-
security awareness
training - security basics and literacy
training - roles and responsibilities relative to IT systems
education and experience
four layers of the information technology (IT) learning continuum
-
security awareness
layer of the IT learning continuum that seeks to inform and focus an employee's attention on issues related to security within the organization - explains the what but not the how of security
-
training
layer of the IT learning continuum designed to teach people the skills to perform their IS-related tasks more securely - teaches what people should and how to do it
-
education
the most indepth program in the IT learning continuum
-
least priviledge - give each person the minimum access necessary to do his job
separation of duties - so people checking for inappropriate use are not also capable of making such inappropriate use
limited reliance on key employees - no one should be irreplaceable
principles that should be followed for personnel security
-
remove person's name from all lists of authorized access
inform guards
remove personal access codes
if necessarychange lock combinations, reprogram access card systems, replace physical locks
recover all assets
notify all appropriate departments
important actions upon employee termination
-
artifact
any file or object found on a system that might be involved in probing or attacking systems and networks or that is being used to defeat security measures - ex: viruses, trojan horse, worms, exploit scripts, toolkits, etc.
-
Computer Security Incident Response Team (CSIRT) aka Computer Incident Response Team (CIRT) or a Computer Incident Response Center (CIRC)
a capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency
-
constituency
the group of users, sites, networks, or organizations served by the CSIRT
-
incident
a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
-
triage
the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling - the single point of contact for the whole incident handling service
-
vulnerability
a characteristic of a piece of technology which can be exploited to perpetrate a security incident
-
incident
any action that threatens one or more of the classic security services of confidentiality, integrity, availability, accountability, authenticity, and reliability in a system
-
system integrity verification tools
scan critical system files, directories, and services to ensure they have not been changed without proper authorization
-
log analysis tools
analyze the information collected in audit logs using some form of pattern recognition to identify potential security incidents
-
network and host indrusion detection systems (IDS)
monitor and analyze network and host activity and usually compare this information with a collection of attack signatures to identify potential security incidents
-
intrusion prevention systems
augment an intrusion detection system with the ability to automatially block detected attacks
-
system integrity verivfication tools
log analysis tools
network and host intrusion detection systems (IDS)
intrusion prevention systems
tools that can detect incidents:
-
denial-of-service attacks that prevent or impair normal use of systems
malicious code that infects a host
unauthorized access to a system
inappropriate usage of a system
multiple-component incidents - involve two or more of the above categories
incident response policies should address
|
|