appendix c: designing an operations framework to manage security
TRANSCRIPT
Appendix C:Designing an Operations
Framework to Manage Security
Overview
Analyzing Risks to Ongoing Network Operations
Designing a Framework for Ongoing Network Operations
Lesson 1: Analyzing Risks to Ongoing Network Operations
Management of Ongoing Network Operations
Why Security of Network Operations Is Important
Common Vulnerabilities to Network Operations
MOF provides a framework to manage operational security, including:MOF provides a framework to manage operational security, including:
Management of Ongoing Network Operations
Changes to security design.
Daily operation of network security.
IT Support for security issues.
Optimizing and revising the security design.
Changes to security design.
Daily operation of network security.
IT Support for security issues.
Optimizing and revising the security design.
Why Security of Network Operations Is Important
External Internal
Attacker Threat Example
External
No change and configuration management
A software company releases a new security hotfix for a recently discovered vulnerability. An attacker exploits the vulnerability before the administrators apply the hotfix to all computers.
InternalSecurity procedures not followed
An administrator notices a potential security compromise but is unsure how to report it. The administrator decides to remove the corporate network from the internet.
Common Vulnerabilities to Network Operations
Vulnerability Example
Inadequate plan for change management
New security patches are applied irregularly or not at all
Administrators and users lack proper training on securing new application.
Poor operations plan
Users do not follow security policies and procedures
Administrators do not regularly test backup media
Weak support structure
Security incident goes unreported
IT support services are not reliable
Failure to revise policy
New security risks are not added to risk management plan
Policies and procedures become outdated
Lesson 2: Designing a Framework for Ongoing Network Operations
Process for Planning a Security Operations Framework
Guidelines for Change Management
Guidelines for Daily Security Operations
Guidelines for Supporting Security Policies and Procedures
Guidelines for Using Service Level Agreements
Guidelines for Optimizing Security Policies and Procedures
Security Policy Checklist
When planning a security operations framework, you must:When planning a security operations framework, you must:
Design a change management process for security.
Design a plan for daily security operations.
Design a plan for security support.
Create service level agreements for IT operations and support.
Design a change management process for security.
Design a plan for daily security operations.
Design a plan for security support.
Create service level agreements for IT operations and support.
11
33
44
22
Process for Planning a Security Operations Framework
Guidelines for Change Management
Phase Example
Identify When new security hotfixes are released…
Review …the hotfixes will be tested on all applicable platforms…
Approve …and approved by the CIO within 24 hours…
Implement …and will be deployed according to the approved procedure for deploying security hotfixes
A change management process reduces:A change management process reduces:
Time to deployment
Cost of updating hardware and software
Disruption of business continuity
Time to deployment
Cost of updating hardware and software
Disruption of business continuity
Guidelines for Daily Security Operations
Include standards for:Include standards for:
Preparing for security incidents
Testing for security vulnerabilities
Monitoring network security
Preparing for security incidents
Testing for security vulnerabilities
Monitoring network security
For each daily security task, define:For each daily security task, define:
Who completes the task
When to complete the task
How to complete the task
Who completes the task
When to complete the task
How to complete the task
Guidelines for Supporting Security Policies and Procedures
Phase Responsibilities
Support request management
Receives support requests from users
Escalates support issues
Incident management
Resolves routine support
Escalates complex support requests and security incidents
Problem management
Identifies and resolves underlying causes of problems
Incorporates results in organizational learning
Support request management Incident management Problem management
Guidelines for Using Service Level Agreements
Include in your service level agreements:Include in your service level agreements:
Service hours and availability
Priorities and support levels
Reliability and accountability
Responsiveness and restrictions
Contingency
Costs and charges
Service hours and availability
Priorities and support levels
Reliability and accountability
Responsiveness and restrictions
Contingency
Costs and charges
Guidelines for Optimizing Security Policies and Procedures
Include measures in the security operations design for:Include measures in the security operations design for:
Preventing interruptions to network services over time
Recovering from security incidents as networks change
Improving security policies and procedures over time
Preventing interruptions to network services over time
Recovering from security incidents as networks change
Improving security policies and procedures over time
Activities include:Activities include:
Identifying new threats and vulnerabilities
Updating risk management plans
Improving daily procedures and processes
Incorporating learning from each incident response
Testing disaster recovery plans on a regular basis
Training new IT staff in security policies and procedures
Identifying new threats and vulnerabilities
Updating risk management plans
Improving daily procedures and processes
Incorporating learning from each incident response
Testing disaster recovery plans on a regular basis
Training new IT staff in security policies and procedures
Security Policy Checklist
Create policies and procedures for:Create policies and procedures for:
Designing a change management plan.
Performing daily security operations.
Supporting security issues.
Optimizing and revising security policies and procedures.
Designing a change management plan.
Performing daily security operations.
Supporting security issues.
Optimizing and revising security policies and procedures.