IT Security Management Reviewer PDF
Document Details
Uploaded by Deleted User
Kaichee
Tags
Summary
This document is a review of IT security management concepts and processes. It covers topics such as IT environment, infrastructure, and management. The author also discusses roles like CIO, CISO, and various sub-processes.
Full Transcript
IT SECURITY MANAGEMENT REVIEWER By: Kaichee IT ENVIRONMENT o Security mechanisms are subjected to regular - Consists of multitude of testing hardware, network, & software 3. Managing...
IT SECURITY MANAGEMENT REVIEWER By: Kaichee IT ENVIRONMENT o Security mechanisms are subjected to regular - Consists of multitude of testing hardware, network, & software 3. Managing security incidents components o Identify/fight intrusions & IT INFRASTRUCTURE minimize damages 4. Security review - Can be on o Review whether safety premises/cloud/hybrid measures & processes are in accordance with risk IT MANAGEMENT perceptions from business - Monitoring & administration of side organization’s IT systems (IT CHIEF INFORMATION OFFICER (CIO) environment) - Focuses on how to make IS - Heads of IT departments operate efficiently - Determine IT strategies & goals - Believe their roles will evolve in IT MANAGERS next 2-3 years - Monitor & govern IT systems o From maintenance & 1. Determine Business management to higher- Requirements value, strategic activities 2. Manage IT Budgets & Costs o Digital transformation 3. Monitor Safety & Compliance ▪ Requires innovation 4. Controlling System & & strategic Network Security enablement 5. Implement New Software, - “Implement meaningful digital Hardware & Data Systems change through the creation of 6. Provide Technical/Help Desk new tools, solutions & business Support models” - Job = generalists IT SECURITY MANAGEMENT ROLES & TITLES - Monitoring & administration of an organization’s IT systems CHIEF INFORMATION SECURITY used in securing information & OFFICER (CISO) data (hardware, software, - Senior-level executive networks) - Oversees organization’s - Guarantees CIA information/cyber/technology o Confidentiality security o Integrity - Job = focused on security o Availability VP OF INFORMATION SECURITY IT SECURITY MANAGEMENT SUB- PROCESSES - Signifies top executive - Responsible for overall direction 1. Designing security controls & leadership of information o Design security program organizational/technical - Develops & enforces policies measures to guarantee CIA VP OF CYBERSECURITY 2. Security testing IT SECURITY MANAGEMENT REVIEWER By: Kaichee - Leading organization’s efforts to - Frontline defenders defend against cyber attacks - Monitor, analyze, & improve - Responsible for threat security measures intelligence, security operations - Role serves as an introduction to & incident response strategies field of information security management VP OF SECURITY ARCHITECTURE INCIDENT RESPONSE - Centered on design & COORDINATOR implementation of secure infrastructure - Key players in managing - Oversees development of security response to security breaches & frameworks attacks - Integrates protective measures - Work to quickly contain into IT architecture incidents - Role is critical for underst&ing VP OF SECURITY COMPLIANCE & dynamics of incident RISK management & develop strategic - Ensure organization complies response plans with relevant laws, regulations, EMERGING POSITIONS & industry st&ards - Manages audits, risk CLOUD SECURITY MANAGER assessments, & compliance initiatives - Reflects shift towards cloud- based infrastructure SECURITY ADMINISTRATOR THREAT INTELLIGENCE MANAGER - Day-to-day management of security technology systems - Focuses on proactive - Install, administer, & identification & mitigation of troubleshoot organization’s cyber threats security solutions DEVSECOPS MANAGER - H&s-on role - Integration of security practices IT SECURITY SPECIALIST within development & operations - Focuses on the technical aspects lifecycle of information security (network CYBERSECURITY security, encryption, firewall administration) - Studying & protecting computer - Assist in conducting security systems from misuse assessments & implementing CYBERSECURITY CULTURE security measures - Knowledge, beliefs, perceptions, CYBERSECURITY CONSULTANT attitudes, assumptions, norms, (ENTRY-LEVEL) & values of people regarding - Work with clients cybersecurity - Collaborate with various - Good departments o Both organizational & - Consultative role individual determinants of culture alight with the INFORMATION SECURITY ANALYST IT SECURITY MANAGEMENT REVIEWER By: Kaichee organization’s approach to ▪ Individualism vs. cyber security collectivism ▪ Long-term vs. NEED FOR CSC short-term - Result of human actors orientation - Employees views them as ▪ Indulgence vs. guidelines rather than rules restraint - Technologies cannot protect 3. Information Security Culture organizations if incorrectly o Attitudes, assumptions, integrated & utilized beliefs, values, & knowledge drive employee HUMAN FACTORS THAT IMPACT CSC behaviors related to organization’s information - Psychological factors & IS o “The burning oil platform metaphor” BUILDING A CSC ▪ Take initiative for change 1. Set up core CSC work group - Compliance & personality 2. Business underst&ing & risk - Social environment assessment 3. Define main goals, success ORGANIZATIONAL CSC criteria, & target audiences 4. Calculate ‘as-is’ & do gap 1. Organizational Culture analysis between as-is & your o Components goals ▪ Belief systems 5. Select one or more activities ▪ Values 6. Run selected activities ▪ Artifacts & 7. Rerun as-is & analyze results creations 8. Review & consider results before o Orientation deciding on next action ▪ Support Employee’s TELKOM’S CSC spirit of sharing - Identified employees as weakest ▪ Innovation point in cybersecurity defenses Organization - Need to provide internal training is open to o Had to chance the culture change of thinking ▪ Rules - Success because of: Respect for o Analysis & alignment of authority strategies ▪ Goal o Selection of right parent o People, not technologies Clear o Cooperation among specification members of targets o Communication & 2. National Culture feedback o Focuses on cross-cultural o Support from top perspective management o Taxonomy of national culture by Hofstede BANGLADESH BANK HACKING IT SECURITY MANAGEMENT REVIEWER By: Kaichee - Dridex malware o Created by Robert Tappan o Installed within Morris Bangladesh Central Bank o Security flows in Berkeley System (January 2016) Software Distribution o Gathered information on (BSD) of UNIX SWIFT - Precipitated DARPA’s Response - $20 million to Worm incident in November o Supposed to be 1998, disabled 10% of Internet transferred to Shalika o Creation of CERT/CC by Foundation but spelling SEI error gained suspicion ▪ Software from Deutsche Bank Engineering - $81 million to five accounts in Insitute RCBC foreign exchange broker o Morris charged & returned to RCBC consolidated convicted under CFAA of under one account 1986 - Bangladesh requested to freeze o Stimulated thinking & transfers (Chinese New Year) research into critical - Suspicion infrastructure protection o State-funded hackers from North Korea IMPORTANCE OF CERT SWIFT 1. Incident response & mitigation 2. Proactive security monitoring - Society for Worldwide Interbank 3. Coordination of cybersecurity Financial Telecommunications efforts - Member-owned cooperative 4. Recovery & restoration - Provides safe & secure financial 5. Training & awareness transaction 6. Vulnerability assessment & management COMPUTER EMERGENCY RESPONSE 7. Research & threat intelligence TEAM (CERT) sharing - Group of information security 8. Policy & guideline development experts CERT/CC - Responsible for protection against, detection of & response - SEI of Carnegie Mellon to an organization’s University established CERT/CC cybersecurity incidents in 1988 - Focus on resolving data breaches o Pittsburgh, Pennsylvania & denial-of-service attacks, - Mission is to respond to security provides alerts & incident h&ling emergencies on Internet guidelines - Originally knowns as Computer SEI & CERT Emergency Response Team - CERT designator is no longer an Coordination Center acronym, but a trademarked (CERT/CC) symbol HISTORY OF CERT - SEI now refers to its CERT division as CERT/CC - Robert Morris Worm - Carnegie Mellon’s trademark encouraged the use of Computer IT SECURITY MANAGEMENT REVIEWER By: Kaichee Security Incident Response o United Kingdom Team (CSIRT) instead of CERT 6. CERT/CC o Other acronyms came into o Created by Defense common use Advanced Research ▪ IRT, US-CERT, Projects Agency (DARPA) CSIRC, CIRC, CIRT, & run by SEI IHT, IRC, SERT, SIRT CERT FUNCTIONS CERT NAME - Provide effective incident response to computer security - An established CSIRT can issues request license to use CERT - Responds to computer designator from SEI at no cost vulnerabilities - Obtaining license allows team to - Protect, Detect, & Respond be listed on SEI website as an Model authorized user of the CERT designator PDR MODEL - CMU encourages use of CSIRT as 1. Protect generic term for h&ling computer o Measures & precautions security incidents to secure its computers o CMU licenses CERT mark 2. Detect NATIONAL COMPUTER EMERGENCY o Recognizing security RESPONSE TEAM (NCERT) incidents o Network must be - Receiving, reviewing, & documented & baselined responding to computer security ▪ Software Asset incidents Management - Systematic information (SAM) program gathering/dissemination ▪ Application - Guide on how to h&le management & cybersecurity incidents security program - Coordination & collaboration ▪ Change, with stakeholders configuration, & patch management REGIONAL TEAMS programs 1. AusCERT ▪ B&width utilization o Australia & Asia/pacific baseline & routine region b&width checks 2. CERT MAHER ▪ Network flow o Maher Center of Iranian baselines & National CERT continuous 3. MyCERT monitoring o Malaysia 3. Respond o Established in 1997 & is o Analyze incident to now part of CyberSecurity underst& what’s occurring Malaysia & why 4. SingCERT o Stop further damage from o Singapore occurring 5. National Cyber Security Centre IT SECURITY MANAGEMENT REVIEWER By: Kaichee NATIONAL INSTITUTE OF ST&ARDS of programs, projects, & & TECHNOLOGY (NIST) activities o Organize trainings & - Developed own incident response conducts seminars for model CSIRT - Uses “contain, eradicate, & recover” - SP-800-61 CERT-PH - 2016 o DICT formed - 2019 o Authorized use of CERT mark - 2020 o CERT-PH as official name of NCERT o Department Circular 003 s. 2020 ▪ March 6, 2020 CERT-PH FRONTLINE SERVICES 1. Cyber Incident Response (CIR) o Incident Management, Analysis, Coordination o H&les & responds to incidents o Provide assistance for remediation 2. Cyberthreat Intel & Monitoring (CTIM) o Collection & analysis of data 3. Security Operations Center (SOC) o Serves as centralized facility for detection, monitoring, & rapid response 4. Cybersecurity Assessment & Testing (CAT) o Conducts cybersecurity- related assessment 5. CERT Cooperation & Knowledge Management (CCKM) o In-charge of planning, implementation, monitoring, & evaluation