Documente Academic
Documente Profesional
Documente Cultură
Lifecycle Approach
I. Foundation Topics
II. Risk Analysis and Management
1. Secure Network Lifecycle
1. Security is never entirely done; the following is the lifecycle that should be followed
when securing a network.
a. Initiation This involves preliminary risk assessments and categorizing of risk,
such as with labels of low, medium, or high. These assessments and labels can
assist you in prioritizing security measures by focusing on the high-risk items
first
b. Acquisition and development This involves a more detailed risk assessment,
acquiring the products and tools needed to implement the countermeasures
needed to reduce risk, and testing those countermeasures (usually on a closed
network or as a pilot program) to verify their correct implementation.
c. Implementation This is the actual point where the rubber meets the road,
where you put the countermeasures in place on the production network
d. Operations and maintenance This involves monitoring and with the care and
feeding of our network security devices (and incident handling when issues
arise).
e. Disposition All things come to an end, and disposing of network gear
(including sanitizing/formatting/destroying media storage devices) is part of this.
This provides a high-level idea about the security state of network devices,
including servers, desktops, and data storage. This should involve assessing
security from multiple perspectives, with the intent to identify relevant
vulnerabilities
Internal assessment
Attacks are likely to come from users inside the network, as well, and the
internal assessment is designed to see how well protected you are from the
inside attacks
External assessment This is to assess the security risk associated with attacks from external devices
on networks that connect to you (for example, from devices over the Internet).
Wireless assessment Wireless assessment identifies the vulnerabilities and weaknesses associated
with the wireless implementation. This includes the range of the access points
that might go beyond the walls of the building and provide a potential
opportunity for a threat
Analysis and
documentation
This combines the details about vulnerabilities that may exist from all the
assessments completed. This report should include countermeasures and
recommended solutions to mitigate the risk involved from an attack.
The executive senior management team is ultimately responsible for the data and
the networks that carry the data for their company. From a technician's
perspective, this might seem a bit odd that the senior management team is
creating a security policy, but that is who specifies the overall goals of the
policy. The high-level security policy is often referred to as a governing policy.
It is up to the management teams and staff who have the skills to implement the
appropriate controls (which include physical, logical, and administrative
controls). At this level, we often use technical policies to implement the security
responsibilities based on the roles the staff are filling
It is up to the end users to agree to and abide by the policies set forth by the
company. This is referred to as an end-user policy, which is sometimes called
acceptable use policy (AUP).
What is in a
security policy?
Why do we have
security policies?
Besides risk management, security policies are also used to educate users, staff,
and other workers about what the policy of the company is. It can also be used
to establish a baseline for which security measures must be implemented to
protect assets. Without a security policy in place, the risk (which is a factor of
assets that are vulnerable being attacked and resulting in a loss) is too great.
Procedures
This is a detailed document about the standards and guidelines, which helps
staff to implement security for the network. Using a procedural list, an
implementation on the network can be done by any one of the staff, and if the
procedure is followed in a consistent manner, the result will be the same each
time. Having good procedures that are easily followed to implement network
security correctly is an important aspect of a secure network
Guidelines
Guidelines are simply suggestions and are not mandatory. They usually
represent best practice techniques, but are not actually required to be used. If
policy and procedure and standards are vague, following the guidelines
provided will be a good indication of what to do to maintain and continue the
spirit of the security policy. (When in doubt, check with the manager for
clarification before implementing any changes outside of procedure or
standards.)
Policies
The policies themselves are high level in nature and come from the senior
management team. They usually do not include the technical details about how
to implement the policy. (The implementation is left up to their staff.)
Ultimately, the senior executive team is responsible as the owner of the data,
and is also responsible to ensure that staff implements the policies.
8. Collecting Evidence
1. A policy should be in place if an attack happens to gather evidence while at the same
time recovering from the attack. Do not let recovery erase any evidence of the
attack.
2. This policy will probably be generic but more specific policies should probably be
put in place for the various types of equipment in use on the network
3. An example if an attack happened that involves disk storage, make a snapshot of the
drive before recovering it. The checksum of the drive should be the same as the
original drive to show it is exactly the same.
4. Take pictures of the equipment, gather logs etc. This will all be important for
forensics and prosecution.
Page
Number
Text
25
Text
27
Table 2-3
29
What is in a security
policy?
Why do we have
security policies?