Please enable JavaScript.
Coggle requires JavaScript to display documents.
ISC2 continued - Coggle Diagram
ISC2 continued
Chapter 5
Security Operations
1.46hr
Mod 1
Understanding Data Security and Encryption
Data Handling
Retention and Disposal of Data
Logging
Symmetric Encryption
Asymmetric Encryption
Hashing
Information as an asset
Protection according to value
Risk-based approach to security
-risk, lowlihood, vulnerability
Information life cycle
Classifications
Top Secret, Secret, Restricted, Public
Label items (clarity / consistency)
Retention
What must vs should we retain
Duration, format, protection
Who decides
Regulatory compliance, understanding obligations
What can't we keep
privacy, regulatory compliance
CIA Triad
Disposition of Data
Secure destruction of data
Specialist data recovery services
Physical destruction
Logical destruction
-deletion vs erasure, data recovery tools
Regulatory compliance
Logging
Understanding what you want or need to monitor
Contractual / legal requirements
Make a decision:
size, budget, duration
Protecting logs:
Time, CIA
Centralizing log storage and retention
Monitoring
Logs are made consequential with review
Manual vs automated monitoring
SIEM
Alerts
Encryption
Uses case:
Confidentiality, integrity, availability, privacy
History of encryption:
Alphabet-based systems, Number-based systems
Caesar Cipher
A substitution cipher
A shift cipher
Key
Sharing the key
Accountability - who did what?
Symmetric encryption (same key to encrypt and decrypt)
Key length (determines the relative strength)
Randomness
(key and cipher needs to be random and long)
Symmetric Cipher
Data Encryption Standard (DES) 64 bit key
Advanced Encryption Standard (AES) 128/192/256 bit key
Data blocks (substitution and permutation - Pros: Fast + strong
Cons: Key distribution + does not scale well
Manage key distribution
Asymmetrical Ciphers
Each subject has two keys
One public and one private
public is shared
private is kept private
The keys are mathematically linked
Overcomes key distribution problems
public keys are shared - directories, certificates
Each key can be used once in an operation; if a file is encrypted with a subjects public key, it must be decrypted with the corresponding private key
Examples of asymmetric ciphers include:
RSA, Diffie-Hellman
Asymmetric key sizes are usually much larger
Weaker bit for bit than symmetric ciphers
Slower to computer than symmetric ciphers
Hashing (one-way encryption)
Integrity control
A representation of a file
unique, fixed length, seemingly random, nonreversible
We can think of this as a 'fingerprint' of the input
Different inputs will have different hash values
Uses of hashing
Common hash algorithms include:
MD% - Message Digest 5 128 bit digest
Secure Hashing Algorithm SHA 160-512 bit digest
What does a hash look like
Hashing Collisions
What if a hash is not unique?
Accidental collisions
Forced collisions
We lose assurance of the integrity of the related item
Changed accidentally
Deliberately falsified
Mod 2
Controls and Assets Management
Asset Inventory
Hardware, Software, Information
Information Asset Inventory
What attributes should be recorded
Metadata
Structured data assets
-Document management systems
Databases
Unstructured data assets
Shared drives, email inboxes
Change
What can change
The importance of tracking change
Updated (may prompt change)
Release, Interdependent systems, support schedules, 3rd party systems, supply chain security
Baselines and Controls
Groups:
Systems, controls, classifications
Simplified management
Improved compliance and awareness
A baseline represents an agreed minimum level of security
Mod 3
Best Practice Security Policies
The importance of directive controls
Data handling policy
Password policy
Acceptable Use Policy (AUP)
Bring Your Device Policy (BYOD)
Change Management policy
Privacy policy
Privacy terminology
Say what you do, Do what you say
Explicit statements over policy provide clarity
Operational procedures align to polices
Policies and procedures guide behaviors
Physical and logical controls can support direction
What happens when there are gaps
Data handling policy
Information at different levels can be protected appropriately
At rest, in motion, in process
Physical and logical operational environments
printed docs, email attachments
Disposition
Password policy
One size does not fit all
User accounts, privileged accounts, system accounts off network access
Other authentication factors
Password length
Password complexity
BYOD
3rd party hardware and software
device, OS, shadow technologies and BYOD
Updates and patching
Sandboxing
Data exfiltration
Differentiation
Mobile Device Management
Change Management
If change management is important we need clear, structured guidance
What is in scope
assets, attributes, artefacts, consistency is the key
Change Management Board
Stakeholder reps
Management rep, security, technical teams, business units, legal counsel
How do we know if a change is worthwhile
How do we know if a change is successful
Approving a change:
risk vs reward, impact, timing, interdependencies, contractual issues, communications, logging and post-implementation review
Rollback planning: snapshots and backups
Privacy policy
Privacy roles:
Data owner / data controller -
accountable, decision maker, controls access
Data processor -
responsible, uses the data, may be a 3rd party
Geography
Who is responsible for security
While the board may be accountable, all colleagues have responsibilities
The role of the user:
a vulnerability
Education
Training
Awareness
Increase awareness about a specific topic
Channels
Measure, record and repeat
Social Engineering
OSI - open source intelligence
Phishing
Spear phishing
Whaling
Mod 4
Understanding Security Education, Training and Awareness (SETA)
Mod 5
Chapter Review
Review questions
Chapter 6
