IT Security Management Reviewer PDF
Document Details
Uploaded by Deleted User
Kaichee
Tags
Related
- Chapter 5 - 01 - Discuss Various Regulatory Frameworks, Laws, and Acts PDF
- Chapter 5 - 01 - Discuss Various Regulatory Frameworks, Laws, and Acts PDF
- Information Security & Management PDF
- IT Security Management Reviewer PDF
- CISSP All-in-One Exam Guide PDF - Chapter 19: Measuring Security
- CISSP All-in-One Exam Guide Chapter 20 PDF
Summary
This document provides a comprehensive overview of IT security management, covering topics like IT environment, infrastructure, management, security, and processes. It also includes roles and titles within IT security, as well as emerging positions in the field.
Full Transcript
IT SECURITY MANAGEMENT REVIEWER By: Kaichee IT ENVIRONMENT o Security mechanisms are subjected to regular - Consists of multitude of testing hardware, network, & software 3. Managing...
IT SECURITY MANAGEMENT REVIEWER By: Kaichee IT ENVIRONMENT o Security mechanisms are subjected to regular - Consists of multitude of testing hardware, network, & software 3. Managing security incidents components o Identify/fight intrusions & IT INFRASTRUCTURE minimize damages 4. Security review - Can be on o Review whether safety premises/cloud/hybrid measures & processes are in accordance with risk IT MANAGEMENT perceptions from business - Monitoring & administration of side organization’s IT systems (IT CHIEF INFORMATION OFFICER (CIO) environment) - Focuses on how to make IS - Heads of IT departments operate efficiently - Determine IT strategies & goals - Believe their roles will evolve in IT MANAGERS next 2-3 years - Monitor & govern IT systems o From maintenance & 1. Determine Business management to higher- Requirements value, strategic activities 2. Manage IT Budgets & Costs o Digital transformation 3. Monitor Safety & Compliance ▪ Requires innovation 4. Controlling System & & strategic Network Security enablement 5. Implement New Software, - “Implement meaningful digital Hardware & Data Systems change through the creation of 6. Provide Technical/Help Desk new tools, solutions & business Support models” - Job = generalists IT SECURITY MANAGEMENT ROLES & TITLES - Monitoring & administration of an organization’s IT systems CHIEF INFORMATION SECURITY used in securing information & OFFICER (CISO) data (hardware, software, - Senior-level executive networks) - Oversees organization’s - Guarantees CIA information/cyber/technology o Confidentiality security o Integrity - Job = focused on security o Availability VP OF INFORMATION SECURITY IT SECURITY MANAGEMENT SUB- PROCESSES - Signifies top executive - Responsible for overall direction 1. Designing security controls & leadership of information o Design security program organizational/technical - Develops & enforces policies measures to guarantee CIA VP OF CYBERSECURITY 2. Security testing IT SECURITY MANAGEMENT REVIEWER By: Kaichee - Leading organization’s efforts to - Frontline defenders defend against cyber attacks - Monitor, analyze, & improve - Responsible for threat security measures intelligence, security operations - Role serves as an introduction to & incident response strategies field of information security management VP OF SECURITY ARCHITECTURE INCIDENT RESPONSE - Centered on design & COORDINATOR implementation of secure infrastructure - Key players in managing - Oversees development of security response to security breaches & frameworks attacks - Integrates protective measures - Work to quickly contain into IT architecture incidents - Role is critical for underst&ing VP OF SECURITY COMPLIANCE & dynamics of incident RISK management & develop strategic - Ensure organization complies response plans with relevant laws, regulations, EMERGING POSITIONS & industry st&ards - Manages audits, risk CLOUD SECURITY MANAGER assessments, & compliance initiatives - Reflects shift towards cloud- based infrastructure SECURITY ADMINISTRATOR THREAT INTELLIGENCE MANAGER - Day-to-day management of security technology systems - Focuses on proactive - Install, administer, & identification & mitigation of troubleshoot organization’s cyber threats security solutions DEVSECOPS MANAGER - H&s-on role - Integration of security practices IT SECURITY SPECIALIST within development & operations - Focuses on the technical aspects lifecycle of information security (network CYBERSECURITY security, encryption, firewall administration) - Studying & protecting computer - Assist in conducting security systems from misuse assessments & implementing CYBERSECURITY CULTURE security measures - Knowledge, beliefs, perceptions, CYBERSECURITY CONSULTANT attitudes, assumptions, norms, (ENTRY-LEVEL) & values of people regarding - Work with clients cybersecurity - Collaborate with various - Good departments o Both organizational & - Consultative role individual determinants of culture alight with the INFORMATION SECURITY ANALYST IT SECURITY MANAGEMENT REVIEWER By: Kaichee organization’s approach to ▪ Individualism vs. cyber security collectivism ▪ Long-term vs. NEED FOR CSC short-term - Result of human actors orientation - Employees views them as ▪ Indulgence vs. guidelines rather than rules restraint - Technologies cannot protect 3. Information Security Culture organizations if incorrectly o Attitudes, assumptions, integrated & utilized beliefs, values, & knowledge drive employee HUMAN FACTORS THAT IMPACT CSC behaviors related to organization’s information - Psychological factors & IS o “The burning oil platform metaphor” BUILDING A CSC ▪ Take initiative for change 1. Set up core CSC work group - Compliance & personality 2. Business underst&ing & risk - Social environment assessment 3. Define main goals, success ORGANIZATIONAL CSC criteria, & target audiences 4. Calculate ‘as-is’ & do gap 1. Organizational Culture analysis between as-is & your o Components goals ▪ Belief systems 5. Select one or more activities ▪ Values 6. Run selected activities ▪ Artifacts & 7. Rerun as-is & analyze results creations 8. Review & consider results before o Orientation deciding on next action ▪ Support Employee’s TELKOM’S CSC spirit of sharing - Identified employees as weakest ▪ Innovation point in cybersecurity defenses Organization - Need to provide internal training is open to o Had to chance the culture change of thinking ▪ Rules - Success because of: Respect for o Analysis & alignment of authority strategies ▪ Goal o Selection of right parent o People, not technologies Clear o Cooperation among specification members of targets o Communication & 2. National Culture feedback o Focuses on cross-cultural o Support from top perspective management o Taxonomy of national culture by Hofstede BANGLADESH BANK HACKING IT SECURITY MANAGEMENT REVIEWER By: Kaichee - Dridex malware o Created by Robert Tappan o Installed within Morris Bangladesh Central Bank o Security flows in Berkeley System (January 2016) Software Distribution o Gathered information on (BSD) of UNIX SWIFT - Precipitated DARPA’s Response - $20 million to Worm incident in November o Supposed to be 1998, disabled 10% of Internet transferred to Shalika o Creation of CERT/CC by Foundation but spelling SEI error gained suspicion ▪ Software from Deutsche Bank Engineering - $81 million to five accounts in Insitute RCBC foreign exchange broker o Morris charged & returned to RCBC consolidated convicted under CFAA of under one account 1986 - Bangladesh requested to freeze o Stimulated thinking & transfers (Chinese New Year) research into critical - Suspicion infrastructure protection o State-funded hackers from North Korea IMPORTANCE OF CERT SWIFT 1. Incident response & mitigation 2. Proactive security monitoring - Society for Worldwide Interbank 3. Coordination of cybersecurity Financial Telecommunications efforts - Member-owned cooperative 4. Recovery & restoration - Provides safe & secure financial 5. Training & awareness transaction 6. Vulnerability assessment & management COMPUTER EMERGENCY RESPONSE 7. Research & threat intelligence TEAM (CERT) sharing - Group of information security 8. Policy & guideline development experts CERT/CC - Responsible for protection against, detection of & response - SEI of Carnegie Mellon to an organization’s University established CERT/CC cybersecurity incidents in 1988 - Focus on resolving data breaches o Pittsburgh, Pennsylvania & denial-of-service attacks, - Mission is to respond to security provides alerts & incident h&ling emergencies on Internet guidelines - Originally knowns as Computer SEI & CERT Emergency Response Team - CERT designator is no longer an Coordination Center acronym, but a trademarked (CERT/CC) symbol HISTORY OF CERT - SEI now refers to its CERT division as CERT/CC - Robert Morris Worm - Carnegie Mellon’s trademark encouraged the use of Computer IT SECURITY MANAGEMENT REVIEWER By: Kaichee Security Incident Response o United Kingdom Team (CSIRT) instead of CERT 6. CERT/CC o Other acronyms came into o Created by Defense common use Advanced Research ▪ IRT, US-CERT, Projects Agency (DARPA) CSIRC, CIRC, CIRT, & run by SEI IHT, IRC, SERT, SIRT CERT FUNCTIONS CERT NAME - Provide effective incident response to computer security - An established CSIRT can issues request license to use CERT - Responds to computer designator from SEI at no cost vulnerabilities - Obtaining license allows team to - Protect, Detect, & Respond be listed on SEI website as an Model authorized user of the CERT designator PDR MODEL - CMU encourages use of CSIRT as 1. Protect generic term for h&ling computer o Measures & precautions security incidents to secure its computers o CMU licenses CERT mark 2. Detect NATIONAL COMPUTER EMERGENCY o Recognizing security RESPONSE TEAM (NCERT) incidents o Network must be - Receiving, reviewing, & documented & baselined responding to computer security ▪ Software Asset incidents Management - Systematic information (SAM) program gathering/dissemination ▪ Application - Guide on how to h&le management & cybersecurity incidents security program - Coordination & collaboration ▪ Change, with stakeholders configuration, & patch management REGIONAL TEAMS programs 1. AusCERT ▪ B&width utilization o Australia & Asia/pacific baseline & routine region b&width checks 2. CERT MAHER ▪ Network flow o Maher Center of Iranian baselines & National CERT continuous 3. MyCERT monitoring o Malaysia 3. Respond o Established in 1997 & is o Analyze incident to now part of CyberSecurity underst& what’s occurring Malaysia & why 4. SingCERT o Stop further damage from o Singapore occurring 5. National Cyber Security Centre IT SECURITY MANAGEMENT REVIEWER By: Kaichee NATIONAL INSTITUTE OF ST&ARDS of programs, projects, & & TECHNOLOGY (NIST) activities o Organize trainings & - Developed own incident response conducts seminars for model CSIRT - Uses “contain, eradicate, & recover” - SP-800-61 CERT-PH - 2016 o DICT formed - 2019 o Authorized use of CERT mark - 2020 o CERT-PH as official name of NCERT o Department Circular 003 s. 2020 ▪ March 6, 2020 CERT-PH FRONTLINE SERVICES 1. Cyber Incident Response (CIR) o Incident Management, Analysis, Coordination o H&les & responds to incidents o Provide assistance for remediation 2. Cyberthreat Intel & Monitoring (CTIM) o Collection & analysis of data 3. Security Operations Center (SOC) o Serves as centralized facility for detection, monitoring, & rapid response 4. Cybersecurity Assessment & Testing (CAT) o Conducts cybersecurity- related assessment 5. CERT Cooperation & Knowledge Management (CCKM) o In-charge of planning, implementation, monitoring, & evaluation