Chapter 08

advertisement

Chapter 8

Administering Security

Administering Security

Planning: prepare and study what will verify our implementation meets security needs of today and tomorrow.

Risk Analysis: cost/benefit analysis of controls.

Policy: establish a framework to verify security needs are met.

Physical Control: what aspects of the computing environment have an impact on security?

Security Planning

“ The system security plan should be viewed as documentation of the structured process of planning adequate, cost-effective security protection for a system. It should reflect input from various managers with responsibilities concerning the system, including information owners, the system operator, and the system security manager. Additional information may be included in the basic plan and the structure and format organized according to agency needs, so long as the major sections described in this document are adequately covered and readily identifiable ” (SANS).

Contents of Security Plan

Policy: the goal of the computer security.

Current State: describe current status.

Requirements: how to meet goals. legal, etc.

Recommended Controls: map controls to vulnerabilities identified.

Accountability: who is responsible

Timetable: due dates for tasks

Continuous Attention: keep it up to date.

Table 8-1 The Six “ Requirements ” of the TSEC

Security Policy There must be an explicit and well-defined security policy enforced by the system.

Identification Every subject must be uniquely and convincingly identified.

Identification is necessary so that subject/object access can be checked

Marking Every object must be associated with a label that indicates its security level. The association must be done so that the label is available for comparison each time an access to the object is required.

Accountability The system must maintain complete, secure records of actions that affect security. Such actions include introducing new users to the system, assigning or changing the security level of a subject or an object, and denying access attempts.

Assurance The computing system must contain mechanisms that enforce security, and it must be possible to evaluate the effectiveness of these mechanisms.

Continuous protection

The mechanisms that implement security must be protected against unauthorized change.

Figure 8-1 Inputs to the Security Plan.

Do we protect everything?

Risk Assessment

Risk Categorization and Prioritization

Risk Mitigation

Resources Available

Planning

Implementation

Testing

Updates to plan

Live Chat 5 4/16/2020 7

Risk Analysis

Threat Description

Risk Assessment

Organization:

High

Probability

Medium Low

Date:

High

Impact

Medium Low

What are the risks?

What is the probability of occurring?

What is the impact if it happens?

4/16/2020 Live Chat 5 8

Risk Analysis

Assets: what are we trying to protect?

Threats and Vulnerabilities: potential harmful occurrences (power loss, hackers, virus, earthquake).

◦ Vulnerability: a weakness that allows a threat to cause harm.

Risk = Threat * Vulnerability.

Risk = Threat * Vulnerability * Impact($).

Risk Analysis Matrix

Consequences

EVENT:

Almost Certain

Likely

Possible

Unlikely

Rare

Insignificant Minor Moderate Major Catastrophic

H H E E E

M

L

L

L

H

M

L

L

H

H

M

M

E

E

H

H

E

E

E

H

E-Extreme

H-High

M-Medium

L-Low

Risk Analysis Terms

Annualized Loss Expectancy (ALE):

◦ annual cost of a loss due to a risk. Help to mitigate risk.

Asset Value (AV): value of asset you are protecting

Exposure Factor (EF): percentage of value an asset lost due to an incident.

Single Loss Expectancy(SLE): cost of a single loss. (AV x EF).

Annual Rate of Occurrence (ARE): number of losses per year.

Annualized Loss Expectancy: yearly cost due to a risk.

◦ SLE x ARO

Total Cost of Ownership (TCO): total cost of a mitigating safeguard.

Return On Investment (ROI): amount of $$$ saved by implementing a safeguard.

Risk Choices

Accept: if low likelihood and low impact.

Mitigate: lower risk to acceptable level.

Transfer: buy insurance.

Avoid it: drop the project.

Figure 8-2 Vulnerabilities Suggested by

Attributes and Objects.

Figure 8-3 Vulnerabilities Enabling a Trojan Horse Attack .

Six attributes might enable a Trojan horse attack

Figure 8-4 Mapping Control Techniques to Vulnerabilities.

Example:Vulnerability E primarily controlled by Technique 2.

Figure 8-5 Matrix of Vulnerabilities and Controls.

Attributes leading to vulnerabilities on left, controls on top.

Figure 8-6 Valuation of Security Techniques.

Figure 8-7 Relevance of Certain Security Techniques to Roles and Attack Components.

Figure 8-8 Risk Calculation for Regression Testing.

Arguments For Risk Analysis

Improve Awareness

◦ increase level of interest.

Relate Security Mission to Management

Objectives

◦ Security costs money.

◦ Need people to understand security balances harm and the costs of controls.

Identify Assets, Vulnerabilities & Controls.

Arguments For Risk Analysis

Improve basis for decisions

◦ Risk analysis augments the manager ’ s judgment as a basis for the decision.

Justify Expenditures for Security

◦ Balance costs versus risks to identify the business case for a control.

Arguments Against Risk Analysis

False Sense of Precision and Confidence

◦ Uses empirical data to generate estimates of risk impact, risk probability and risk exposure.

Hard to Perform

◦ Assessment is subjective and time consuming.

Arguments Against Risk Analysis

Immutability

◦ Risk analysis is often quickly forgotten.

◦ Analysis must be a living document and not a one time event.

Lack of accuracy

◦ Hard to estimate risks.

◦ May be gaps due to our limited knowledge of the system.

Physical Security

Natural Disasters

◦ Earthquake, hurricane, flood, fire, storms, etc.

Environmental

◦ Electrical

 Brown/black outs, spikes, surges, sag, fault.

◦ HVAC, air conditioning, humidity controls.

◦ Electromagnetic Interference (EMI)

Theft

◦ Internal, external

Physical Security

Shredding: shred documents.

Overwrite magnetic media or shred it.

Degaussing: use magnetic field to destroy.

TEMPEST: protect against electromagnetic signal emission.

◦ Certify emission free

◦ Enclose device or modify emanations.

Business Continuity Plan (BCP)

Long Term Strategic Business

Oriented Plan for Continued

Operation.

BCP Goal

◦ Ensure that business continues to operate before, during and after a disaster

◦ Ensure critical services can be delivered in the wake of a disruption and after it is over.

Disaster Recovery Plan

Short term plan for dealing with specific

IT oriented disruptions.

Tactical.

Mitigate the impact of a disaster.

◦ Recover critical IT systems.

Part of the Business Continuity Plan.

Contingency Planning

Redundant Site: exact production duplicate.

Hot $ite:

◦ fully configured site with all necessary hardware and critical applications.

Warm Site:

◦ Some aspects of hot site, rely on backup data to reconstitute systems after a disruption.

Cold Site (shell): alternative location.

Contingency Planning

Mobile Site: Datacenter in a box

Reciprocal Agreement

◦ Bi-directional agreement between two organizations to share space if a disaster occurs.

Backups

◦ Geographically distributed.

◦ Environmentally controlled.

Download