Download
1 / 10
100 likes | 101 Vues
This figure highlights the key aspects of security management, including the need for top-to-bottom commitment, the importance of closing all avenues of attack, the concept of defense in depth, and the use of security audits. It also outlines the general security goals of confidentiality, integrity, and availability. The figure then introduces the Plan-Protect-Respond cycle, which involves planning for comprehensive security, protecting against attacks, and responding effectively to incidents.
E N D
Figure 1-17: Security Management • Security is a Primarily a Management Issue, not a Technology Issue • Top-to-Bottom Commitment • Top-management commitment • Operational execution • Enforcement
Figure 1-17: Security Management • Comprehensive Security • Closing all avenues of attack • Asymmetrical warfare • Attacker only has to find one opening • Defense in depth • Attacker must get past several defenses to succeed • Security audits • Run attacks against your own network
Figure 1-17: Security Management • General Security Goals (CIA) • Confidentiality • Attackers cannot read messages if they intercept them • Integrity • If attackers change messages, this will be detected • Availability • System is able to server users
Figure 1-18: The Plan—Protect—Respond Cycle • Planning • Need for comprehensive security (no gaps) • Risk analysis (see Figure 1-19) • Enumerating threats • Threat severity = estimated cost of attack X probability of attack • Value of protection = threat severity – cost of countermeasure • Prioritize countermeasures by value of prioritization
Step Threat A B C D 1 Cost if attack succeeds $500,000 $10,000 $100,000 $10,000 2 Probability of occurrence 80% 20% 5% 70% 3 Threat severity $400,000 $2,000 $5,000 $7,000 4 Countermeasure cost $100,000 $3,000 $2,000 $20,000 5 Value of protection $300,000 ($1,000) $3,000 ($13,000) 6 Apply countermeasure? Yes No Yes No 7 Priority 1 NA 2 NA Figure 1-19: Threat Severity Analysis
Figure 1-18: The Plan—Protect—Respond Cycle • Planning • Security policies drive subsequent specific actions (see Figure 1-20) • Selecting technology • Procedures to make technology effective • The testing of technology and procedures
Figure 1-20: Policy-Driven Technology, Procedures, and Testing Only allow authorized personnel to use accounting webserver Policy Technology (Firewall, Hardened Webserver) Procedures (Configuration, Passwords, Etc.) Protection Testing (Test Security) Attempt to Connect to Unauthorized Webserver
Figure 1-18: The Plan—Protect—Respond Cycle • Protecting • Installing protections: firewalls, IDSs, host hardening, etc. • Updating protections as the threat environment changes • Testing protections: security audits
Figure 1-18: The Plan—Protect—Respond Cycle • Responding • Planning for response (Computer Emergency Response Team) • Incident detection and determination • Procedures for reporting suspicious situations • Determination that an attack really is occurring • Description of the attack to guide subsequent actions
Figure 1-18: The Plan—Protect—Respond Cycle • Responding • Containment Recovery • Containment: stop the attack • Repair the damage • Punishment • Forensics • Prosecution • Employee Punishment • Fixing the vulnerability that allowed the attack
