Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis.

Slides:



Advertisements
Similar presentations
Guide to Network Defense and Countermeasures Second Edition
Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security Controls – What Works
Security+ Guide to Network Security Fundamentals
Guide to Network Defense and Countermeasures Second Edition
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Lecture 11 Reliability and Security in IT infrastructure.
Chapter 8 Risk Analysis Management of Computer System Performance.
Computer Security: Principles and Practice
Factors to be taken into account when designing ICT Security Policies
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Guide to Network Defense and Countermeasures Second Edition Chapter 8 Intrusion Detection: Incident Response.
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
1 Guide to Network Defense and Countermeasures Chapter 3.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
I MPLEMENTING IT S ECURITY FOR S MALL AND M EDIUM E NTERPRISES Short Presentation by Subhash Uppalapati. - Edgar R. Weippl and Markus Klemen.
Information Systems Security
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Note1 (Admi1) Overview of administering security.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Module 2: Designing Network Security
Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Computer Security By Duncan Hall.
Prepared By: Razif Razali 1 TMK 264: COMPUTER SECURITY CHAPTER SIX : ADMINISTERING SECURITY.
IS3220 Information Technology Infrastructure Security
MANAGING INCIDENT RESPONSE By: Ben Holmquist. 2 Outline Key Terms and Understanding Personnel and Plan Preparation Incident Detection Incident Response.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Information Systems Security
CS457 Introduction to Information Security Systems
Risk management.
Security Management Practices
Security Engineering.
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Security Threats Severity Analysis
IS4680 Security Auditing for Compliance
Chapter 7: RISK ASSESSMENT, SECURITY SURVEYS, AND PLANNING
Security week 1 Introductions Class website Syllabus review
Cybersecurity Threat Assessment
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis

Guide to Network Defense and Countermeasures, Second Edition2 Objectives Explain the fundamental concepts of risk analysis Describe different approaches to risk analysis Explain the process of risk analysis Describe techniques to minimize risk

Guide to Network Defense and Countermeasures, Second Edition3 Fundamental Concepts of Risk Analysis There is no situation in which security is perfect Risk analysis –Determines the threats that face the organization Security policy –Statement that spells out What defenses should be configured How the organization will respond to attacks How employees should safely handle the organization’s resources

Guide to Network Defense and Countermeasures, Second Edition4

5 Risk Analysis Factors Risk is defined as the possibility of damage or loss Risk analysis –Study of the likelihood of damage or loss –Should encompass hardware, software, and data warehouses Assets –Physical assets –Data assets –Application software assets –Personnel assets

Guide to Network Defense and Countermeasures, Second Edition6 Risk Analysis Factors (continued) Threats –Events that have not occurred but might occur –Threats increase risks –Can be universal or specific to your systems –Circumstance-specific threat examples Power supply Crime rate Facility-related Industry –The seriousness of a threat depends on the probability that it will occur

Guide to Network Defense and Countermeasures, Second Edition7 Risk Analysis Factors (continued) Probabilities –Factors that affect the probability that a threat will actually occur Geographic Physical location Habitual –Exposure Increases if you have factors that increase threat probabilities –Make a list and rank your threats probabilities

Guide to Network Defense and Countermeasures, Second Edition8

9 Risk Analysis Factors (continued) Vulnerabilities –Situations or conditions that increase a threat probability Which in turn increases risk –Examples OS flaws Application software flaws Poorly configured firewalls or packet filters Unprotected passwords and log files Wireless networks

Guide to Network Defense and Countermeasures, Second Edition10 Risk Analysis Factors (continued) Consequences –Significance of an attack impact –Some consequences can be estimated –Some consequences are difficult to anticipate Return on investment (ROI) –Helps you calculate your losses after an attack –You can compare your losses with the cost of your security measures Security measures costs should always be less than your losses

Guide to Network Defense and Countermeasures, Second Edition11

Guide to Network Defense and Countermeasures, Second Edition12

Guide to Network Defense and Countermeasures, Second Edition13 Risk Analysis Factors (continued) Safeguards –Measures you can take to reduce threats –Examples include Firewalls and IDSs Locking doors Using passwords and encryption –Residual risk What is left over after countermeasures and defenses are implemented

Guide to Network Defense and Countermeasures, Second Edition14

Guide to Network Defense and Countermeasures, Second Edition15 Approaches to Risk Analysis Survivable Network Analysis (SNA) Threat and Risk Assessment (TRA)

Guide to Network Defense and Countermeasures, Second Edition16 Survivable Network Analysis Security process developed by the CERT Coordination Center group Assumes that a system will be attacked –Leads you through a four-step process designed to ensure the survivability of a network Network key properties –Resistance –Recognition –Recovery –Adaptation and evolution

Guide to Network Defense and Countermeasures, Second Edition17 Survivable Network Analysis (continued) Fault tolerance –Capability of an object to continue operations despite a failure SNA steps –System definition –Essential capability definition –Compromisable capability definition –Survivability analysis

Guide to Network Defense and Countermeasures, Second Edition18 Threat and Risk Assessment TRA approaches risk analysis from the standpoint of threats and risks to an organization’s assets TRA steps –Asset definition –Threat assessment –Risk assessment –Recommendations TRA is carried out in different ways by security agencies all over the world

Guide to Network Defense and Countermeasures, Second Edition19

Guide to Network Defense and Countermeasures, Second Edition20

Guide to Network Defense and Countermeasures, Second Edition21 Risk Analysis: An Ongoing Process Risk analysis is not a one-time activity –Evolves to take into account an organization’s changing size and activities Initial risk analysis –Used to formulate a security policy New threats and intrusions –Create the need for a reassessment of the risk

Guide to Network Defense and Countermeasures, Second Edition22 Risk Analysis: General Activities to Follow Risk analysis –Group of related activities that follow a sequence Sequence of activities –Holding initial team sessions –Conduction assets valuation –Evaluating vulnerability –Calculating risk

Guide to Network Defense and Countermeasures, Second Edition23 Analyzing Economic Impacts Estimating financial impact or losses You can use different statistics models –Or a software program such as Project Risk Analysis by Katmar Software Basic information to estimate –Likely cost –Low cost –High cost Monte Carlo simulation –Analytical method that simulates real-life system by randomly generating values for variables

Guide to Network Defense and Countermeasures, Second Edition24

Guide to Network Defense and Countermeasures, Second Edition25

Guide to Network Defense and Countermeasures, Second Edition26

Guide to Network Defense and Countermeasures, Second Edition27 Deciding How to Minimize Risk Risk management –Process of identifying, choosing, and setting up countermeasures justified by the risk you identify –Countermeasures go into your security policy

Guide to Network Defense and Countermeasures, Second Edition28 Securing Hardware Think about obvious kinds of physical protection –Such as environmental conditions Lock up your hardware –Decide which devices you want to be locked Pay special attention to laptops –Laptops can be lost or stolen easily Install startup passwords and screen saver passwords –Experienced thieves can circumvent them though Encrypt files with programs such as PGP

Guide to Network Defense and Countermeasures, Second Edition29 Securing Hardware (continued) Conduction a Hardware inventory –Make a list of servers, routers, cables, computers, printers, and other hardware –Be sure to include your company’s network assets –Make a topology map of your network

Guide to Network Defense and Countermeasures, Second Edition30

Guide to Network Defense and Countermeasures, Second Edition31 Ranking Resources To Be Protected Rank resources in order of importance –Values can be arbitrary numbers Focus your security efforts on most critical resources first Work in cooperation with your team and higher management

Guide to Network Defense and Countermeasures, Second Edition32 Securing Information Electronic assets –Word processing, spreadsheet, Web page, and other documents Logical assets – messages, any records of instant messaging conversations, and log files Data assets –Personnel, customer, and financial information

Guide to Network Defense and Countermeasures, Second Edition33 Securing Information (continued) Maintaining customer and employee privacy –Isolate critical information from the Internet Move information from the original directory to a computer that is not connected to the Internet Configure backup software to save critical files –Other measures Encryption Message filtering Data encapsulation Redundancy Backups

Guide to Network Defense and Countermeasures, Second Edition34 Securing Information (continued) Protecting Corporate Information –Measures include Never leave company-owned laptops unattended Always password-protect information on corporate devices Encrypt and financial information Password-protect all job records and customer information Restrict personnel information to human resources staff and/or upper management

Guide to Network Defense and Countermeasures, Second Edition35 Conducting Routine Analysis Risk analysis is an ongoing process –Company’s situation changes constantly –Risk analysis should be done routinely to include these changes Consider the following questions –How often will a risk analysis be performed? –Who will conduct the risk analysis? –Do all hardware and software resources need to be reviewed every time? Human emotions can influence risk evaluations –Some companies do not allow these calculations to be done manually

Guide to Network Defense and Countermeasures, Second Edition36 Handling Security Incidents Security policy should state how you will respond to break-ins –Fill out a form to record what happened Incident-handling procedures –Describe who will respond to security incidents –Describe the kinds of incidents to be addressed Alarms sent by intrusion detection systems Repeated unsuccessful logon attempts Unexplained changes to data or deletion of records System crashes Poor system performance

Guide to Network Defense and Countermeasures, Second Edition37

Guide to Network Defense and Countermeasures, Second Edition38 Handling Security Incidents (continued) Assembling a response team –Security policy should state which security staff need to be notified in case of an incident –Security incident response team (SIRT) Staff people designated to take countermeasures when an incident is reported –SIRT contains IT operations and technical support staff IT application staff Chief security officer Information security specialists Others

Guide to Network Defense and Countermeasures, Second Edition39 Handling Security Incidents (continued) Escalation procedure –Set of roles, responsibilities, and measures taken in response to a security incident

Guide to Network Defense and Countermeasures, Second Edition40 Handling Security Incidents (continued) Including worst-case scenarios –Worst-case scenarios Descriptions of the worst consequences to an organization if a threat happens Might be unlikely Can help you determine the value of a resource at risk

Guide to Network Defense and Countermeasures, Second Edition41 Summary Risk Analysis plays a central role in defining a security policy Risk analysis covers company’s computer hardware, software, and informational assets Your first task is to assess the level of risk to your network and its users Determine countermeasures for minimizing risk Assess threats to your network and the probability that they might happen –Determine safeguards and countermeasures

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.