Post on 03-Apr-2018
7/28/2019 Enterprise Information Assurance (Managing Security Operation)
1/9
Managing Security
OperationBy
Zarif Rahman
7/28/2019 Enterprise Information Assurance (Managing Security Operation)
2/9
Content
Security Operation
Risk Mitigation in IA
Threat Response
Element Of Operating Security Process
Step for Security Operation Process
7/28/2019 Enterprise Information Assurance (Managing Security Operation)
3/9
Security Operation
Security operation is responsible for
maintaining continuous security function
within the daily routine operation.
Security function is a management process
not technical process. It through procedure
plan.
The role of security operation is to maintain
the operational procedure needed to secure
network, application and media.
7/28/2019 Enterprise Information Assurance (Managing Security Operation)
4/9
Maintaining Security
Operation
Routine ofSec.
Operation
Ensurecurrent
operatingalign with org
sec policy
Monitorperformance
of securityduties. Follow
the process
Executeoperation
housekeepingto ensuresecurityfunction
continuouslyoperate
7/28/2019 Enterprise Information Assurance (Managing Security Operation)
5/9
Risk Mitigation in IAIf Information Assurance is not meet the goal, the organizationmust performs a risk mitigation or assessment to decide how tomeet the IA.
RISKMITIGATION
DECISION
CHANGE PRACTICE
MODIFY REQUIREMENT
NEW STRATEGY
7/28/2019 Enterprise Information Assurance (Managing Security Operation)
6/9
Threat Response
Proactive Identify,creation,assessment and
optimization
Reactive
Detecting and reacting to internal orexternal violation
To make sure the organization ready to anythreat.
7/28/2019 Enterprise Information Assurance (Managing Security Operation)
7/9
Element Of Operation
Security ProcessSensing
Analyzing
Responding
Managing
To identify andresolve threat
Analyst theimpact analysis
Corrective actionbased on impact
analyst
Oversees andcoordinate the
process
7/28/2019 Enterprise Information Assurance (Managing Security Operation)
8/9
Step For a Secure Operation
Document the baselineSTEP 1
Determine the benchmarksSTEP 2
Establish Security Architecture
STEP 3
Create AwarenessSTEP 4
Deploy Supporting TechnologySTEP 5
Asses PerformanceSTEP 6
Spesify Corrective ActionSTEP 7
Enforce AccountabilitySTEP 8
7/28/2019 Enterprise Information Assurance (Managing Security Operation)
9/9
QuizWhy is security of operations useful to overall information
assurance?
Security operation is a critical part in IA lifecycle. The function ensures theintegrity and performanceof the organization. Also ensures the execution
of the policies and procedure needed to the entire organization.
How would you differentiate operation security from incident
response?
Incident response is an action taken by the incident response team (IRT)when an incident occurred. The action follow the procedure and workinstructionin the operations plan to execute the countermeasure.Operation security is a proses of maintain the security functions.