“Live” document that addresses how an organization will address security
consists of:
- orgs security policy
- current state of sec
- needs
Five phases of a security plan:
- Inspection: what needs to be protected
→ AKA Risk Analysis
→ make a formal inventory of all resources ( info, software, equipment...)
→ assign ownership to each resource
→ determine value of each resource
→ list threats that could cause damage
→ Calculate the risk impact, probability,
⇒ Risk impact: cost to replace a resource
⇒ Risk probability: chance of an attack on a resource
⇒ Risk exposure: product of impact * probability
⇒ Risk leverage: (risk exposure before security) - (risk exposure after security) / (cost of security)
- Protection : how to protect it
→ deploy tools for achieving the seven security goals
- Detection
→ Signature analysis
→ Anomaly detection
→ Dynamic analysis = Sig anal + anomaly anal
→ Honey pots: subnets with vulnerabilities to study attack patterns
- Reaction
→ prepare strategies for incident containment
→ response team available 24/7
→ netowrk disconnect plan
→ rapid discovery procedure
→ rapid recovery procedure
→ monitor the systems for indications of continued attack
- Reflection: how to recover
→ assemble information from all involved
→ conduct post indicent briefings
→ produce technical summary
→ write executive summary
→ re evaluate security plan and make changes.
Index