Business Security - Introduction to Information Security - Lecture Slides, Slides of Network security

Download Business Security - Introduction to Information Security - Lecture Slides and more Slides Network security in PDF only on Docsity!

The Business of Security

Business of Security

• Business Continuity
• Business impact
• Incident response
• Disaster recovery
• Security laws

Business Continuity Planning

• A business continuity plan (BCP) describes how a business will continue operations in the face of risk
• Vulnerability assessment determines which risks merit attention Risk = Threat x Vulnerability
• A quadrant map is a good tool for vulnerability assessment

Vulnerability Assessment

Check processing

Employee Strike Tsunami

High

Low

Flood

II I

III IV

Low

High

Contingency Planning

• Contingency planning consists of:
  • Incident response plan
  • Disaster recovery plan
  • Business continuity plan
• Incident response involves:
  • notification of key people
  • Documenting the incident
  • Contain the damage due to the incident

Contingency Planning Diagram

Contingency Planning

• Primary goal is to restore all systems to pre-

failure level

• CP requires support of:
  • Upper level management
  • IT people
  • Security people

Business Impact Analysis

• BIA is the first step in CP
• Takes off from where risk assessment ended
• Main steps in BIA are:
  • Threat attack identification
  • Business unit analysis
  • Attack success scenarios
  • Potential damage assessment
  • Subordinate plan classification

Business Impact Analysis

• Business Unit Analysis includes:
  • Prioritization of business functions
  • Identify critical business units
• Attack success scenario includes:
  • Known methods of attack
  • Indicators of attack
  • Broad consequences

Business Impact Analysis

• Potential damage assessment includes:
  • Actions needed immediately to recover from the attack
  • Personnel who will do the restoration
  • Cost estimates for management use
• Subordinate plan classification includes:
  • Classification of attack as disastrous or non-disastrous
  • Disastrous attacks require disaster recovery plan
  • Non-disastrous attacks require incident response plan
  • Most attacks are non-disastrous, e.g., blackout

Incident Response Plan

• Responsible people aware of IR plan details
• Periodic testing of IR plan as a desktop exercise
• Goals to remember (Richard Marcinko):
  • More sweat in training means less bleeding in combat
  • Preparation hurts
  • Lead from the front and not the rear
  • Keep it simple
  • Never assume
  • You get paid for results not your methods

Incident Response Plan

• Incidents are usually detected from complaints to help desk
• Security administrators may receive alarms based on:
  • Unfamiliar files
  • Unknown processes
  • Unusual resource consumption
  • Activities at unexpected times
  • Use of dormant accounts

Incident Response Plan

• Incident reaction involves
  • Notifying proper personnel
    • Involves notifying people on the alert roster
    • Notification could be accomplished using a predefined tree structure
    • Notification is pre-scripted to activate relevant portions of the incident response plan
  • Designated personnel start documenting the incident

Incident Response Plan

• Activate incident containment strategies such as:
  • Take system offline
  • Disable compromised accounts
  • Reconfigure firewall as needed
  • Shut down specific applications such as email or database
  • Might necessitate shutting down the system completely