1 / 46

Information Assurance IATF

Information Assurance IATF. IATF Information Assurance Technical Framework Security System Engineering methodology. Information Systems Security Engineering. ISSE Art and science of discovering users' information protection needs.

dex
Télécharger la présentation

Information Assurance IATF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information AssuranceIATF IATF Information Assurance Technical Framework Security System Engineering methodology

  2. Information Systems Security Engineering ISSE Art and science of discovering users' information protection needs. Designing systems with economy and elegance, so that safely resists the forces to which they will be subjected. Building and testing such systems.

  3. SE versus ISSE SE Activities ISSE Activities Discover needs Discover information protection needs Define system requirements Define system security requirements Design system architecture Design system security architecture Develop detailed design Develop detailed security design Implement system Implement system security Assess effectiveness Assess system security effectiveness

  4. Technical Security Countermeasures Determination of the appropriate technical security measures to address attacks at all layers in the information system.

  5. Security Services Services that safeguard information and information systems. Authentication Confidentiality Integrity Availability Non-repudiation Robustness Interoperability

  6. Potential Adversaries Nation States Hackers Terrorists Organized crime Other criminal elements International press Industrial competitors Disgruntled employees Careless employees

  7. Motivations Access to sensitive information Track operations Disrupt operations Steal money, products or services Free use Embarrassment Overcome technical challenge Compromise

  8. Classes of Attacks Passive attacks Active attacks Close-in attacks Insider attacks Distribution attacks

  9. Passive Attacks Monitoring open communication Ethernet sniffing Decrypting weak encryption WEP Password sniffing Traffic analysis

  10. Active Attacks Modify data in transit Modify financial transactions Replay Session hijacking Privileges of established session Masquerading Unauthorized access

  11. Active Attacks (cont'd)‏ Exploiting app's or OS Outlook Express Exploit trust Transitive trust, e.g. PGP

  12. Active Attacks (cont'd)‏ Data execution Open an attachment that is a script Inserting and exploiting code Trojan horse, back door Denial of service

  13. Close-in Attacks Access to comm's wires, RF, visual, etc. Information gathering IP addresses, IDs, passwords System tampering Bugging, keyboard sniffing SW Physical compromise

  14. Insider Attacks Malicious Modify/destroy data and security mechanisms Establish unauthorized access Cover channels Physical damage/alteration Non-malicious Modification of data/configuration Physical damage

  15. Distribution Attacks Attacks on the distribution chain of products or services Modification at vendor's facility Modification during distribution

  16. Primary Security Services Access control Confidentiality Integrity Availability Nonrepudiation

  17. Access Control Limiting access to information, services and communications Identity and authentication You are who you say you are. Authorization Access rights Decision Rights match demand Enforcement Grant/deny and log/notify

  18. Confidentiality Information state Transmission, storage, proccessing Data type Crypto keys, config files, text Amounts or parts of data Value and life of data

  19. Elements of Confidentiality Data protection Data separation Traffic flow protection

  20. Integrity Prevention of unauthorized data modification Detection and notification of unauthorized modification Logging all modifications

  21. Availability Protection from attack Protection from unauthorized use Resistance to routine failures

  22. Non-repudiation Repudiation: Denial by one entity in a multi-entity exchange that it participated. Non-repudiation: Proof of origin, proof of identity, time of origination Proof of delivery, time of delivery Audit trail

  23. Security Technologies APIs CryptoAPI Cryptographic Service Providers File Encryptors Hardware tokens Intrusion detectors IPSec IKE

  24. Security Technologies(cont'd)‏ Packet filter Stateful packet filter PKI SSL S/MIME Trusted Computing Base Virus detectors Tripwire

  25. Robustness Strategy Determine the Degree of Robustness Strength of Mechanism Levels of Assurance

  26. Purpose Security engineering guidance Levels of security mechanisms Security services appropriate to mission Levels of assurance

  27. Robustness Strategy Functions Assessment of strength mechanisms Definition of product requirements Subsequent risk assessments Recommend security requirements

  28. Robustness Strategy Process Assess value Assess threat Determine strength level appropriate Determine implementation necessary

  29. Degree of Robustness

  30. Degree of Robustness Determination Level of strength and assurance recommended for a potential security mechanism Depends on: Value of information Perceived threat environment

  31. Information Value Levels .VI. Violation of the information protection policy would have negligible adverse effects or consequences. .V2. Violation of the information protection policy would adversely affect and/or cause minimal damage to the security, safety, financial posture, or infrastructure of the organization. .V3. Violation of the information protection policy would cause some damage to the security, safety, financial posture, or infrastructure of the organization. .V 4. Violation of the information protection policy would cause serious damage to the security, safety, financial posture, or infrastructure of the organization. .V5. Violation of the information protection policy would cause exceptionally grave damage to the security, safety, financial posture, or infrastructure of the organization.

  32. Threat Levels .TI. Inadvertent or accidental events ( e.g., tripping over a power cord). .T2. Passive, casual adversary with minimal resources who is willing to take little risk ( e.g., listening). .T3. Adversary with minimal resources who is willing to take significant risk ( e.g., unsophisticated hackers). .T4. Sophisticated adversary with moderate resources who is willing to take little risk (e.g., organized crime, sophisticated hackers, international corporations). .T5. Sophisticated adversary with moderate resources who is willing to take significant risk (e.g., international terrorists). .T6. Extremely sophisticated adversary with abundant resources who is willing to take little risk (e.g., well-funded national laboratory, nation-state, international corporation). .T7. Extremely sophisticated adversary with abundant resources who is willing to take extreme risk (e.g., nation-states in time of crisis).

  33. Strength of Mechanism Levels .SMLl is defined as basic strength or good commercial practice. It is resistant to unsophisticated threats (roughly comparable to TI to T3 threat levels) and is used to protect low-value data. Examples of countered threats might be door rattlers, ankle biters, and inadvertent errors. .SML2 is defined as medium strength. It is resistant to sophisticated threats (roughly comparable to T4 to TS threat levels) and is used to protect medium-value data. It would typically counter a threat from an organized effort (e.g., an organized group of hackers). .SML3 is defined as high strength or high grade. It is resistant to the national laboratory or nation-state threat (roughly comparable to T6 to T7 threat levels) and is used to protect high-value data. Examples of the threats countered by this SML are an extremely sophisticated, well-funded technical laboratory and a nation-state adversary.

  34. Assurance Levels EAL 1 Functionally Tested EAL 2 Structurally Tested EAL 3 Methodically Tested and Checked EAL 4 Methodically Designed, Tested and Reviewed EAL 5 Semiformally Designed and Tested EAL 6 Semiformally Verified Design and Tested EAL 7 Formally Verified Design and Tested

  35. Security Mechanisms Security Management Confidentiality Integrity Availability Identification & Authentication Access Control Accountability Non-repudiation

  36. Security Management Mechanisms

  37. Confidentiality Mechanisms

  38. Integrity Mechanisms

  39. Availability Mechanisms

  40. Identification & Authentication Mechanisms

  41. Access Control Mechanisms

  42. Accountability Mechanisms

  43. Non-Repudiation Mechanisms

  44. Interoperability • Contemporary Systems involve multiple networks as well as multiple heterogeneous computer systems • All systems depend on communication • Security must be as transparent as possible in such a compute environment

  45. Elements of Interoperability Architecture Security Protocols Standards Compliance Interoperable Certificate Management Agreement on Security Policies

  46. Interoperability Strategy Foster Standards Security Negotiation Support Open Standards

More Related