Establishing a Security Plan Flashcards

1
Q

What is a security plan?

A
  • a security plan is a document that describes how an organization will address its security needs
  • It is a live document subject to periodic review, evaluation and revision
  • a good security plan is an official record of current security practices, plus a blueprint for orderly change to improve those practices
  • gives developers and users a way of measuring the effect of proposed changes leading to further improvements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the main contents of a security plan?

A

Policy - high level statement of the organizations goals on security
Current State - listing of vulnerabilities to which the system is exposed
Requirements - Functional and performance demands on the system
Recommendations - Security techniques and mechanisms to be put in place to meet the requirements
Accountability - Who is responsible for each security activity
Timetable - timelines to achieve goals
Evaluation methodology - how do you measure the effectiveness of the plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the questions to be addressed (phases of the security plan)

A

Inspection - what needs to be protected
Protection - how to protect
Detection - how to detect intrusion
Reaction - how to react to a network attack
Reflection - how to recover from the network attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe inspection

A
  • make a formal inventory of all resources
  • assign ownership to each resource
  • determine value of each resource
  • for each resource, list the threats that coudl cause damage
  • calculate the risk impact, risk probability, risk exposure, and risk leverage for each resource

Want to protect the item with the highest risk leverage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe Protection

A

Deploy tools for achieving the seven security goals for each resource or set of resources starting with the ones with the highest risk leverage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe detection

A

(some tools)
Signature analysis - collection of event log data
Anomaly Detection - look for unusual activities or statistically anomalous behaviour
Dynamic analysis = signature analysis + anomaly detection
Honey pots - subnetworks configured with vulnerabilities but have resources of no value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe reaction

A
  • prepare strategies for incident containment
  • prepare rapid response team
  • develop network disconnect plan
  • develop rapid recovery procedures
  • assess the damage
  • restore information from a trusted backup copy
  • monitor the system for indications of continued attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe reflection

A
  • assemble the information from all involved
  • conduct post-incident briefings to gather information that was not recorded
  • produce a technical summary that can be evaluated for applicability to other systems
  • Write an executive summary for upper management to understand the incident’s issues
  • Re-evaluate the organization’s security plan and make changes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly