Security Life-Cycle (SLC) PDF

6050CEM Security Audit and Monitoring Security Life-Cycle (SLC) Life cycle … Condemnant quo non intellegunt If I say security then what comes to mind ? Now I say security lifecycle then what comes to mind ? A security life cycle A set of steps or stages Develops a timely approach for a security plan or program Based on the VALUE of data (usefulness to company) Examines robustness of security processes in place Considers variables such as vulnerabilities, types of threats, control mechanisms in place Has to be dynamic – with changes to reflect possibilities of vulnerabilities Repeatable Can plan , monitor and control the approach again and again etc Al the way from management, through the organisation operationally and then technically and back up again Extra reading - What Are Virtual Assets? 🚀 | Virtual Assets One of the outputs of Exec management processes is ……an asset management policy What causes us to review our security for assets ? Change does Examples of Information Assets Could be new data include: More data 1) Customer Databases containing personal Way we handle it – and therefore changes in software and transactional data Could be archiving data 2) Financial records, including income statements, balance sheets, New hardware and cash flow statements Changes in O/S and patches 3) Product designs, blueprints, New ventures … and specifications 4) Marketing plans, sales These require a security process to be undertaken forecasts, and advertising campaigns…. The security lifecycle describes all the steps necessary to achieve Confidentiality , Integrity and Availability for a given information asset in an organisation The security lifecycle of a target information asset consists of the following steps : The security is initially Continual planned in terms of the ts improvement is en an 1 em asset security policy, pl the final process in the A ov security life cycle, where its scope, pr the security of the its security objectives, Im information asset is a limited preliminary impact 6 continuously monitored. A plan analysis and A plan If risks change, then Added to a limited risk assessment Refined corrective actions have analysis to be taken to restore Once a plan is defined, the the security of the asset security of the information asset Once to the security its accepted state, as is analyzed to define its si s program isin inits place, it is an p prescribed security Ga aly then designed and security requirements. 2 policy. ew implemented. The Security analysis often acquires vi review security information on current threats, Re Once the security design current security controls and process may then is ready, the design of the 4 asset vulnerabilities and their start. 5 risk-driven security Security exposure.design will conduct It consists of the program is ready fora more detailed risk ra y og it certification, pr cur m 3 accreditation, and implementation assessment to obtain Se authorization of the further information on the Starting point - security program High level Information security design of a feasible risk- The security requirements recommended by NIST for security planning are divided into three classes of security controls: managerial security controls, operational security controls, and Security planning in the SLC Asset definition Lets watch this Deficiency Deficiency Deficiency Deficiency Deficiency Deficiency Deficiency Deficiency Deficiency Deficiency Deficiency Deficiency Security Objectives Confidentiality, Integrity and availability, authentication & Non-repudiation Security requirements (management, operational and technical) Business mission Deficiency The security Star Mng, operational, technical Which system/data Assets Particular ones Access control Via Bio-metrics Design principles

Security Life-Cycle (SLC) PDF

Document Details

Tags

Related

Summary

Full Transcript