man-Made disasters, public facilities and infrastructure faults
Implement DRP
Storage Backup
Site Recovery
Mutual Assistance Agreement
Service Availability
fault tolerance
Service Quality
Execute the DRP by
Emergency Response
CERT/CC: CERT Coordination Center
FIRST: Forum of Incident Response and Security Teams
Develop/Share: Tech info, tools, methods, processes, best practices
Encourage/Promote: The dev of security product, policy, Service
Develop/Announce: Best Security Practices
Promote/Dev/Establish: worldwide Security Incident Response Team
Foster a Safer Global Electronic Environment
CERT: Computer Emergency Response Team
China
National Computer Network Intrusion Prevention Center
National 863 Program Computer Intrusion Prevention
Antivirus Research Center
CNCERT/CC
Non-Profit, Non-Governmental
International Cooperation with 211 Org in 72 country
Incident discovery
Warning
Emergency Handling
Test and assessment
CyberSecurity Law
Regulations on Personal Information Protection for Telecom and Internet Users
Regulation of Critical Information Infrastructure Security Protection(Draft for Soliciting Opinions)
National Emergency Plan for Cyber Security Incidents
Incident Classifications
Malicious Program
Cyber Attack
Information Breach
Information Content Security
Equipment and Facility Fault
Disaster
Incident Category
Extremely serious incidents
Warning Level: Red Signal Warning
Emergency response level: Level I Response
Seriousincidents
Warning Level: Orange Signal Warning
Emergency response level: Level II Response
Relatively serious incidents
Warning Level: Yellow Signal Warning
Emergency response level: Level III Response
Ordinary incidents
Warning Level: Blue Signal Warning
Emergency response level: Level IV Response
Response Types
Remote
Local
Response Process
3- Suppression
Stop
Minimize the Impact
4- Incident Resolving
Cause Location
Repair & Hardening
Summary & publicity
2- Detection
Monitoring
Incident Judgment
Report Security Incidents
5- Recovery
1- Preparation
Asset Risk Analysis
Security Hardening
Emergency Response Plan Preparation
Emergency Response Team Setup
Technical Support Library
Assurance Resources Acquired
6- Conclusion
Response Plan Classifications
Special emergency response plan
Specific system emergency response plan
Comprehensive emergency response plan
Individual incident response plan
Response Model (PDRR)
2- Detection
3- Response
1- Protection
4- Recovery
Catalog of Critical Network Equipment and Specialized Cybersecurity Equipment(FirstEdition)
Regulation of Internet News and Information Service Management
Regulation of Internet Content Management Administration Law Enforcement Procedure
Test the DRP
Read-through tests
Structured tests
Simulation tests
Parallel tests
Short and medium tests
Investigation and Ferensics
Investigation Types
Civil: Don't involve Internal Employee, legal teams
Regulatory: If Org Violate the Law
Crime: iligal act
Operation-type: Performance, Conf issue
Electronic forensics
Evidence Types
Physical
Documentary: Logs
Verbal
Evidence Must be Acceptable
related to the determination of facts
related to the event
legally obtained
Investigation Process
3- Evidence Collection and Preservation
4- In-Person Communication
2- Request of law enforcement
5- Filling of Lawsuits
1- Incident Confirmation