Upload File

appendix c: designing an operations framework to manage security

  • Home
  • Documents
  • Appendix C: Designing an Operations Framework to Manage Security
14
Appendix C: Designing an Operations Framework to Manage Security

Upload: homer-fox

Post on 03-Jan-2016

217 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Appendix C: Designing an Operations Framework to Manage Security

Appendix C:Designing an Operations

Framework to Manage Security

Page 2: Appendix C: Designing an Operations Framework to Manage Security

Overview

Analyzing Risks to Ongoing Network Operations

Designing a Framework for Ongoing Network Operations

Page 3: Appendix C: Designing an Operations Framework to Manage Security

Lesson 1: Analyzing Risks to Ongoing Network Operations

Management of Ongoing Network Operations

Why Security of Network Operations Is Important

Common Vulnerabilities to Network Operations

Page 4: Appendix C: Designing an Operations Framework to Manage Security

MOF provides a framework to manage operational security, including:MOF provides a framework to manage operational security, including:

Management of Ongoing Network Operations

Changes to security design.

Daily operation of network security.

IT Support for security issues.

Optimizing and revising the security design.

Changes to security design.

Daily operation of network security.

IT Support for security issues.

Optimizing and revising the security design.

Page 5: Appendix C: Designing an Operations Framework to Manage Security

Why Security of Network Operations Is Important

External Internal

Attacker Threat Example

External

No change and configuration management

A software company releases a new security hotfix for a recently discovered vulnerability. An attacker exploits the vulnerability before the administrators apply the hotfix to all computers.

InternalSecurity procedures not followed

An administrator notices a potential security compromise but is unsure how to report it. The administrator decides to remove the corporate network from the internet.

Page 6: Appendix C: Designing an Operations Framework to Manage Security

Common Vulnerabilities to Network Operations

Vulnerability Example

Inadequate plan for change management

New security patches are applied irregularly or not at all

Administrators and users lack proper training on securing new application.

Poor operations plan

Users do not follow security policies and procedures

Administrators do not regularly test backup media

Weak support structure

Security incident goes unreported

IT support services are not reliable

Failure to revise policy

New security risks are not added to risk management plan

Policies and procedures become outdated

Page 7: Appendix C: Designing an Operations Framework to Manage Security

Lesson 2: Designing a Framework for Ongoing Network Operations

Process for Planning a Security Operations Framework

Guidelines for Change Management

Guidelines for Daily Security Operations

Guidelines for Supporting Security Policies and Procedures

Guidelines for Using Service Level Agreements

Guidelines for Optimizing Security Policies and Procedures

Security Policy Checklist

Page 8: Appendix C: Designing an Operations Framework to Manage Security

When planning a security operations framework, you must:When planning a security operations framework, you must:

Design a change management process for security.

Design a plan for daily security operations.

Design a plan for security support.

Create service level agreements for IT operations and support.

Design a change management process for security.

Design a plan for daily security operations.

Design a plan for security support.

Create service level agreements for IT operations and support.

11

33

44

22

Process for Planning a Security Operations Framework

Page 9: Appendix C: Designing an Operations Framework to Manage Security

Guidelines for Change Management

Phase Example

Identify When new security hotfixes are released…

Review …the hotfixes will be tested on all applicable platforms…

Approve …and approved by the CIO within 24 hours…

Implement …and will be deployed according to the approved procedure for deploying security hotfixes

A change management process reduces:A change management process reduces:

Time to deployment

Cost of updating hardware and software

Disruption of business continuity

Time to deployment

Cost of updating hardware and software

Disruption of business continuity

Page 10: Appendix C: Designing an Operations Framework to Manage Security

Guidelines for Daily Security Operations

Include standards for:Include standards for:

Preparing for security incidents

Testing for security vulnerabilities

Monitoring network security

Preparing for security incidents

Testing for security vulnerabilities

Monitoring network security

For each daily security task, define:For each daily security task, define:

Who completes the task

When to complete the task

How to complete the task

Who completes the task

When to complete the task

How to complete the task

Page 11: Appendix C: Designing an Operations Framework to Manage Security

Guidelines for Supporting Security Policies and Procedures

Phase Responsibilities

Support request management

Receives support requests from users

Escalates support issues

Incident management

Resolves routine support

Escalates complex support requests and security incidents

Problem management

Identifies and resolves underlying causes of problems

Incorporates results in organizational learning

Support request management Incident management Problem management

Page 12: Appendix C: Designing an Operations Framework to Manage Security

Guidelines for Using Service Level Agreements

Include in your service level agreements:Include in your service level agreements:

Service hours and availability

Priorities and support levels

Reliability and accountability

Responsiveness and restrictions

Contingency

Costs and charges

Service hours and availability

Priorities and support levels

Reliability and accountability

Responsiveness and restrictions

Contingency

Costs and charges

Page 13: Appendix C: Designing an Operations Framework to Manage Security

Guidelines for Optimizing Security Policies and Procedures

Include measures in the security operations design for:Include measures in the security operations design for:

Preventing interruptions to network services over time

Recovering from security incidents as networks change

Improving security policies and procedures over time

Preventing interruptions to network services over time

Recovering from security incidents as networks change

Improving security policies and procedures over time

Activities include:Activities include:

Identifying new threats and vulnerabilities

Updating risk management plans

Improving daily procedures and processes

Incorporating learning from each incident response

Testing disaster recovery plans on a regular basis

Training new IT staff in security policies and procedures

Identifying new threats and vulnerabilities

Updating risk management plans

Improving daily procedures and processes

Incorporating learning from each incident response

Testing disaster recovery plans on a regular basis

Training new IT staff in security policies and procedures

Page 14: Appendix C: Designing an Operations Framework to Manage Security

Security Policy Checklist

Create policies and procedures for:Create policies and procedures for:

Designing a change management plan.

Performing daily security operations.

Supporting security issues.

Optimizing and revising security policies and procedures.

Designing a change management plan.

Performing daily security operations.

Supporting security issues.

Optimizing and revising security policies and procedures.


APPENDIX-I FORM -12 CURRICULUM VITAE (CV) OF …etc. including project scheduling, Architectural Drawing, Design Development, Concept Development, Interior designing, Landscape Designing,

Appendix 4D - K2Fly · Appendix 4D K2FLY LIMITED ABN 69 125 345 502 ... Kony’s cross-platform, low-code solution empowers organisations to develop and manage their own apps to better

Managing as Designing - Manage By Designing - Case Western

Appendix 5: NGI Rap Back Subscription Management Plans ... · Appendix 5: NGI Rap Back Subscription Management Plans (V2.1) 3 The SIB will then manage the subscriptions separately

APPENDIX 5 Safe Journey Management - … · APPENDIX 5 Safe Journey Management Purpose To manage Risks1 of driving and transportation of people and goods on Company Business. The

Appendix D How to Use PostalEASE to Manage Your FEHB

APPENDIX A: Resources · Appendix B-1 APPENDIX B: Estuarine Wetland Rehabilitation A Practical guide to designing, constructing, planting, monitoring and managing emergent wetlands

Appendix 7: Designing an Education Policy Simulation Designing an Education Simulation ...portal.unesco.org › fr › files › 25187 › 110796023511barbados... · REPO RT ON THE

Description - ecse.rpi.edussawyer/CircuitsSpring2020_all/Labs/Circuits...  · Web viewWord can automatically create and manage citations for you! Appendix. If you have large images

Watt and MacGregor Designing complete dentures appendix XI

Mathematics Appendix A Teal1...appendix a: Designing High school mathematics courses Based on the common core state standards Common Core State StandardS for matHematICS append I x

Visioning, Harmonizing and Ideating! · • Stall Designing, Installation & Fabrication ... EXHIBITION STANDS Design to Installation, we manage everything for you. Exhibition Stands

Appendix A Forms - CDOT · Appendix A Forms Appendix A contains copies of the most common letters and forms (i.e., CDOT Forms, FHWA Forms) Local Agency personnel will use in designing,

Designing Control Logic for Cockpit Display Systems using ...€¦ · Cockpit display design involves developing sophisticated logic to manage multiple pages and warnings for display

Designing Your Life Certificate Program I: Abstract · Appendix 5.3: Designing Your Life Certificate Program Grant Proposal and Undeclared Student Analysis universities are offering

The Common Core State Standards for Mathematics Appendix A: Designing High School Mathematics Courses Based on Common Core State Standards

Planning and designing a user-centred website · Appendix B The four stages of website development ... Planning and designing a user-centred website (planning-t1) 10 Task 3 Organising

RESEARCH REPORT Sharing Results - Urban Institute · Designing Infographics 18 Communicate Technical Results 18 Appendix B. Assessing Your Data Quality 20 Appendix C. Additional Resources

Designing for Diversity - North Somerset · Designing for Diversity ... Appendix one: Inclusive design and project briefs for ... Ford, OXO (below) and BT are examples of three

APPENDIX C DESIGNING DATABASES APPENDIX C DESIGNING DATABASES Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution

AN2321: Designing for Board Level Electromagnetic ... · Applications Engineering ... Glossary of EMC terms • APPENDIX B: Immunity measurement standards. Designing for Board Level

A pictorial walkthrough Manage students Manage courses Manage AVETMISS

APPENDIX 3 - WILDFIRE ENVIRONMENT AND BEHAVIOR · Appendix 3 Wildland Environment And Fire Behavior Page 61 easy to manage and control. A manageable fire is one of the desired results

Appendix A: Spatial Data Layers Available · Appendix A: Spatial Data Layers Available Table A-1 lists the spatial data layers currently available for use in designing marine protected

Designing Microsoft ASP.NET Applications Microsoft ASP.NET...Appendix A - Configuring ASP.NET Applications in IIS Appendix B - What You Need to Know About HTML to Use This Book Index

Common Core State Standards for Mathematics Appendix A ...common core state stanDarDs For . mathematics . appendix a: Designing High school mathematics courses Based on the common

Designing a Policy Mix and Sequence for Mitigating ......Water Resour Manage (2011) 25:875–892 DOI 10.1007/s11269-010-9731-8 Designing a Policy Mix and Sequence for Mitigating Agricultural

DESIGNING AND INSTALLING ACCESS CONTROL SOL UTIONS …docdif.fr.grpleg.com/general/legrand-exp/pfat/LCH_DOC/EXB10089... · Standalone access control solutions are designed to manage

How to Manage Shipping with FileMaker Pro page · The assistant can guide you in designing a mailing label layout, using a standard Avery template or ... How to Manage Shipping with

Appendix A Designing High School Mathematics Courses Based ... · Appendix A Designing High School Mathematics Courses Based on the Common Core Standards 1 Overview: The Common Core

Helping Manage Change - Continual Impact€¦ · Helping Manage Change ... See Transition Curve in the Appendix. Thoughts about the ... areas of work process, work setting and knowledge/skills;

COMMENTARY Open Access Invasive species in Europe ......task of designing policies toreducethetransportand release of non-native species, and to manage those already established, has

Contents material/Revised Tech Plan.pdf · Contents Introduction ... Appendix B: School Technology Needs Assessment ... education, manage resources, lead teachers to professional

Traffic Signal Design Appendix C · Appendix C Location and Function of Lanterns . Preface . The traffic signal design guidelines have been developed to assist in designing traffic

FOOD AND POTABLE WATER APPENDIX...The Food and Potable Water Appendix identifies specific options available to manage these processes, including the coordination of food and potable