Slide 1

Report
Security Operations
Domain Objectives
• Protection and Control of Data Processing
Resources
• Media Management
• Backups and Recovery
• Change Control
• Privileged Entity Control
• Categories of Controls
2
Operations Security Focus Areas
•
•
•
•
•
•
•
•
Auditors
Support Staff
Vendors
Security
Programmers
Operators
Engineers
Administrators
• Remote
Storage
• Backups
• Tape
Library
•
•
•
•
Hardware
Software
Media
Peopleware
3
Information Security TRIAD
Availability
Information
Security
Integrity
Confidentiality
4
Domain Agenda
• Resource Protection
• Continuity of Operations
• Change Control Management
• Privileged Entity Control
5
Facility Support Systems
As discussed within the Physical Security domain,
the support systems in a centralized or
decentralized Operations center must be
protected.
6
Facility Support Systems
• Fire Protection
• HVAC
• Electric Power
7
Facility Support Systems
• Water
• Communications
8
Risk of Physical Access to Equipment
• Reduce risk or impact of threats resulting
from unauthorized physical access
9
Media Management
• Another objective of Operations
Security is to protect storage media
10
Object Reuse
• The reassignment of a storage medium that
previously contained one or more objects
• To be securely reassigned, no residual data can
be available to the new subject through
standard system mechanisms
• Disclosure
• Contamination
11
Clearing of Magnetic Media
• Overwriting
• Degausser
• Physical Destruction
12
Media Management Practices
Destroying
Declassifying
Storing
Marking
Sensitive
Media
Controls
Labeling
Handling
13
Misuse Prevention
Threats
Countermeasures
Personal Use
Acceptable use policy, workstation
controls, content filtering, email
filtering
Theft of Media
Appropriate media controls
Fraud
Balancing of input/output reports,
separation of duties, verification of
information
Sniffers
Encryption
14
Records Management
• Records Management
Program Development
• Guidelines
• Records Retention
15
Domain Agenda
•
•
•
•
Resource Protection
Continuity of Operations
Change Control Management
Privileged Entity Control
16
Software & Data Backup
• Operation controls must ensure adequate
backups of:
• Data
• Operating Systems
• Applications
• Transactions
• Configurations
• Reports
17
RAID - Redundant Array of Independent Disks
• Backup of Data stored
on Disk Drives
• Hardware-based
• Software-based
• Use of a Hot Spare
18
RAID Level 0
• Stripes data evenly across two
or more disks with no parity
information for redundancy to
increase system performance
RAID 0
A1
A3
A5
A7
A2
A4
A6
A8
19
RAID Level 1
• Creates an exact copy (or
mirror) of a set of data
on two or more disks
20
RAID Level 2
• Stripes data at the bit level using a Hamming
Code for error correction
• Requires 39 disks!
21
RAID Level 3
• Uses byte-level striping
with a dedicated parity
disk
RAID 3
Stripe 1A
Stripe 2A
Stripe 3A
Stripe 4A
Stripe 1B
Stripe 2B
Stripe 3B
Stripe 4B
P(1A, 1B)
P(2A, 2B)
P(3A, 3B)
P(4A, 4B)
Disk A
Disk B
Parity Drive
22
RAID Level 4
• Uses block-level striping with a dedicated
parity disk
• Similar to RAID 3 except that it stripes at
the block, rather than the byte level
23
RAID Level 5
• Uses block-level striping
with parity data distributed
across all member disks
RAID 5
Stripe 1A
P(2B, 2C)
Stripe 3A
Stripe 4A
Stripe 1B
Stripe 2B
P(3A, 3C)
Stripe 4B
P(1A, 1B)
Stripe 2C
Stripe 3C
P(4A, 4B)
Disk A
Disk B
Disk C
24
RAID Level 6
• RAID 6 extends RAID 5 by adding an additional
parity block, thus it uses block-level striping with
two parity blocks distributed across all member
disks
• Like RAID 5, the parity is distributed in stripes
with the parity blocks in a different place in each
stripe
25
RAID Level 0+1
• Used for both
mirroring and
striping data among
disks
• A hard drive failure
in one array can be
recovered from the
other array
RAID
0+1
RAID 1
RAID
A1 0 A2
RAID
A1 0 A2
A3
A5
A7
A3
A5
A7
A4
A6
A8
A4
A6
A8
26
RAID Level 10
• Also known as RAID 1+0
• Very high reliability combined
with performance
RAID 10
RAID 0
RAID
A1 1 A1
RAID
A2 1 A2
A3
A5
A7
A4
A6
A8
A3
A5
A7
A4
A6
A8
27
Redundant Array of Independent Tapes (RAIT)
• Level 1 RAIT
• Using tapes rather than
disk
• Real-time mirroring
28
Hot Spares
• An unused backup array disk that is part of the
array group
• Hot spares remain in standby mode
• Types of Hot Spares
• Global Hot Spare
• Dedicated Hot Spare
29
Other Backup Types
• File Image
• Data Mirroring
• Electronic Vaulting
• Remote Journaling
• Database Shadowing
• Redundant Servers/Standby Services
30
Fault Tolerance
• Usually refers to Hardware failure
• The system recognizes a failure
has occurred
• Automatically takes corrective
action
31
System Recovery - Trusted Recovery
• Correct implementation
• Ensure that failures and discontinuities of
operation don't compromise a system's
secure operation
32
Types of Trusted Recovery
System
Reboot
Emergency
System Restart
System Cold Start
33
Fail Secure
To fail in a way that will cause no harm,
or a minimal amount of harm, to other
devices or danger to personnel, but
doesn’t cause the system to be insecure.
34
Operational Incident Handling
• First line of Defense
• Logging, Tracking and Analysis of
Incidents
• Escalation and Notification
35
Incident Response Team
• Benefits
• Learning to respond efficiently to
an incident
• Priorities
36
Contingency Plans
Power Failure - UPS
System Failure
Denial of Service
Intrusion
Tampering
Business
Continuity
Plans
Detailed
Recovery
Procedures
37
Specific Operational Contingency Preparations
• System Failure
• Denial of Service
• Tampering or Intrusions
• Production Delays
• I/O Errors
38
Domain Agenda
• Resource Protection
• Continuity of Operations
• Change Control Management
• Privileged Entity Control
39
Change Control Management
• Integrated with Business and IT Initiatives
• Sets out change control process and
ownership of changes
• Ensures that all changes are reviewed for
potential security impact
40
Change Control Committee
• Objectives
• Ensure all changes are
•
•
•
•
•
Properly tested
Authorized
Scheduled
Communicated
Documented
41
Change Control Procedures
Request
Impact
Approval
Assessment
Build/
Test
Implement
Monitor
42
Configuration Management
• The control of changes made to:
• Hardware
• Software
• Firmware
• Documentation
• Test fixtures and test documentation
conducted throughout the system
lifecycle
43
Hardware Inventory and Configuration
• Hardware Inventory An overview of the
hardware installed on any
automated system
• Hardware
Configuration Chart Details the configuration
of the system
44
Protection of Operational Files
• Library Maintenance
• Backups
• Source Code
• Object Code
• Configuration files
• Librarian
45
Documentation
• Requirements
• Format
• Copies
46
Patch Management
• Identification of Patches
• Patch Testing
• Rollout
• Deployment challenges
47
Domain Agenda
• Resource Protection
• Continuity of Operations
• Change Control Management
• Privileged Entity Control
48
Operator Privileges
• Operates and monitors mainframe and
mid-range computers and peripheral
equipment, such as printers, tape and disk
drives
49
Administrator Privileges
• Responsible for running technically
advanced information systems which
includes the setup and maintenance of
computers and networks
• Systems Administrators
• Network Administrators
50
Security Administrator Privileges
• Security administration including:
• Policy
• Development
• Implementation
• Maintenance and compliance
• Vulnerability Assessments
• Incident Response
51
Control Over Privileged Entities
• Review of access rights
• Supervision
• Monitoring
52
Domain Summary
• Operations Security dealt with
• Resource protection
• Continuity of Operations
• Change Control Management
• Privileged Entity Control
53
“Security Transcends Technology”

similar documents