Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Disaster Recovery, Business Continuity, and Organizational Policies Chapter 19
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Objectives Describe the various ways backups are conducted and stored. Explain different strategies for alternative site processing. Describe the various components of a business continuity plan. Explain how policies and procedures play a daily role in addressing the security needs of an organization.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms Acceptable use policy (AUP) Backout planning Business continuity plan (BCP) Business impact assessment (BIA) Clustering Cold site Delta backup Differential backup Disaster recovery plan (DRP)
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms (continued) Due care Due diligence Fault tolerance Full backup High availability Hot site Incident response policy Incremental backup Least privilege Load balancing
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms (continued) Mean time to failure Mean time to restore Mutual aid agreement Policies Procedures Recovery time objective Separation of duties Service level agreement (SLA) Standards Warm site
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Disaster Recovery Organizations face a variety of disaster scenarios. Disasters can be caused by nature or manmade events. Disaster recovery plans consider all types of organizational disruption. Different disruptions will require different recovery strategies.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Disaster Recovery Plans (DRP) / Process DRPs intended to minimize disaster impact. –Defines the data, resources, and necessary steps to restore critical organizational processes. Planning process, initial phase: –Consider needed resources to perform the company’s mission. –Identify critical functions.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Disaster Recovery Plans / Process Disaster Recovery Plans / Process (continued) Initial phase yields the business impact assessment (BIA). Continued planning includes: –Outline of processes and procedures to restore an organizations critical operations –Prioritized according to criticality for restoral
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition CategoryLevel of the Function’s NeedHow Long Can the Organization Last Without the Function CriticalAbsolutely essential for operations. Without the function, the basic mission of the organization cannot occur. The function is needed immediately. The organization cannot function without it. Necessary for normal processing Required for normal processing, but the organization can live without it for a short period of time. Can live without it for at most 30 days before your organization is severely impacted. DesirableNot needed for normal processing but enhances the organization’s ability to conduct its mission efficiently. Can live without the function for more than 30 days, but it is a function that will eventually need to be accomplished when normal operations are restored. OptionalNice to have but does not affect the operation of the organization. Not essential, and no subsequent processing will be required to restore this function. Consider eliminating No discernable purpose for the function. No impact to the organization; the function is not needed for any organizational purpose.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Business Continuity Plan (BCP) Focuses on continued operation of a business in extenuating circumstances. Stronger emphasis placed on critical systems. Will describe the functions that are most critical, based on a previously conducted BIA. Will describe the order in which functions should be returned to operation. Describes what is needed for the business to continue to operate.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionBackups Critical part of BCP and BRP Provides valid, uncorrupted data for restoration Good backups include all needed files –Applications, operations systems, and utilities
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition What Needs to Be Backed Up? Data Application programs Operating systems Utilities for the hardware platform Personnel, equipment, and electrical power must also be part of the plan. Backup plan should back up the files that change more often than the files that do not chance much.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Backup Strategy Backup considerations –Size of the resulting backup –Media used for the backup –How long backups will be stored Four types of backups –Full, differential, incremental, delta
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Backup Types Full backup –All files copied onto the storage media Differential backup –Files that have changed since last full backup Incremental backup –Files since last for full or incremental backup Delta backup –Portions of files changed since last backup
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition FullDifferentialIncrementalDelta Amount of SpaceLargeMedium Small RestorationSimple InvolvedComplex Characteristics of Different Backup Types
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Backup Frequency / Retention Base frequency on time organization can survive without current data. Base retention on operational environment and frequency of backups. Retention strategy should avoid putting all backups in one location. –Ideally an offsite location will also be used.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Alternative Sites Should be considered in BCP / DRP Three types of sites: –Hot site: Fully configured environment that can be operational immediately –Warm site: Partially configured, lacks more expensive computing components –Cold site: Basic environmental controls but few computing components
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionUtilities Power failures may disrupt operations –UPSs provide enough power to allow systems to be shutdown gracefully. –Backup generator may be necessary for sustained power needs. Other utilities like telephone and Internet should be considered.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Secure Recovery Provide power, communications, and technical support. Offer a secure operating environment. Provide restoration of critical files and data.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Cloud Computing Allows for the contracting of functions like and file storage to third parties Can be more cost effective but also comes with inherent risks
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition High Availability and Fault Tolerance High availability is the ability to maintain availability during disruptive events. Fault tolerance is the mirrored system that takes over if a fault occurs. Single point of failure is the point in a critical operation that would cause the entire operation to fail if it failed.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Increasing Reliability RAID can mitigate availability problems caused by disk failures. Redundant systems and spare parts also serve to decrease availability issues. RAIDs –0: no redundancy, improved performance –1: mirrored drives, expensive –5: spread across disks with parity, inexpensive redundancy
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Spare Parts and Redundancy Common applications of redundancy –Redundant servers –Redundant connections –Redundant ISPs –Spare parts
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Computer Incident Response Teams (CIRT) Investigate incidents, advise on how to proceed. CIRTs should consist of permanent and ad hoc team members. Details of CIRT team should be finalized before an incident occurs.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Test, Exercise, and Rehearse DRP should be practiced periodically. –Reveals potential flaws in the plan Exercise to practice procedures. Test to grade performance. Evaluate performance and make improvements as needed.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Policies and Procedures Policies are high-level, broad statements of what an organization wants to accomplish. Procedures are generally step-by-step instructions on how to implement policy. Standards are mandatory elements regarding the implementation of policy.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Security Policies Security policies define high-level goals for security for an organization. Other more specific policies include: –Acceptable use policy –Internet usage policy – usage policy –Due care and due diligence
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Additional Security Policies Prudent person principle Separation of duties Need to know and least privilege Password management Disposal and destruction Change management policy Classification of information
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionPrivacy Privacy policy should be completed detailing how information is safeguarded. Privacy is enforced by law for some organizations. Personally Identifiable Information (PII) is becoming increasingly important to safeguard.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Service Level Agreement Agreement between two entities that specifies: –Minimum levels of service –Penalties for failing to meet specified service levels –May also define service providers’ responsibility in a BCP or DRP
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Human Resources Policies People are the weakest link in security. Specific policies should be developed regarding: –New hire screening processes –Periodic review process for current employees –Employee termination process –Mandatory vacation to uncover wrongdoing
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Code of Ethics Describes expected behavior from a high- level standpoint Sets tone for employee conduct Encourages integrity and high ethical standards
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Incident Response Policies and Procedures Several phases should be covered in an incident response policy: –Preparation –Detection –Containment and eradication –Recovery –Follow-up actions
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Incident Response: Preparation Preparation activities –Determine points of contact. –Train employees for understanding. –Establish the incident response team. –Acquire needed equipment. –Complete and specialized training needed.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Incident Response: Detection, Containment, and Eradication Detection activities –Determine if an incident has occurred; work with network and system administrators. Containment and eradication activities –Contain the intruder; decide about prosecution. –Restore operations without destroying evidence. –Update antivirus and network peripherals as needed. –Take steps to prevent future incidents (patching, etc.).
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Incident Response: Recovery Recovery activities –Assess the situation to determine what actually occurred. –Begin recovery based on assessment. –May involve use of BCP to return business back to normal operation.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Incident Response: Follow-Up Actions Follow-up activities –Report on the incident to senior management. –Report should address what happened and how it was addressed. –Give recommendation to prevent future incidents.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Describe the various ways backups are conducted and stored. Explain different strategies for alternative site processing. Describe the various components of a business continuity plan. Explain how policies and procedures play a daily role in addressing the security needs of an organization.