Security Operations

2 Domain Objectives Protection and Control of Data Processing Resources Media Management Backups and Recovery Change Control Privileged Entity Control Categories of Controls

3 Operations Security Focus Areas Remote Storage Backups Tape Library Hardware Software Media Peopleware Auditors Support Staff Vendors Security Programmers Operators Engineers Administrators

4 Information Security TRIAD Availability Confidentiality Integrity Information Security

5 Domain Agenda Resource Protection Continuity of Operations Change Control Management Privileged Entity Control

6 Facility Support Systems As discussed within the Physical Security domain, the support systems in a centralized or decentralized Operations center must be protected.

7 Facility Support Systems Fire Protection HVAC Electric Power

8 Facility Support Systems Water Communications

9 Risk of Physical Access to Equipment Reduce risk or impact of threats resulting from unauthorized physical access

10 Media Management Another objective of Operations Security is to protect storage media

11 Object Reuse The reassignment of a storage medium that previously contained one or more objects To be securely reassigned, no residual data can be available to the new subject through standard system mechanisms Disclosure Contamination

12 Clearing of Magnetic Media Overwriting Degausser Physical Destruction

13 Destroying Media Management Practices Declassifying Storing Handling Labeling Marking Sensitive Media Controls

14 Misuse Prevention ThreatsCountermeasures Personal Use Theft of Media Fraud Sniffers Acceptable use policy, workstation controls, content filtering, filtering Appropriate media controls Balancing of input/output reports, separation of duties, verification of information Encryption

15 Records Management Records Management Program Development Guidelines Records Retention

16 Domain Agenda Resource Protection Continuity of Operations Change Control Management Privileged Entity Control

17 Software & Data Backup Operation controls must ensure adequate backups of: Data Operating Systems Applications Transactions Configurations Reports

18 RAID - Redundant Array of Independent Disks Backup of Data stored on Disk Drives Hardware-based Software-based Use of a Hot Spare

19 Stripes data evenly across two or more disks with no parity information for redundancy to increase system performance RAID Level 0 A7 A2A1 A3 A5A6 A4 A8 RAID 0

20 RAID Level 1 Creates an exact copy (or mirror) of a set of data on two or more disks

21 RAID Level 2 Stripes data at the bit level using a Hamming Code for error correction Requires 39 disks!

22 RAID Level 3 Uses byte-level striping with a dedicated parity disk Parity Drive Stripe 4A Stripe 1BStripe 1A Stripe 2A Stripe 3AStripe 3B Stripe 2B Stripe 4B RAID 3 P(1A, 1B) P(3A, 3B) P(2A, 2B) P(4A, 4B) Disk A Disk B

23 RAID Level 4 Uses block-level striping with a dedicated parity disk Similar to RAID 3 except that it stripes at the block, rather than the byte level

24 RAID Level 5 Uses block-level striping with parity data distributed across all member disks Stripe 4A Stripe 1BStripe 1A P(2B, 2C) Stripe 3AP(3A, 3C) Stripe 2B Stripe 4B RAID 5 P(1A, 1B) Stripe 3C Stripe 2C P(4A, 4B) Disk A Disk B Disk C

25 RAID Level 6 RAID 6 extends RAID 5 by adding an additional parity block, thus it uses block-level striping with two parity blocks distributed across all member disks Like RAID 5, the parity is distributed in stripes with the parity blocks in a different place in each stripe

26 RAID Level 0+1 Used for both mirroring and striping data among disks A hard drive failure in one array can be recovered from the other array A7 A2A1 A3 A5A6 A4 A8 RAID 0 A7 A2A1 A3 A5A6 A4 A8 RAID 0 RAID 0+1 RAID 1

27 A8 A2 A4 A6 A4 A8 RAID 1 A7 A1 A3 A5 A3 A7 RAID 1 RAID 10 RAID 0 RAID Level 10 Also known as RAID 1+0 Very high reliability combined with performance

28 Redundant Array of Independent Tapes (RAIT) Level 1 RAIT Using tapes rather than disk Real-time mirroring

29 Hot Spares An unused backup array disk that is part of the array group Hot spares remain in standby mode Types of Hot Spares Global Hot Spare Dedicated Hot Spare

30 Other Backup Types File Image Data Mirroring Electronic Vaulting Remote Journaling Database Shadowing Redundant Servers/Standby Services

31 Fault Tolerance Usually refers to Hardware failure The system recognizes a failure has occurred Automatically takes corrective action

32 System Recovery - Trusted Recovery Correct implementation Ensure that failures and discontinuities of operation don't compromise a system's secure operation

33 Types of Trusted Recovery System Reboot System Reboot Emergency System Restart Emergency System Restart System Cold Start

34 Fail Secure To fail in a way that will cause no harm, or a minimal amount of harm, to other devices or danger to personnel, but doesn’t cause the system to be insecure.

35 Operational Incident Handling First line of Defense Logging, Tracking and Analysis of Incidents Escalation and Notification

36 Incident Response Team Benefits Learning to respond efficiently to an incident Priorities

37 System Failure Power Failure - UPS Denial of Service Contingency Plans Intrusion Tampering Business Continuity Plans Detailed Recovery Procedures

38 Specific Operational Contingency Preparations System Failure Denial of Service Tampering or Intrusions Production Delays I/O Errors

39 Domain Agenda Resource Protection Continuity of Operations Change Control Management Privileged Entity Control

40 Change Control Management Integrated with Business and IT Initiatives Sets out change control process and ownership of changes Ensures that all changes are reviewed for potential security impact

41 Change Control Committee Objectives Ensure all changes are Properly tested Authorized Scheduled Communicated Documented

42 Change Control Procedures Impact Assessment ApprovalBuild/ Test Implement Monitor Request

43 Configuration Management The control of changes made to: Hardware Software Firmware Documentation Test fixtures and test documentation conducted throughout the system lifecycle

44 Hardware Inventory and Configuration Hardware Inventory - An overview of the hardware installed on any automated system Hardware Configuration Chart - Details the configuration of the system

45 Protection of Operational Files Library Maintenance Backups Source Code Object Code Configuration files Librarian

46 Documentation Requirements Format Copies

47 Patch Management Identification of Patches Patch Testing Rollout Deployment challenges

48 Domain Agenda Resource Protection Continuity of Operations Change Control Management Privileged Entity Control

49 Operator Privileges Operates and monitors mainframe and mid-range computers and peripheral equipment, such as printers, tape and disk drives

50 Administrator Privileges Responsible for running technically advanced information systems which includes the setup and maintenance of computers and networks Systems Administrators Network Administrators

51 Security Administrator Privileges Security administration including: Policy Development Implementation Maintenance and compliance Vulnerability Assessments Incident Response

52 Control Over Privileged Entities Review of access rights Supervision Monitoring

53 Domain Summary Operations Security dealt with Resource protection Continuity of Operations Change Control Management Privileged Entity Control

“Security TranscendsTechnology”