Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by mark resnick

SSP CYB520

advertisement 
1
SSP
2
Cybersecurity SSP
This Security Standard Operating Procedures (SSP) paper outlines technical policies,
standards, and procedures for ensuring the security of the organization from cyber threats.
This paper describes the security controls for protecting the organization's perimeter, internal
network, user applications, and mobile applications.
Purpose and Objectives
The primary purpose of this SSP is to provide the organization's security goals and
objectives and to provide details of security procedures that security administrators must
carry out to achieve these goals and objectives. The objectives of this SSP are to establish a
comprehensive framework for ensuring the integrity, confidentiality, and availability of the
information systems and organization's information.
SOP #1: Cybersecurity Standard Operating Procedures: purpose, roles and
responsibilities
The Cybersecurity Standard Operating Procedures (SOP) define the organization's
security policies, standards, and guidelines that security administrators and users must follow
to maintain the integrity, confidentiality, and availability of the information systems and
organization's information. The purpose of this SOP is to establish a framework that guides
the selection, implementation, assessment, and maintenance of security controls that protect
the organization's information assets against cyber threats. Perimeter protection is a critical
aspect of cybersecurity that prevents unauthorized access to the organization's network and
systems from the internet.
The internal network is another crucial area of cybersecurity that requires protection
against insider threats and external attacks that bypass perimeter defenses. The Cybersecurity
SOP defines access control policies, network segmentation, and intrusion detection and
prevention systems (IDPS) that security administrators must implement to secure the internal
3
network (Bada et al., 2019). User applications and mobile applications are two areas of
cybersecurity that pose significant risks to the organization's information assets. The
Cybersecurity SOP defines policies and procedures for secure software development and
deployment, secure coding practices, and secure mobile device usage that developers and
users must follow to prevent the exploitation of vulnerabilities in applications and mobile
devices.
SOP #2: Access Control Policy and Procedures: purpose, roles and
responsibilities, understanding access and privacy issues, requirements, privacy.
The Access Control Policy and Procedures SOP defines the organization's policies
and procedures for granting authorized access to information and information systems while
preventing unauthorized access. The purpose of this SOP is to ensure that access to
information is granted only to authorized individuals and that access rights are limited to the
minimum necessary to perform job functions. Perimeter protection controls, such as firewalls
and IDS/IPS systems, are critical for enforcing access controls at the network boundary.
The internal network requires access controls to prevent unauthorized access by
insiders who may attempt to exploit their privileges for personal gain or malicious intent. The
Access Control SOP defines the role-based access control (RBAC) model, which assigns
access privileges based on users' job functions, and requires that security administrators
monitor and audit users' access to sensitive information (Saha et al., 2022). User applications
and mobile applications require access controls to prevent unauthorized access to sensitive
information and data leakage. The Access Control SOP defines procedures for controlling
access to applications and mobile devices, including secure authentication mechanisms,
password policies, and application-level access controls.
SOP #3: Security Awareness and Training Policy and Procedures: introduction, roles
and responsibilities, awareness and training
4
This SOP defines the organization's policy and procedures for providing employees
with the knowledge and skills needed to protect the organization's information and assets
from cyber threats. The purpose of this SOP is to ensure that all employees understand their
roles and responsibilities in protecting the organization's data and assets and are aware of the
latest cyber threats and best practices for mitigating them. Perimeter protection awareness
training is crucial for employees to understand the security controls in place to protect the
network boundary and the importance of following security policies and procedures to
prevent unauthorized access.
Internal network awareness training is essential to prevent insider threats and ensure
that employees understand their roles and responsibilities in safeguarding sensitive
information. The Security Awareness and Training SOP defines procedures for providing
employees with training on access controls, RBAC models, and data classification policies
(Saha et al., 2022). User applications and mobile applications awareness training is critical to
prevent data breaches and ensure that employees understand the risks associated with using
applications that process and store sensitive information. The roles and responsibilities of the
security administrator include identifying training needs, developing training programs, and
monitoring employee compliance with training requirements (Saha et al., 2022). The Security
Awareness and Training SOP defines procedures for identifying training needs, creating
training materials, and tracking employee training progress.
SOP #4: Security Assessment and Authorization: introduction, roles and
responsibilities
This SOP provides guidance for conducting periodic security assessments to identify
vulnerabilities and risks to the organization's information and assets. The purpose of this SOP
is to ensure that security controls are implemented correctly and effectively, and the
organization's security posture remains strong against evolving cyber threats. Perimeter
5
protection security assessments include evaluating the effectiveness of firewalls, IDS/IPS
systems, and other perimeter protection mechanisms to identify vulnerabilities and
misconfigurations that may allow unauthorized access.
Internal network security assessments include evaluating access controls, RBAC
models, and data classification policies to identify vulnerabilities that may allow
unauthorized access to sensitive information. The Security Assessment and Authorization
SOP defines procedures for performing vulnerability scans and penetration testing on the
internal network to identify vulnerabilities and misconfigurations that may allow
unauthorized access to sensitive information. User applications and mobile applications
security assessments include evaluating the effectiveness of authentication mechanisms,
password policies, and application-level access controls to identify vulnerabilities that may
allow unauthorized access to sensitive information (Gibadullina et al., 2022). The roles and
responsibilities of the security administrator include conducting security assessments,
identifying vulnerabilities, and prioritizing remediation efforts (Bada et al., 2019). This SOP
defines procedures for conducting security assessments, documenting findings, and
presenting recommendations for remediation efforts to management.
SOP #5: Configuration Management Policy and Procedures: introduction, roles and
responsibilities, configuration items
This SOP provides guidance for managing and controlling changes to software,
hardware, and firmware within an organization. The purpose of this SOP is to ensure that
changes to configuration items (CIs) are tracked, managed, and documented to maintain the
integrity and security of the organization's data systems. Perimeter protection configuration
items include firewalls, routers, and other network infrastructure devices (Zhang & Zhang,
2022). Internal network configuration items include servers, switches, and other network
infrastructure devices. The Configuration Management Policy and Procedures SOP defines
6
procedures for tracking and managing changes to these devices to ensure that they remain
secure and effective. User applications and mobile applications configuration items include
software applications, hardware devices, and mobile devices. The roles and responsibilities of
the security administrator include ensuring that changes to configuration items are tracked
and managed appropriately (Zhang & Zhang, 2022). The Configuration Management Policy
and Procedures SOP defines procedures for documenting changes, including the reason for
the change, the impact of the change, and the approvals required for the change.
SOP #7: Identification and Authentication Policy and Procedures: purpose,
authentication procedures and mechanisms
The Identification and Authentication Policy and Procedures SOP provides guidance
for ensuring that only authorized individuals have access to the organization's information
systems. The purpose of this SOP is to define the procedures for verifying the identity of
users and authenticating their access to the organization's information systems. Perimeter
protection authentication mechanisms include firewalls and other network infrastructure
devices that authenticate incoming network connections. Internal network authentication
mechanisms include user account and password policies, multi-factor authentication, and
access control lists (Horváth et al., 2022). This SOP defines procedures for configuring these
mechanisms to ensure that only authorized individuals have access to the organization's
information systems.
User applications and mobile applications authentication mechanisms include user
account and password policies, biometric authentication, and single sign-on. This SOP
defines procedures for configuring these mechanisms to ensure that only authorized
individuals have access to these applications and devices. The SOP are designed to prevent
unauthorized access to the organization's information systems (Horváth et al., 2022). The
7
security administrator is responsible for ensuring that all authentication mechanisms are
configured correctly and that only authorized users are granted access.
SOP #8: Incident Response (IR): introduction, roles and responsibilities, IR handling,
procedures, reporting
Incident Response (IR) is an important process to identify and respond to security
occurrences. The purpose of this SOP is to define responsibilities and roles and the handling,
procedures, and reporting for IR. For perimeter protection, the IR team will monitor and
respond to any attempts to breach the organization's network perimeter, such as unauthorized
access attempts or denial of service attacks. In the case of internal network incidents, the IR
team will investigate and respond to potential intrusions, malware infections, or unauthorized
access attempts (Wellsandt et al., 2022). For user applications and mobile applications, the IR
team will monitor and respond to security incidents involving software and devices used by
employees, including attempts to exploit vulnerabilities or data breaches on mobile devices.
The roles and responsibilities of the IR team include incident detection, containment,
analysis, and recovery. The procedures for IR include incident categorization, investigation,
escalation, and remediation (Wellsandt et al., 2022). The IR team is also responsible for
documenting and reporting all incidents, and for identifying and addressing any security
weaknesses or vulnerabilities that may have led to the incident.
SOP #9: System Maintenance Policy: purpose, roles and responsibilities, change
management, maintenance tools and techniques
The System Maintenance Policy is designed to ensure that all systems within the
organization are maintained properly, effectively, and efficiently to guarantee that they
function optimally. The policy establishes guidelines for roles and responsibilities of those
who are responsible for maintenance, as well as for the methods and tools used in carrying
out maintenance activities (Ashraf et al., 2022). Maintenance responsibilities are divided
8
among system owners, maintenance staff, and users, each of whom is responsible for specific
aspects of the system.
The policy also sets out procedures for managing changes to the system. All changes
must be documented and approved, and change requests must go through an established
change management process. For perimeter protection, the System Maintenance Policy
establishes guidelines for regularly monitoring and maintaining perimeter security controls
such as firewalls, intrusion prevention systems, and other security devices (Ashraf e t al.,
2022). It also outlines procedures for regularly patching and updating these devices to ensure
that they are running the most up-to-date software and firmware.
For the internal network, the policy sets out guidelines for maintaining the network
infrastructure, including switches, routers, and servers. It establishes procedures for
monitoring the network for performance issues, and for identifying and remediating any
security vulnerabilities. Additionally, the policy sets out guidelines for maintaining the
confidentiality and integrity of data stored on the network. For user and mobile applications,
the policy establishes procedures for maintaining applications and associated data. This
includes regularly applying software updates and patches, as well as monitoring for
vulnerabilities and exploits (Ashraf e t al., 2022). The policy also sets out guidelines for user
access to applications and data, including role-based access controls, user authentication and
authorization, and data encryption.
SOP #10: Media Protection Policy: purpose, roles and responsibilities, media
sanitization procedures, media transportation methods, media confidentiality protection
with encryption
The Media Protection Policy aims to ensure that all sensitive and confidential data
stored on any media device is secured against unauthorized access, use, disclosure, or theft.
This policy applies to all types of media devices, including hard drives, removable media,
9
backup tapes, and mobile devices, among others. The policy's objective is to protect the
organization's confidential data and intellectual property, as well as to comply with regulatory
requirements (Mix, 2022). The roles and responsibilities of implementing the policy lie with
the security team, including the security administrators, Chief Information Security Officer
(CISO), and system owners, who must ensure that all media devices containing sensitive data
are tracked, accounted for, and protected according to the policy's guidelines.
Media sanitization procedures are critical for protecting sensitive data from being
accessed by unauthorized users. The policy requires that all media devices containing
confidential information be sanitized using approved techniques before being disposed of or
reused. Media devices that are not reusable should be physically destroyed, ensuring that the
sensitive data cannot be recovered (Mix, 2022). For data that is still in use, the policy requires
encryption to be used to protect against unauthorized access or data leakage. All media
devices must be transported using secure methods to prevent loss or theft, and all data being
transferred must be protected during transmission.
SOP #11: Physical and Environmental Protection: purpose, roles and responsibilities,
physical access, visitor control, information leakage management
The purpose of the Physical and Environmental Protection policy is to safeguard the
physical assets and protect them from unauthorized access, damage, or theft. Roles and
responsibilities include establishing procedures for managing physical access to the
organization’s facilities and securing equipment and data that is stored or used in these
facilities. Perimeter protection measures such as security cameras, fences, and locks are
implemented to prevent unauthorized entry. Internal network protection measures include
secure entry points and access control systems to control access to sensitive areas (Mantri et
al., 2022). For user applications and mobile applications, access to sensitive data should be
restricted to authorized personnel only. Visitor control measures, such as verifying
10
identification and providing visitors with escorts, should also be implemented to ensure the
safety and security of the organization's facilities.
The Physical and Environmental Protection policy also requires effective
management of environmental factors such as temperature, humidity, and power supply to
ensure the reliable and secure operation of critical systems. In terms of internal network
protection, access control systems should be established to control access to sensitive areas.
For user applications and mobile applications, encryption should be implemented to ensure
the confidentiality of data that is being transmitted or stored. To manage information
leakage, the Physical and Environmental Protection policy requires the implementation of
controls such as physical or electronic barriers to protect data from unauthorized access
(Mantri et al., 2022). It is important to implement policies and procedures that regulate the
transfer, handling, and storage of data, including measures such as secure file transfer
protocols, secure data storage, and data encryption (Mantri et al., 2022). In terms of internal
network protection, access to data should be restricted to authorized personnel only. For user
applications and mobile applications, data should be encrypted to ensure that it cannot be
accessed by unauthorized parties in the event of a device loss or theft.
SOP #12: Security Planning Policy: purpose, roles and responsibilities, policy
management, policy updates and enforcement
The Security Planning Policy aims to outline the organization's security objectives
and create a plan for implementing and maintaining the necessary security controls to meet
those objectives. The policy provides guidance on roles and responsibilities for security
planning, including the appointment of a security planning team and the identification of
stakeholders. The security planning team is responsible for defining the scope of the security
plan, identifying potential security risks, and developing and implementing a security plan
that is appropriate for the organization's needs (Alfarisi & Surantha, 2022). The policy must
11
be reviewed periodically to ensure that it is still relevant and effective, and updated as needed
to address new risks or changes in the organization's needs.
In terms of specific areas, the security planning policy should address perimeter
protection, internal network security, user applications security, and mobile applications
security. For each of these areas, the policy should define the security objectives, risks, and
controls necessary to mitigate those risks. The policy should also outline specific procedures
for implementing and maintaining these controls and provide guidance on monitoring and
reporting security incidents related to these areas (Alfarisi & Surantha, 2022). By
incorporating these specific areas into the security planning policy, the organization can
ensure that it is addressing all relevant security concerns in a comprehensive and effective
manner.
SOP #14: Risk Assessment and Policy: purpose, risk assessment procedures and
management, vulnerability scans and reporting
The purpose of the Risk Assessment and Policy SOP is to identify and assess risks to
the organization's information and information systems. The roles and responsibilities for this
SOP include the Risk Management Team, which is responsible for managing and
implementing the risk assessment process, and the Security Team, which is responsible for
addressing identified risks and vulnerabilities. The risk assessment procedures and
management involve identifying and analyzing potential threats, assessing the likelihood and
impact of each threat, and developing mitigation strategies to address each risk (Alfarisi &
Surantha, 2022). Vulnerability scans and reporting are also used to identify weaknesses in the
organization's security posture and to provide recommendations for improvement.
Perimeter protection, internal network, user applications, and mobile applications are
all areas that are considered in the risk assessment process. The organization must evaluate
the potential risks and vulnerabilities associated with each of these areas and implement
12
appropriate controls to mitigate the identified risks (Alfarisi & Surantha, 2022). For example,
perimeter protection measures, such as firewalls and intrusion detection systems, are used to
secure the organization's external network. Internal network security measures, such as access
controls and monitoring, are implemented to prevent unauthorized access to sensitive
information (Alfarisi & Surantha, 2022). User application security controls, such as user
authentication and data encryption, are implemented to protect user data from unauthorized
access or modification. Mobile application security controls, such as mobile device
management and data encryption, are implemented to protect sensitive data accessed or
stored on mobile devices.
13
References
Alfarisi, S., & Surantha, N. (2022). Risk assessment in fleet management system using
OCTAVE allegro. Bulletin of Electrical Engineering and Informatics, 11(1), 530-540.
https://doi.org/10.11591/eei.v11i1.3241
Ashraf, I., Park, Y., Hur, S., Kim, S. W., Alroobaea, R., Zikria, Y. B., & Nosheen, S. (2022).
A survey on cyber security threats in IoT-enabled maritime industry. IEEE
Transactions on Intelligent Transportation Systems.
https://doi.org/10.1109/TITS.2022.3164678
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
https://doi.org/10.48550/arXiv.1901.02672
Gibadullina, E., Viskova, E., & Stepanov, S. (2022, October). Automated Service
Configuration Management in IP/MPLS Networks. In 2022 International Conference
on Modern Network Technologies (MoNeTec) (pp. 1-5). IEEE.
https://doi.org/10.1109/MoNeTec55448.2022.9960765
Horváth, C., Hong, K., Wheeler, P., Ir, P., Chhea, C., Kinzer, M. H., ... & Willacy, E. (2022).
How management and leadership training can impact a health system: evaluation
findings from a public health management training program in Cambodia. Frontiers
in Public Health, 9, 784198. https://doi.org/10.3389/fpubh.2021.784198
Mantri, V. A., Kambey, C. S., Cottier‐Cook, E. J., Usandizaga, S., Buschmann, A. H., Chung,
I. K., ... & Van Nguyen, N. (2022). Overview of global Gracilaria production, the role
of biosecurity policies and regulations in the sustainable development of this
industry. Reviews in Aquaculture. https://doi.org/10.1111/raq.12761
Mix, S. R. (2022). Business Continuity, Cybersecurity, and Backup Control Center:
Standards, References, and Recommendations White Paper (No. PNNL-32686).
14
Pacific Northwest National Lab.(PNNL), Richland, WA (United States).
https://doi.org/10.2172/1899922
Saha, T., Aaraj, N., & Jha, N. K. (2022). Machine learning assisted security analysis of 5gnetwork-connected systems. IEEE Transactions on Emerging Topics in
Computing, 10(4), 2006-2024. https://doi.org/10.1109/TETC.2022.3147192
Wellsandt, S., Klein, K., Hribernik, K., Lewandowski, M., Bousdekis, A., Mentzas, G., &
Thoben, K. D. (2022). Hybrid-augmented intelligence in predictive maintenance with
digital intelligent assistants. Annual Reviews in Control.
https://doi.org/10.1016/j.arcontrol.2022.04.001
Zhang, H. X., & Zhang, X. (2022). Network pharmacology and experimental validation
identify the potential mechanism of sophocarpine for COVID-19. Journal of Medical
Microbiology, 71(5), 001538. https://doi.org/10.1099/jmm.0.001538
Related documents
ASSIGNMENT#3 DIRECT VARIATION
ASSIGNMENT#3 DIRECT VARIATION
brochure1(1)
brochure1(1)
TOPIC TEST 1 TERM 1 2022 GRADE 8 HISTORY
TOPIC TEST 1 TERM 1 2022 GRADE 8 HISTORY
TRAINING FOR WORK SCHOLARSHIP PROGRAM
TRAINING FOR WORK SCHOLARSHIP PROGRAM
MAT 22
MAT 22
MN116 Assignment 2
MN116 Assignment 2
Assignment No. 1
Assignment No. 1
Posthaste Home sales set for the second 'most re…
Posthaste Home sales set for the second 'most re…
Standard operating procedure For A.M Jallah
Standard operating procedure For A.M Jallah
Download
advertisement