1 / 20

Comprehensive Overview of Information Systems Security Operations

This document outlines key objectives and responsibilities in information systems security operations, including configuration management, media access protection, system recovery, and incident handling. It also covers vulnerability and penetration testing processes, from reconnaissance and scanning to exploiting vulnerabilities. Additionally, it addresses the importance of preventive, detective, and corrective controls in maintaining security, the significance of continuity of operations, and the role of physical and technical controls. Key considerations include due diligence, least privilege principles, and the handling of sensitive media.

maj
Télécharger la présentation

Comprehensive Overview of Information Systems Security Operations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Systems Security Operations Security Domain #9

  2. Operations Security Objectives • Operations Responsibility & Personnel • Configuration Management • Media Access Protection • System Recovery • Facsimile Security • Vulnerability and Penetration Testing • Attack Types

  3. Computer Operations • Fixing Hardware and software issues • Media Libraries • Controlling Remote Access • Contingency Planning • Incident Handling • Licensing Issues • Input Controls • Backup and Recovery

  4. Threats to Operations • Disclosure • Destruction • Loss of system and network capabilities • Corruption and Modification • Theft • Espionage • Hackers/Crackers • Malicious Code

  5. Issues • Backup Maintenance • Change workstation/location • Used to improve security • Need to Know Required • Least Privilege Principle Enforced • Due Care • Due Diligence • U.S. Federal Sentencing Guidelines of 1991 • Up to 290M for non-performance

  6. Security Control Types • Directive control • Used to guide the security implementation • Preventive control • Can deter or mitigate undesirable actions • Detective control • Verifies whether a control has been successful • Corrective control • Used to reverse the effects of an unwanted activity

  7. Examples • Directive – policies, standards, laws • Preventive – firewalls, authentication, access controls, antivirus software • Detective – audit trails, logs, CCTV, CRC • Corrective – incident handling, fire extingiuishers

  8. Vulnerability Testing • Things to agree upon • Goals of the assessment • Written agreement from management • Explaining testing ramifications • Understand results are just a ‘snapshot’

  9. Steps in Testing • Reconnaissance • Obtain info either passively or actively • Sniffing, eavesdropping, ARIN, Whois, etc. • Scanning • ID systems that are running and active services • Ping sweeps and port scans • Gaining Access • Exploiting vulnerabilities to gain access • Buffer overflow, brute force

  10. More Steps • Maintaining Access • Uploading software to ensure reentry • Trojan Horse, backdoor • Covering Tracks • Hide one’s malicious activities • Delete system and application logs

  11. Honeypots • Usually placed in DMZ • Should not be connected to internal network • Sacrificial lamb system • Goal is that hackers will attack this system instead of production system • Leaves many ports open and services running to be more ‘enticing’

  12. Sensitive Media Handling • Marking • Handling • Storing • Destruction • Declassification

  13. Continuity of Operations • Fault Tolerance • Software • Hardware • Data Protection • RAID 0, 1, 5, 10 • Redundant Communications • Phone, Broadband, Wireless, Satellite • Redundant Power Supplies

  14. Auditing • Auditing Basics • Logs, monitors, and triggers • Accountability, Compliance • Audit trails • Sampling and clipping levels • External auditors

  15. Monitoring Tools • Warning banners • Keystroke monitoring • Traffic analysis • CCTV

  16. More Terms • Ethical Hacking • War dialing • Radiation monitoring • Dumpster diving • Social engineering

  17. Physical Security • Facility Location and construction • Electrical Issues • Perimeter Protection • Physical Intrusion Detection • Fire Prevention

  18. Threats • Physical Damage • Theft of Assets • Interruption of Service • Disclosure of Proprietary Information • Natural Disaster • Vandalism • Terrorism

  19. Administration Controls • Facility construction • Site management • Personnel controls • Emergency procedures • Awareness training

  20. Technical Controls • Access controls • Alarms • CCTV/Monitors • HVAC • Power Supplies • Fire detection and suppression

More Related