Date post: | 28-Jan-2016 |
Category: |
Documents |
Upload: | mercy-shavonne-little |
View: | 214 times |
Download: | 0 times |
1
Figure 1-17: Security Management
Security is a Primarily a Management Issue, not a Technology Issue
Top-to-Bottom Commitment Top-management commitment
Operational execution
Enforcement
2
Figure 1-17: Security Management
Comprehensive Security Closing all avenues of attack
Asymmetrical warfare Attacker only has to find one opening
Defense in depth Attacker must get past several defenses to
succeed
Security audits Run attacks against your own network
3
Figure 1-17: Security Management
General Security Goals (CIA) Confidentiality
Attackers cannot read messages if they intercept them
Integrity If attackers change messages, this will be
detected
Availability System is able to server users
4
Figure 1-18: The Plan—Protect—Respond Cycle
Planning Need for comprehensive security (no gaps)
Risk analysis (see Figure 1-19)
Enumerating threats
Threat severity = estimated cost of attack X probability of attack
Value of protection = threat severity – cost of countermeasure
Prioritize countermeasures by value of prioritization
5
Figure 1-19: Threat Severity Analysis
Step Threat
1
2
3
4
5
Cost if attack succeeds
Probability of occurrence
Threat severity
Countermeasure cost
Value of protection
Apply countermeasure?
Priority
6
7
A
$500,000
80%
$400,000
$100,000
$300,000
Yes
1
B
$10,000
20%
$2,000
$3,000
($1,000)
No
NA
C
$100,000
5%
$5,000
$2,000
$3,000
Yes
2
D
$10,000
70%
$7,000
$20,000
($13,000)
No
NA
6
Figure 1-18: The Plan—Protect—Respond Cycle
Planning Security policies drive subsequent specific
actions (see Figure 1-20)
Selecting technology
Procedures to make technology effective
The testing of technology and procedures
7
Figure 1-20: Policy-Driven Technology, Procedures, and Testing
Policy
Technology(Firewall,Hardened
Webserver)
Procedures(Configuration,
Passwords,Etc.)
Protection Testing(Test Security)Attempt to Connect to
Unauthorized Webserver
Only allow authorized personnel to use accounting webserver
8
Figure 1-18: The Plan—Protect—Respond Cycle
Protecting
Installing protections: firewalls, IDSs, host hardening, etc.
Updating protections as the threat environment changes
Testing protections: security audits
9
Figure 1-18: The Plan—Protect—Respond Cycle
Responding
Planning for response (Computer Emergency Response Team)
Incident detection and determination
Procedures for reporting suspicious situations
Determination that an attack really is occurring
Description of the attack to guide subsequent actions
10
Figure 1-18: The Plan—Protect—Respond Cycle
Responding
Containment Recovery Containment: stop the attack Repair the damage
Punishment Forensics Prosecution Employee Punishment
Fixing the vulnerability that allowed the attack