Presentation is loading. Please wait.

Presentation is loading. Please wait.

Domain 7 – Security Operations

Published byDerrick West Modified over 7 years ago

Similar presentations

Presentation on theme: "Domain 7 – Security Operations"— Presentation transcript:

1 Domain 7 – Security Operations
Investigations support and requirements Foundational security operations concepts Resource protection techniques Incident management – know the incident management life cycle Patch and vulnerability management – know your patch management life cycle Change management processes Recovery strategies – know DR sites, hot cold, etc. Disaster recovery processes and plans Business continuity planning and exercises – BCP lifecycle Personnel safety concern

2 Comp. Crime investigation - Evidence
Problems Information is intangible Investigation will intergere with normal business operations May find difficulty gathering evidence Experts are required Gathering, control, and preservation Computer evidence can be easily modified Chain of evidence Must be followed in order to protect evidence Components Location Time obtained Identification of individual who discovered/secured evidence/controlled evidence

3 Comp. Crime investigation – Life Cycle
Discovery and recognition Protection Recording Collection Collect all relevant storage media, image of HDD, print out screen, avoid degaussing equipment Identification – tagging and marking Preservation – store in a proper environment Transportation Presentation in court Return to evidence owner

4 Comp. Crime investigation – Admissibility
Evidence must meet stringent requirements Relevant – related to the crime Legally permissible – obtained in a lawful manner Properly Identified – identified without changing or damaging evidence Preservation – not subject to damage

5 Comp. Crime investigation – Types of evidence
Best evidence – original Secondary evidence – copy Direct evidence – proves/disproves an act based upon the five sense Witness Conclusive evidence – inconvertible, overrides all evidence Opinions – expert or non expert Circumstantial – inference on other information Hearsay – Not based on first hand knowledge, Made during the regular conduct of the business or witness, made at or near the time of occurrence of act being investigated

6 Comp. Crime investigation – Sources of Evidence
Telephone records Video camera Audit trails System logs System backups Witnesses s

7 Comp. Crime – Conducting Investigations
Start internal Investigations committee Establish liaison with law enforcement Decide when and if to bring in law enforcement Setting up means of reporting computer crimes Procedures Planning and conducting investigations Senior management HR Proper collection of evidence

8 Comp. Crime – Three Branches of Govt
Legislative – makes statutory laws Administrative – makes the administrative laws Judicial – Common laws found in court decicions Statutory law Held in US code US computer Fraud and Abuse act 1986 Administrative Law Code of the Federal Register (C.F.R.)

9 Comp. Crime – Common Law Enticement – Occurs after individual has gained unlawful access to a system, then lured into an attractive area (honey pot) in order to provide time to identify the individual - ethical Entrapment – Encourages the commitment of a crime that the individual had no intention of committing – not ethical Intellectual Property Patent – exclude others – 17 years Trademark – Protects words sounds that present a good or service Copyright – Protects original works of authorship, can be used for software Trade Secret – Propriety technical or business information, recipes

10 Incident Management Incident management (IcM) is a term describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence. These incidents within a structured organization are normally dealt with by either an IRT or IMT.

11 Patch Management Patch management is an area of systems management that involves acquiring, testing, and installing multiple patches to an administred computer system.

12 Disaster Recovery Planning
A statement of actions to take before, during, and after a disruptive event. Procedures for responding to an emergency, providing backup operations during a distaster Goald and objectives

13 DRP – Data Processing Continuity
Providing backup systems and facilities Mutual aid agreements – reciprocal Hot site Fully configured with HVAC F&P and workstations Servers with apps Allow walk in Short time High cost

14 DRP – Data Processing Continuity
Warm Site No hardware on site, but ready for it In between hot and cold Long time HVAC Low cost Simple infrastructure Mobile Site Not all systems Variation of cold site Medium time In Truck or trailer Medium cost Cold Site

15 DRP – Data Processing Continuity
Multiple centers Processing spread over multiple centers Service bureau Contract with a bureau for alternative backup processing Transaction Redundancy Electronic Vaulting Backup off site, restore from remote Remote journaling Parallel processing of transactions at remote site Database shadowing Like journaling but creates more redundancy by duplicating the database data sets

16 DRP – Testing the plan Tested on a regular basis
No recovery ability exists until the plan is tested Verifies the accuracy of the plan 5 DR tests 1 Checklist – distribute plan for review 2 Structured Walk through – BU managers walk through the test plan for review 3 Simulation – All people involved go through a practice session 4 Parallel – Primary processing does not stop, most common 5 Full Interruption – Cease normal operations, best but scary

17 DRP – Recovery procedures
Recovery team duties Implement the recovery procedures in a disaster Get critical functions operating at backup site Retrieval of materials from off site storage Installs critical systems and applications Salvage Team Duties Separate from Recovery Team Returns primary site to normal operating conditions Clear and repair the primary processing facility

18 DRP – Recovery procedures
Normal Operations Team May be a task of the recovery team Returning production from DR to primary Disaster not over until all operations have returned to their normal location and function Other recovery issues External groups Employee relations Fraud and crime Financial disbursement

19 Business Continuity Planning
BCPs are created to prevent interruptions to normal business Protect critical business processes from natural or manmade disasters Strategy to allow for the resumption of normal business activity Examine all critical information areas LAN/WAN Telecomms Apps and Data Disruptive events Staff duties Manmade events, including strikes The number one priority is to preserve life

20 Four Prime Elements – Scope and Plan initiation
Companies operations Create detailed account of the work List resources Define management practices Roles and responsibilities BCP committee – Management and IT Deal with scope of plan Senior management Ultimate responsibility Includes all phases Support is essential Concept of due diligence may hold management responsible of a loss occurs when due care could have prevented it

21 Four Prime Elements – BIA
A document to understand the impact a disruptive event would have Impact may be financial or operational Vulnerability assessment is normally a part of the BIA 3 Primary goald 1 Criticality Prioritization 2 Downtime estimation – Maximum tolerable downtime (MTD) 3 Resource requirement 4 Steps of the BIA 1 Gather assessment materials 2 Vulnerability assessment Quantitiative loss criteria – financial loss Qualitative loss criteria – loss of competitive advantage or public conficence 3 Analyse information 4 Document results and present recommendations

22 Four Prime Elements – BCP Development
Create a recovery plan Two steps Define the continuity strategy Computing Facilities People Supplies and equipment Document the continuity strategy Plan Approval and Implementation Must contain a rapid map for implementation Senior management approval Note – This is not a test of the plan

23 RPO and RTO RPO The recovery point objective is the age of files that must be recovered from the backup storage for normal operations to resume if a computer, system, or network goes down as a result of a hardware, program, or communications failure. RTO The recovery time objective is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.

24 BCP and BIA Lifecycle

Download ppt "Domain 7 – Security Operations"

Similar presentations

1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006.

1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006.
Business Plug-In B4 MIS Infrastructures.

Business Plug-In B4 MIS Infrastructures.
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (www.cioassist.in)www.cioassist.in

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Business Continuity & Disaster Recovery

Business Continuity & Disaster Recovery
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
Chapter 1 Information Security Management

Chapter 1 Information Security Management
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Planning for Contingencies

Planning for Contingencies
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.
John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.
Business Crisis and Continuity Management (BCCM) Class Session 15 15 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
Planning for Continuity

Planning for Continuity
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
Security Operations. 2 Domain Objectives Protection and Control of Data Processing Resources Media Management Backups and Recovery Change Control Privileged.

Security Operations. 2 Domain Objectives Protection and Control of Data Processing Resources Media Management Backups and Recovery Change Control Privileged.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.
Business Continuity and Disaster Recovery Chapter 8 Part 2 Pages 914 to 945.

Business Continuity and Disaster Recovery Chapter 8 Part 2 Pages 914 to 945.

Similar presentations

Ads by Google