Operations Security Presentation
Transcript of Operations Security Presentation
![Page 1: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/1.jpg)
Operations Security
Muhammad Wajahat Rajab
![Page 2: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/2.jpg)
Question…
Operations Security seeks to primarily protect against which of the following?
A. Object reuse
B. Facility disaster
C. Compromising emanations
D. Asset threats
![Page 3: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/3.jpg)
Question…
Operations Security seeks to primarily protect against which of the following?
A. Object reuse
B. Facility disaster
C. Compromising emanations
D. Asset threats
![Page 4: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/4.jpg)
Punch Line
• Primarily concerned with the protection and control of information processing assets
![Page 5: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/5.jpg)
Overview
![Page 6: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/6.jpg)
Domain Introduction
• Mixture of all the domains…
• Core goal of Operations Security?– Availability
• Are others important? – Surely, they are!
• The domain is divided into following sections:– Privileged Entity Controls
– Resource Protection
– Continuity of Operations
– Change Control Management
![Page 7: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/7.jpg)
Points to ponder
• What is the state of being free from danger or injury?
• What are the opposite terms for the following?
– Availability
– Integrity
– Confidentiality
![Page 8: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/8.jpg)
Privileged Entity Controls
![Page 9: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/9.jpg)
Introduction
• Privileged Entity Controls are the mechanisms that give privileged access to…
– Hardware
– Software
– Data
• Where do the controls that permit privileged functions usually reside?
![Page 10: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/10.jpg)
Privileged Entity Controls
• Account Management
• System Accounts
• System Operators
• Ordinary Users
• System Administrators
• Security Administrators
![Page 11: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/11.jpg)
Account Management
• Involves life-cycle process for every account in a system
• Primarily four types of accounts…
– Root
– Service
– Privileged user
– Ordinary user
• Accounts not needed should be disabled or deleted!
![Page 12: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/12.jpg)
Account Management (2)
• Efficient management requires assignment of individual accounts into groups or roles
– What is a group account?
• Group management involves assigning a user account to one or multiple groups
– Each group is given a set of permissions to access objects within a system!
![Page 13: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/13.jpg)
System Accounts
• Dedicated accounts to provide a variety of system services using autonomous processes
– Services are background processes that run in their own security context
– DBMS contain number of these accounts
![Page 14: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/14.jpg)
System Operators
• Work in data center environments where mainframe systems are used
– Given elevated privileges• Which can lead to circumvention of security policy!
• Use of these privileges should be monitored through audit log
• Responsibilities assigned to operators include…
– Implementing the initial program load
– Monitoring execution of the system
– Volume mounting
![Page 15: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/15.jpg)
System Operators (2)
– Controlling job flow
– Bypass label processing
– Renaming and relabeling resources
– Reassignment of ports
![Page 16: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/16.jpg)
![Page 17: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/17.jpg)
Ordinary Users
• Given restrictive system privileges!
• Allowed access that require minimum privileges to run
• Work in client/server architecture environment
• Should not be allowed to monitor system execution
• Should not be allowed to reassign ports
• Should not be allowed the re-labeling of the resources
![Page 18: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/18.jpg)
System Administrators
• Manage system operations and maintenance
• Ensure system is functioning properly for system users
• Privileges assigned to trained and authorized individuals
• Privileges to affect critical operations such as setting…
– Time, Boot sequence, System logs and Passwords
![Page 19: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/19.jpg)
Security Administrators
• Oversee the security operations of a system
• Security operations include:
– Account management
– Assignment of file sensitive labels
– System security settings
– Audit data review
– Provide a check and balance of the power assigned to System Administrators• Through auditing and reviewing the activities
![Page 20: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/20.jpg)
Security Administrator Functions
• File Sensitivity Labels
• Clearances
• System Security Characteristics
• Passwords
• Audit Data Analysis and Management
![Page 21: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/21.jpg)
File Sensitivity Labels
• Implemented to control access to information
• Allow privileges or deny access to a file
• Prevent data from being written to an area on the system with a lower sensitivity
![Page 22: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/22.jpg)
Clearances• Assigned according to trustworthiness and the level of
access needed for sensitive information
• Ensure proper level of clearance has been assigned prior to providing access
![Page 23: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/23.jpg)
System Security Characteristics
• Define the security settings of systems and applications…
– Network devices
– Database Management Systems
• Improper configuration can impact the proper operation of the system or network!
![Page 24: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/24.jpg)
Passwords
• Password distribution is an important function
• Trusted distribution channels needed to avoid a compromise
• Types of passwords?
![Page 25: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/25.jpg)
Audit Data Analysis and Management
• Auditing information can be obtained from
– Servers, Workstations, Databases, Firewalls, etc…
• Tools used must detect unauthorized activity or attacks
• Auditing mechanism must support organizational policy
• Auditing can affect the system availability…
– Consume CPU time, Network bandwidth, Storage Space!
• Keep in mind the log retaining issues
– Regulations
![Page 26: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/26.jpg)
![Page 27: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/27.jpg)
Question…
What setup should an administrator use for regularly testing the strength of user passwords?
A. A networked workstation so that the live password database can easily be accessed by the cracking program.
B. A networked workstation so the password database can easily be copied locally and processed by the cracking program.
C. A standalone workstation on which the password database is copied and processed by the cracking program.
D. A password-cracking program is unethical; therefore it should not be used.
![Page 28: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/28.jpg)
Question…
What setup should an administrator use for regularly testing the strength of user passwords?
A. A networked workstation so that the live password database can easily be accessed by the cracking program.
B. A networked workstation so the password database can easily be copied locally and processed by the cracking program.
C. A standalone workstation on which the password database is copied and processed by the cracking program.
D. A password-cracking program is unethical; therefore it should not be used.
![Page 29: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/29.jpg)
Resource Protection
![Page 30: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/30.jpg)
Introduction
• Resource protection includes…
– Facilities
– Hardware
– Software
– Documentation
– Threats to Operations
– Control Methods
– Data and Media Control
– Disposal Control
![Page 31: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/31.jpg)
Facilities
• Use systems and controls to sustain the IT operation environment
– Fire detection and suppression systems
– HVAC
– Water and sewage systems
– Reliable power supply and distribution system
– Power line conditioners
– Telecommunication systems
– Access control and intrusion detection systems
![Page 32: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/32.jpg)
Hardware
• Appropriate physical security needed to ensure CIA…
– Concept of least privilege
– Restricted access
– Escorting a visitor
– Protecting workstations
– Protecting the printing devices
– Authorized access to firewalls
– Limited access to… • Routers, Switches etc
– Periodic inspection of network cables
![Page 33: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/33.jpg)
Hardware (2)
– Use of strong encryption in wireless communication• WPA over WEP
![Page 34: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/34.jpg)
Software
• Preventing copyright infringements
• Preventing illegal duplication and distribution of software– Periodic inventory scans
• Software escrow– Need?
• Proper SDLC procedures
• Proper testing and version control– Separation of duties
• Protecting the Operating System passwords
• Protecting the Audit Logs
![Page 35: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/35.jpg)
Documentation
• Ensuring the protection of documentation related to…
– Network design
– Vulnerabilities
– Proprietary methods• Proprietary information Trade secrets
– Source code
• All important documentation should be controlled and catalogued!
![Page 36: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/36.jpg)
Threats to Operations
• Disclosure of sensitive information– Confidentiality
• Corruption/modification of processes– Integrity
• Theft / Removal of resources– Confidentiality, Integrity, Availability
• Destruction of resources– Availability
• Interruption of resources– Availability
![Page 37: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/37.jpg)
![Page 38: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/38.jpg)
Control Methods
• Input / Output Control
• Equipment Control
• Support System Control
• Personnel Control
• Antivirus Management
![Page 39: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/39.jpg)
Input / Output Control
• Input…
– Time-stamping, Authentication, Logging
– Audit trails• Record of data entered into the system
• Record of the data edited
• Output…
– Release sensitive data after signing it
– Empty report should contain "No Output"
– Information storage area must be protected
![Page 40: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/40.jpg)
Equipment Control
• Regular monitoring, maintenance
• Penetration test should be conducted
• Use encryption for data communication
• Remote maintenance should be restricted
• Third party maintenance should be supervised
• Data center should have minimal exposure from environmental threats
• Restricted access to secure room where operational components are located– Keep log of equipment moving in and out of restricted
room!
![Page 41: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/41.jpg)
![Page 42: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/42.jpg)
Personnel Control
• Security awareness training
• Background checks and screening
• Separation of duties
• Job rotation
• Accountability through logging and monitoring
– Need to know basis
– The principle of least privilege
• Mandatory vacation!
![Page 43: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/43.jpg)
Antivirus Management
• Continuous monitored updates
• Automatic scheduled scanning
– Issues?
• Antivirus software must be present
in...
– Email servers
– File servers
– Workstations
![Page 44: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/44.jpg)
Data and Media Control
• Data
– Backup data
– Encrypt sensitive data
• Media
– Use a media library/librarian
– Marking
– Logging
– Integrity verification
– Physical Access Protection
– Transmittal
– Disposition
![Page 45: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/45.jpg)
Disposal Control
• Initiates at the end of life cycle of a system
• Ensure that regulations do not require to keep specific data for a period of time
• Prevent dumpster diving
• Properly erasing data from media
– Degaussing
– Zeroization
– Physical destruction
![Page 46: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/46.jpg)
Degaussing
• Data is stored on magnetic media by the representation of the polarization of the atoms
• Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux
![Page 47: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/47.jpg)
Zeroization
• Purging (Overwriting) existing data with '1s' and '0s‘…
– Single pass - Data area is overwritten once with '1' or '0'
– DoD Method - The data area is overwritten with '0s' then '1s' and then once with pseudo random data
– NSA erasure algorithm - Data is overwritten seven times with '0' pattern then with '1' and so on…
– Gutmann Method - The data is overwritten 35 times!
![Page 48: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/48.jpg)
Physical Destruction
• Best method for papers and read only media
– There are highly specialized recovery programs to recover data after disk wiping
![Page 49: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/49.jpg)
Question
What is the main issue with media reuse?
A. Degaussing
B. Data remanence
C. Media destruction
D. Purging
![Page 50: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/50.jpg)
Question
What is the main issue with media reuse?
A. Degaussing
B. Data remanence
C. Media destruction
D. Purging
![Page 51: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/51.jpg)
Continuity of Operations
![Page 52: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/52.jpg)
Introduction
• Backup Types
• Backup Methods
• Hardware
• Communications
• Facilities
• Operational Controls
• Problem Management
![Page 53: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/53.jpg)
Backup Types
• Full Backup
• Incremental Backup
• Differential Backup
![Page 54: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/54.jpg)
Full Backup
• All files are backed up
• Fastest restoration process
• Takes the longest to perform backup
![Page 55: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/55.jpg)
Incremental Backup
• Backs up files that have changed since last backup
• Backups can be performed quickly
• Restoration takes longer
![Page 56: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/56.jpg)
Differential Backup
• Backs up files that have changed since last full backup
• For restoration, full backup is restored and then differential backup is restored
![Page 57: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/57.jpg)
Backup Methods
• Hierarchical Storage Management
• Disk Mirroring
• Disk Duplexing
• RAID
• Storage Area Network
![Page 58: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/58.jpg)
Hierarchical Storage Management
• Uses hard disk and optical or tape jukebox technology to offer continuous online backup functionality
• Files are moved along a hierarchy of storage devices to less expensive form storage based on rules tied to the frequency of data access
• Transparent to users
![Page 59: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/59.jpg)
Disk Mirroring
• Exact same data is written to two or more hard disks
• Uses one disk controller
– Controller is the single point of failure
![Page 60: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/60.jpg)
Disk Duplexing
• Exact same data is written to two or more hard disks
• Backup device has more than one disk controller
![Page 61: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/61.jpg)
RAID
• Level 0
– Striping• No fault tolerance
– High performance
• Level 1
– Mirroring
• Level 2
– Data strip over all drives at the bit level
– Parity = Yes
– Requires 39 disks (Not Practical)
![Page 62: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/62.jpg)
RAID (2)
• Level 3
– Byte level parity
– All parity data is on one disk
• Level 4
– Block level parity
• Level 5
– Parity = Yes
– Parity over all disks!
![Page 63: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/63.jpg)
![Page 64: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/64.jpg)
![Page 65: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/65.jpg)
Byte level
![Page 66: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/66.jpg)
![Page 67: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/67.jpg)
Storage Area Network
• Several distinct storage systems that connected together to create a backup network
• High speed sub-network of shared storage devices
• Transparent to user
![Page 68: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/68.jpg)
Hardware
• Redundant and backup components
– Hot spares / Cold spares
• Multiple power supplies
• Fail over devices
– Router, Firewalls etc
• Standby services
![Page 69: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/69.jpg)
Communications
• Redundant communication links
– Multiple lines between distributed resources
• Backup communication links include...
– Local Phone company
– Long distance carriers
– Competitive telecommunication carriers
– Broadband through telephone lines
– Broadband over cable modems
– Wireless metropolitan area networks
– Satellite links
![Page 70: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/70.jpg)
Facilities
• Continuous well regulated power
– Redundant feeds, Power line regulators
– Back up power sources• UPS, Generators
• Proper humidity and temperature level
– 40% to 60%
– 70° to 74° F
• Physical Security
– Access controls, Intrusion detection systems, Guards etc.
• Well documented contingency plans
![Page 71: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/71.jpg)
![Page 72: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/72.jpg)
Operational Controls
• Development and enforcement of SOPs
– System start up
– Error conditions and how to handle them?
– System shutdown
– Restoring the system from backup media
• Boot up sequence (C:, A:, D:) should not be available to reconfigure
• Writing activities to system logs should not be bypassed
![Page 73: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/73.jpg)
Operational Controls (2)
• Output should not be able to be rerouted
• Fail secure (Fail closed)
• Fail safe (Fail open)
• Recovery action…
– Warm reboot (Controlled, Automatic)
– Emergency system restart (Uncontrolled, Automatic)
– System cold start (Uncontrolled, Manual)
![Page 74: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/74.jpg)
Problem Management
• Problem = Unknown cause of one or more incidents
• Known error = Successfully diagnosed problem
– For which a solution or work around has been identified!
• Problem tracking and reporting
• Advantages:
– Lowering impact
– Reducing failures
– Preventing from reoccurring
![Page 75: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/75.jpg)
Problem Management (2)
• Problems to be investigated…
– Any incident different from standard procedures
– Unexplainable, Randomly occurring process
– Any processing anomalies
• Examples…
– System component failure
– Power failure
– Telecommunication failure
![Page 76: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/76.jpg)
Problem Management (3)
• Examples
– Tampering
– Production delay
– Input / Output errors
– Spam
– Phishing
– Malware
– Spyware
– Denial of service
![Page 77: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/77.jpg)
![Page 78: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/78.jpg)
Change Control Management
![Page 79: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/79.jpg)
Introduction
• Change Control Management
– Change Control Process
– Configuration Management
– Contingency Planning
– Intrusion Response
– Operations Management
![Page 80: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/80.jpg)
Change Control Management
• Authorizes changes to production systems, including system and application software
• Changes to production system include...
– Implementation of new applications
– Modifications of existing applications
– Removing old applications
– Upgrading or patching system software
![Page 81: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/81.jpg)
Change Control Process
• Request
• Impact assessment
• Approval/Disapproval
• Build
– Test
• Notification
• Implementation
• Monitoring
• Documentation
![Page 82: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/82.jpg)
Configuration Management
• Performed after a change has been approved through a change control process
• Ensures that the changes to production systems are done properly
• Ensures that changes do not take place unintentionally or unknowingly
• Documentation and maintenance of documents pertaining to system and software changes
![Page 83: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/83.jpg)
Contingency Planning
• Allows production environment to continue to operate after disruption
• Coordinates backups and recovery plans
• Identifies mission critical functions and systems that support them
• Identifies critical interdependencies
• Generates formal written recovery procedures
• Promotes proper training as well as testing of plans
![Page 84: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/84.jpg)
Intrusion Response
• Audit trail monitoring
• Auditing event include…
– Monitoring and identifying system resource use
– Monitoring and analyzing network traffic and connections
– Monitoring and identifying user account and file access
– Scanning for malicious code
– Verifying file and data integrity
– Probing for system and network vulnerabilities
![Page 85: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/85.jpg)
Operations Management
• Operation Management include reviewing…
– Implementation of vendor patches
– Operating logs
– Inventory
– Change control practices
– Incident reporting in Problem Management
– System/Audit logs
– Audits/Security reviews
![Page 86: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/86.jpg)
Thank you…
• Any Questions…
![Page 87: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/87.jpg)
Question 1
Critical data is?
A. Subject to classification by regulatory bodies or legislation
B. Data of high integrity
C. Always protected at the highest level
D. Instrumental for business operations
![Page 88: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/88.jpg)
Question 1
Critical data is?
A. Subject to classification by regulatory bodies or legislation
B. Data of high integrity
C. Always protected at the highest level
D. Instrumental for business operations
![Page 89: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/89.jpg)
Question 2
When an organization is determining which data is
sensitive, it must consider all of the following EXCEPT:
A. Expectations of customers
B. Legislation or regulations
C. Quantity of data
D. Age of the data
![Page 90: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/90.jpg)
Question 2
When an organization is determining which data is
sensitive, it must consider all of the following EXCEPT:
A. Expectations of customers
B. Legislation or regulations
C. Quantity of data
D. Age of the data
![Page 91: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/91.jpg)
Question 3
All of the following are examples of Preventative Control
EXCEPT?
A. Intrusion detection systems
B. Human resources policies
C. Anti-virus software
D. Fences
![Page 92: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/92.jpg)
Question 3
All of the following are examples of Preventative Control
EXCEPT?
A. Intrusion detection systems
B. Human resources policies
C. Anti-virus software
D. Fences
![Page 93: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/93.jpg)
Question 4
To speed up RAID disk access, an organization can:
A. Use larger hard drives
B. Stripe the data across several drives
C. Mirror critical drives
D. Disallow some queries
![Page 94: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/94.jpg)
Question 4
To speed up RAID disk access, an organization can:
A. Use larger hard drives
B. Stripe the data across several drives
C. Mirror critical drives
D. Disallow some queries
![Page 95: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/95.jpg)
Question 5
A timely review of system access audit records is an
example of which type of security function?
A. Avoidance
B. Deterrence
C. Prevention
D. Detection
![Page 96: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/96.jpg)
Question 5
A timely review of system access audit records is an
example of which type of security function?
A. Avoidance
B. Deterrence
C. Prevention
D. Detection
![Page 97: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/97.jpg)
Question 6
Which of the following is not a technique used for
monitoring?
A. Penetration testing
B. Intrusion detection
C. Violation processing (using clipping levels)
D. Countermeasures testing
![Page 98: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/98.jpg)
Question 6
Which of the following is not a technique used for
monitoring?
A. Penetration testing
B. Intrusion detection
C. Violation processing (using clipping levels)
D. Countermeasures testing
![Page 99: Operations Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022052523/555c3a88d8b42a0b038b4991/html5/thumbnails/99.jpg)
Thank you…