Lecture 4 - Risk Mitigation Security Controls.pdf

K of ,U Risk Mitigation Securit...

K of ,U Risk Mitigation Security Controls - sh lecture 4 Dr. Huwaida Risk Mitigation Security Controls - lecture 4 ou Tagelsir Elshoush sh Introduction El Identifying and Dr. Huwaida Tagelsir Elshoush Evaluating Relevant a University of Khartoum - Sudan id Countermea- sures Faculty of Mathematical Sciences wa Controls Department of Computer Science Categories [email protected] Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 1 / 46 Presentation Topics at a Glance K of ,U Risk Mitigation Security Controls - 1 Introduction sh lecture 4 Dr. Huwaida 2 Identifying and Evaluating Relevant Countermeasures ou Tagelsir Elshoush sh Introduction 3 Controls Categories El Identifying and 4 Security Plans Evaluating a Relevant Business Continuity Plan id Countermea- sures Disaster Recovery Plan wa Controls Backup Plan Categories Incident Response Plan Hu Security Plans Business Continuity Plan Disaster Recovery 5 Contingency Planning Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 2 / 46 Building a Business Case K of A business exists to satisfy business objectives ,U Risk Mitigation Security programs are there to support this primary goal Security Controls - sh lecture 4 Dr. Huwaida First step in building a case is to understand the business ou Tagelsir Elshoush objectives sh Introduction Security efforts must be described in relation to El Identifying and organization’s mission Evaluating Relevant a id Countermea- sures Use quantitative and qualitative analysis to justify wa Controls security measures Categories Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 3 / 46 Selecting a Risk Assessment Methodology K of ,U Risk Mitigation In general, a risk assessment involves the following steps: Security Controls - 1 Identify the management structure sh lecture 4 Dr. Huwaida 2 Identify assets and activities to address. ou Tagelsir Elshoush Identify and evaluate relevant threats. sh 3 Introduction El Identifying 4 Identify and evaluate relevant vulnerabilities. and Evaluating a Relevant 5 Identify and evaluate relevant countermeasures. id Countermea- sures 6 Assess threats, vulnerabilities, and exploits. wa Controls Categories 7 Evaluate risks. Hu Security Plans Business Continuity Plan Disaster Recovery 8 Develop recommendations to mitigate risks. Plan. Backup Plan Dr Incident Response Plan 9 Present recommendations to management. Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 4 / 46 Identify and Evaluate Relevant Countermeasures K of ,U Risk Mitigation Security Controls - sh lecture 4 A countermeasure is a security control or a safeguard. Dr. Huwaida ou Tagelsir Elshoush You implement a countermeasure to reduce a risk. sh Introduction El Identifying and You can reduce a risk by reducing vulnerabilities or by Evaluating reducing the impact of the threat. Relevant a id Countermea- sures wa Controls Categories Vulnerability assessment determines which risks merit attention Hu Security Plans Business Continuity Plan Risk = Threat x Vulnerability Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 5 / 46 Identify and Evaluate Relevant Countermeasures K of ,U Risk Mitigation Security Controls - When identifying and evaluating the countermeasures, you sh lecture 4 should consider: Dr. Huwaida ou Tagelsir 1 In-place controls These are controls that are currently Elshoush installed in the operational system. sh Introduction El Identifying and 2 Planned controls These are controls that have a specified Evaluating implementation date. Relevant a id Countermea- sures wa Controls Categories 3 Control categories There are thousands of types of risk mitigation security controls. These types are divided into Hu Security Plans Business Continuity Plan categories. When reviewing all of the controls, you should Disaster Recovery Plan consider the purpose.. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 6 / 46 Identify and Evaluate Relevant Countermeasures K of ,U Risk Mitigation Security Controls - sh lecture 4 Dr. Huwaida 1 In-Place Countermeasures If the control is in place, you ou Tagelsir Elshoush can measure its effectiveness. Ideally, countermeasures are sh as effective as you expect them to be. Introduction El Identifying and Evaluating 2 Planned Countermeasures You can evaluate the current a Relevant systems to ensure the original threats and vulnerabilities id Countermea- sures still exist. Additional tools or techniques may also exist wa Controls Categories that will allow you to enhance the original recommendations. Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 7 / 46 Controls Categories K of ,U Risk Mitigation Security 3 Controls Categories Controls - sh lecture 4 One may run across controls categorized using one of the Dr. Huwaida following methods: ou Tagelsir Elshoush NIST groups these controls into three classes: sh Technical Introduction Operational El Identifying Management and Evaluating Relevant a Three implementation methods are used to categorize id Countermea- sures controls: wa Controls Categories Technical controls Physical controls Hu Security Plans Business Continuity Administrative controls Plan Disaster Recovery Plan We will focus on these implementation methods.. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 8 / 46 Risk Mitigation Security Controls Are Divided Into K Categories of ,U Risk Mitigation Security Controls - sh lecture 4 Dr. Huwaida ou Tagelsir Elshoush sh Introduction El Identifying and Evaluating Relevant a id Countermea- sures wa Controls Categories Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 9 / 46 Technical Security Control K of ,U Risk Mitigation Security Controls - sh lecture 4 Dr. Huwaida ou Tagelsir Elshoush A technical security control uses computers or software sh Introduction to protect systems. El Identifying and Evaluating The benefit is that the control is automated. You can set Relevant a id Countermea- sures it once and it will consistently enforce the control. wa Controls Categories Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 10 / 46 Technical Security Controls K of ,U Risk Mitigation Some examples of technical security controls are: Security Controls - Login identifier sh lecture 4 Users are required to provide credentials before you grant Dr. Huwaida ou Tagelsir access to the system. This is also referred to as Elshoush authentication. Three primary factors of authentication sh Introduction exist: El Identifying Something you know, such as a user name and password and Evaluating a Relevant Something you have, such as a smart card id Countermea- sures wa Controls Something you are, as captured by biometrics Categories Hu Security Plans Business Continuity Plan Session timeout Disaster Recovery Plan Many systems automatically time out after a period of. Backup Plan Dr Incident Response Plan inactivity. Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 11 / 46 Technical Security Control K of ,U Risk Mitigation System logs Security Controls - System logs log activity performed by systems, users, or sh lecture 4 attackers. Dr. Huwaida ou Tagelsir Audit trails You can use many types of audit logs to Elshoush create an audit trail. A security log can log all access to sh Introduction specific files. El Identifying and Input validation Applications can use data range and Evaluating reasonableness checks to validate data before using it. Relevant a id Countermea- sures Firewalls Network firewalls can control traffic coming in wa Controls Categories and out of a network. Host-based firewalls can restrict traffic for individual systems. Hu Security Plans Business Continuity Plan Disaster Recovery Encryption You can encrypt data when it is stored on a Plan drive or when it is transmitted over a network. This. Backup Plan Dr Incident Response Plan provides confidentiality of the data. Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 12 / 46 Physical Security Controls K of Locked Doors to lock server rooms to protect servers, ,U Risk Mitigation Security and lock wiring closets that host routers and switches. Controls - sh lecture 4 Guards and Access Logs can have guards control access Dr. Huwaida ou Tagelsir to sensitive areas, and use an access log to list individuals Elshoush who are authorized access. sh Introduction Video Cameras can monitor areas on a continuous basis. El Identifying and Many closed circuit television (CCTV) systems can record Evaluating data from multiple cameras. Relevant a id Countermea- sures Fire Detection And Suppression can destroy a wa Controls Categories significant amount of data and hardware in a very short period. Hu Security Plans Business Continuity Plan Disaster Recovery Water Detection Some areas are prone to flooding. Plan When water is detected, pumps can be turned on. Backup Plan Dr Incident Response Plan automatically to remove the water. Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 13 / 46 Administrative Security Controls K of Administrative Security Controls are the controls in ,U Risk Mitigation Security place in response to the rules and guidelines directed by Controls - upper-level management. sh lecture 4 Dr. Huwaida ou Tagelsir Elshoush These include several specific controls. sh Introduction However, one important point about administrative El Identifying and controls is that they are implemented with a written Evaluating document. Relevant a id Countermea- sures wa Controls Some examples of administrative controls are: Categories Policies and procedures. Hu Security Plans Security plans. Business Continuity Plan Insurance. Disaster Recovery Plan Personnel checks.. Backup Plan Dr Incident Response Awareness and training. Plan Rules of behavior Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 14 / 46 Administrative Security Controls - Security Plans K of ,U Risk Mitigation Security Organizations create different security plans to address Controls - different scenarios. sh lecture 4 Dr. Huwaida ou Tagelsir Elshoush Many of the security plans are common to most sh organizations. Introduction El Identifying and Evaluating This section covers the following security plans found in a Relevant many organizations: id Countermea- sures Business continuity plan wa Controls Categories Disaster recovery plan Hu Security Plans Business Continuity Plan Disaster Recovery Backup plan Plan. Backup Plan Dr Incident Response Plan Incident response plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 15 / 46 Business Continuity Plan K of A business continuity plan (BCP) is one type of security ,U Risk Mitigation Security plan. Controls - sh lecture 4 Dr. Huwaida It is a comprehensive plan that helps an organization ou Tagelsir Elshoush prepare for different types of emergencies. sh Introduction It ensures that mission critical functions continue to El Identifying and operate even after a disaster strikes. Evaluating Relevant a id Countermea- sures A BCP often starts with a business impact analysis wa Controls (BIA). Categories Hu Security Plans Business Continuity Plan The BIA identifies the critical functions. Disaster Recovery Plan. Backup Plan The BCP then documents how to keep these functions Dr Incident Response Plan operating during a disaster. Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 16 / 46 Disaster Recovery Plan K of ,U Risk Mitigation Security Controls - A disaster recovery plan (DRP) provides the details to sh lecture 4 Dr. Huwaida recover one or more systems from a disaster. ou Tagelsir Elshoush sh Introduction DRPs and BCPs are sometimes considered the same thing. However, they are different. El Identifying and Evaluating Relevant a The BCP keeps the critical functions running during a id Countermea- sures disaster. wa Controls Categories Hu Security Plans Business Continuity The DRP has a narrower focus and identifies how to Plan Disaster Recovery recover a system. Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 17 / 46 Backup Plan K of ,U Risk Mitigation A backup plan is often included as part of a DRP. Security Controls - sh lecture 4 Dr. Huwaida You can’t recover data after a disaster unless you’ve ou Tagelsir Elshoush backed it up. sh Introduction The backup plan is derived from a backup policy. El Identifying and Evaluating a Relevant The backup policy identifies data valuable to the id Countermea- sures organization. wa Controls Categories It also specifies storage and retention requirements. Hu Security Plans Business Continuity Plan Disaster Recovery Plan The backup plan includes procedures identifying how this. Backup Plan Dr Incident Response Plan data can be backed up Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 18 / 46 Incident Response Plan K of ,U Risk Mitigation Security Controls - sh lecture 4 An incident response plan documents how an Dr. Huwaida ou Tagelsir organization should respond to a security incident. Elshoush sh Introduction The organization could have multiple incident response El Identifying and plans, depending on the complexity of the organization. Evaluating Relevant a id Countermea- sures Incident response involves: wa Controls notification of key people Categories documenting the incident Hu Security Plans Business Continuity contain the damage due to the incident Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 19 / 46 Contingency Planning K of Contingency planning (CP) controls are used to help an ,U Risk Mitigation Security organization recover from failures or disasters. Controls - sh lecture 4 They include controls related to planning, training, and Dr. Huwaida ou Tagelsir testing for failures and disasters. Elshoush sh Introduction They also include controls related to alternate sites for El Identifying storage or processing. and Evaluating a Relevant Contingency planning consists of: id Countermea- sures Incident response plan wa Controls Disaster recovery plan Categories Business continuity plan Hu Security Plans Business Continuity Plan Disaster Recovery Contingency planning requires support of: Plan Upper level management. Backup Plan Dr Incident Response Plan IT people Contingency Security people Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 20 / 46 Contingency Planning K of ,U Risk Mitigation Security Controls - sh lecture 4 Dr. Huwaida ou Tagelsir Elshoush sh Introduction El Identifying and Evaluating Relevant a id Countermea- sures wa Controls Categories Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 21 / 46 Contingency Planning Timeline K of ,U Risk Mitigation Security Controls - sh lecture 4 Dr. Huwaida ou Tagelsir Elshoush sh Introduction El Identifying and Evaluating Relevant a id Countermea- sures wa Controls Categories Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 22 / 46 Business Impact Analysis (BIA) K of ,U Risk Mitigation Security Business Impact Analysis (BIA) is the first step in Controls - contingency planning (CP) sh lecture 4 Dr. Huwaida ou Tagelsir Elshoush Takes off from where risk assessment ended sh Introduction Main steps in BIA are: El Identifying and Evaluating Threat attack identification a Relevant id Countermea- sures Business unit analysis wa Controls Categories Attack success scenarios Hu Security Plans Business Continuity Plan Disaster Recovery Potential damage assessment Plan. Backup Plan Dr Incident Response Subordinate plan classification Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 23 / 46 Business Impact Analysis (BIA) K of ,U Risk Mitigation Security Controls - sh lecture 4 Dr. Huwaida Threat identification includes: ou Tagelsir Elshoush Attack name and description sh Introduction Known vulnerabilities El Identifying and Evaluating Indicators preceding an attack Relevant a id Countermea- sures Information assets at risk from the attack wa Controls Categories Damage estimates Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 24 / 46 Business Impact Analysis (BIA) K of ,U Risk Mitigation Security Controls - sh lecture 4 Business Unit Analysis includes: Dr. Huwaida ou Tagelsir Prioritization of business functions Elshoush sh Introduction Identify critical business units El Identifying and Evaluating Attack success scenario includes: Relevant a id Countermea- sures Known methods of attack wa Controls Categories Indicators of attack Hu Security Plans Business Continuity Plan Broad consequences Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 25 / 46 Business Impact Analysis K of ,U Risk Mitigation Security Potential damage assessment includes: Controls - Actions needed immediately to recover from the attack sh lecture 4 Dr. Huwaida ou Tagelsir Personnel who will do the restoration Elshoush sh Introduction Cost estimates for management use El Identifying and Evaluating Subordinate plan classification includes: Relevant a id Countermea- sures Classification of attack as disastrous or non-disastrous wa Controls Categories Disastrous attacks require disaster recovery plan Hu Security Plans Business Continuity Plan Non-disastrous attacks require incident response plan Disaster Recovery Plan. Backup Plan Most attacks are non-disastrous, e.g. blackout Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 26 / 46 Business Impact Analysis Diagram K of ,U Risk Mitigation Security Controls - sh lecture 4 Dr. Huwaida ou Tagelsir Elshoush sh Introduction El Identifying and Evaluating Relevant a id Countermea- sures wa Controls Categories Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 27 / 46 Incident Response Plan K of ,U Risk Mitigation Responsible people aware of IR plan details Security Controls - sh lecture 4 Dr. Huwaida Periodic testing of IR plan as a desktop exercise ou Tagelsir Elshoush Goals to remember: sh Introduction More sweat in training means less bleeding in combat El Identifying and Evaluating Preparation hurts Relevant a id Countermea- sures Lead from the front and not the rear wa Controls Categories Keep it simple Hu Security Plans Business Continuity Plan Disaster Recovery Never assume Plan. Backup Plan Dr Incident Response Plan You get paid for results not your methods Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 28 / 46 Incident Response Plan K of ,U Risk Mitigation Security Controls - sh lecture 4 Incidents are usually detected from complaints to help desk Dr. Huwaida ou Tagelsir Elshoush Security administrators may receive alarms based on: sh Introduction Unfamiliar files El Identifying and Unknown processes Evaluating Relevant a id Countermea- sures Unusual resource consumption wa Controls Categories Activities at unexpected times Hu Security Plans Business Continuity Plan Use of dormant accounts Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 29 / 46 Incident Response Plan K of ,U Risk Mitigation Security Additional incidence indicators: Controls - sh lecture 4 IDS system detects unusual activity Dr. Huwaida ou Tagelsir Elshoush Presence of hacker tools such as sniffers and keystroke sh loggers Introduction El Identifying and Partners detect an attack from the organization system Evaluating Relevant a Hacker taunts id Countermea- sures wa Controls Categories How to classify an incident as a disaster? Hu Security Plans Business Continuity Organizational controls for an incident are ineffective Plan Disaster Recovery Plan Level of damage to the system is severe. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 30 / 46 Incident Response Plan K of ,U Risk Mitigation Security Controls - Incident reaction involves sh lecture 4 Dr. Huwaida Notifying proper personnel ou Tagelsir Elshoush Involves notifying people on the alert roster sh Introduction Notification could be accomplished using a predefined tree El Identifying and structure Evaluating Relevant a id Countermea- sures Notification is pre-scripted to activate relevant portions of the incident response plan wa Controls Categories Hu Security Plans Business Continuity Plan Designated personnel start documenting the incident Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 31 / 46 Incident Response Plan K of ,U Risk Mitigation Security Controls - Activate incident containment strategies such as: sh lecture 4 Dr. Huwaida Take system offline ou Tagelsir Elshoush sh Introduction Disable compromised accounts El Identifying and Evaluating Reconfigure firewall as needed Relevant a id Countermea- sures wa Controls Shut down specific applications such as email or database Categories Hu Security Plans Business Continuity Plan Might necessitate shutting down the system completely Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 32 / 46 Incident Response Plan K of ,U Risk Mitigation Security Controls - sh lecture 4 Dr. Huwaida ou Tagelsir Elshoush Post-incident actions sh Preserve evidence Introduction El Identifying and Evaluating Activate recovery procedures a Relevant id Countermea- sures Assess damage wa Controls Categories Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 33 / 46 Disaster Recovery planning K of ,U Risk Mitigation Security Controls - sh lecture 4 Dr. Huwaida ou Tagelsir Elshoush Prioritize recovery of components sh Introduction El Identifying and Crisis management Evaluating Relevant a id Countermea- sures Activate recovery from backup data wa Controls Categories Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 34 / 46 Implementing Controls K of ,U Risk Mitigation Security Techniques used to manage risks identified in vulnerability Controls - assessment sh lecture 4 Dr. Huwaida risk avoidance ou Tagelsir Elshoush risk mitigation sh Introduction El Identifying risk acceptance and Evaluating Relevant a id Countermea- sures BCP team must determine exactly how these strategies will be applied to each of the risks identified wa Controls Categories Hu Security Plans Business Continuity Plan Not all risks can be handled with technical approaches, Disaster Recovery Plan some may require education and training or external. Backup Plan expertise Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 35 / 46 Maintaining the Plan K of ,U Risk Mitigation Security Controls - sh lecture 4 BCP is a living document Dr. Huwaida ou Tagelsir Elshoush Changes in the environment, the business, and in current sh Introduction technologies will induce new risks El Identifying and Evaluating BCP should be flexible and comprehensive enough to Relevant a id Countermea- sures absorb changes wa Controls Categories However, periodic review and updating of the BCP will be Hu Security Plans Business Continuity Plan required Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 36 / 46 Disaster Recovery Planning K of ,U Risk Mitigation Security Disaster recovery planning is used to prepare for Controls - continuing an organization’s operations when they are sh lecture 4 Dr. Huwaida interrupted due to a crisis ou Tagelsir Elshoush sh Introduction A Disaster Recovery Plan (DRP) is the document El Identifying describing the recovery plan and Evaluating Relevant a Goals of a DRP id Countermea- sures Resume operations at an alternate facility as necessary wa Controls Categories Provide for extended operation at the alternate facility Hu Security Plans Business Continuity Plan Disaster Recovery Plan Prepare for transition back to the primary facility when. Backup Plan possible Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 37 / 46 Selecting the Team K of ,U Risk Mitigation Security Controls - Who should be on a disaster recovery team? sh lecture 4 Dr. Huwaida Important to cover critical departments and missions ou Tagelsir Elshoush within the organization sh Introduction Size of the organization will dictate size of team El Identifying and Evaluating Relevant a In a larger organization, planning and implementation id Countermea- sures teams can be different wa Controls Categories Hu Security Plans Business Continuity DRP responsibilities are usually secondary to the team Plan Disaster Recovery members’ primary roles within the organization Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 38 / 46 Building the Plan K of ,U Risk Mitigation Security Controls - The DRP should describe the processes to follow in the sh lecture 4 event of disaster Dr. Huwaida ou Tagelsir Should detail the responsibilities of all individuals involved Elshoush in the plan sh Introduction El Identifying Should detail resources needed, including financial, and Evaluating manpower, hardware, and software a Relevant id Countermea- sures Selection of at least one alternate facility is a primary wa Controls Categories challenge Hu Security Plans Business Continuity The greater the required capabilities, the more expensive it Plan Disaster Recovery will be Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 39 / 46 Disaster Recover Facilities K of Hot site ,U Risk Mitigation Security Contains all hardware, software, and data required. Controls - sh lecture 4 Capable of taking over production immediately Dr. Huwaida ou Tagelsir Elshoush Warm site sh Introduction Contains most hardware and software required, does not El Identifying maintain live copies of data. and Evaluating a Relevant Capable of taking over production within hours or days. id Countermea- sures wa Controls Categories Cold site Contains basic power, telecommunications, and support Hu Security Plans Business Continuity Plan systems. Disaster Recovery Plan Does not maintain hardware, software, and data.. Backup Plan Dr Incident Response Plan Capable of taking over production within weeks or months. Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 40 / 46 Creative Disaster Recovery K of ,U Risk Mitigation Security Controls - Nontraditional arrangements for disaster recovery are sh lecture 4 possible and may be suitable for a particular organization Dr. Huwaida ou Tagelsir Elshoush Geographically dispersed organizations might consider sh Introduction mobile facilities El Identifying Trailers, mobile homes, air-transportable units and Evaluating Relevant a Do not keep them all in one place id Countermea- sures wa Controls Categories Mutual assistance agreements Hu Security Plans Share costs with other organizations Business Continuity Plan Disaster Recovery Plan Care must be taken in maintaining confidentiality of data. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 41 / 46 Training K of ,U Risk Mitigation Security DRP team members need training to prepare for Controls - sh lecture 4 responsibilities under the plan Dr. Huwaida ou Tagelsir Elshoush Initial training sh Introduction Comprehensive training takes place when individuals are El Identifying placed on the team and Evaluating Relevant a Refresher training id Countermea- sures Periodic training to update and refresh team members’ wa Controls Categories skills and readiness Hu Security Plans Business Continuity Plan Disaster Recovery Length, frequency, and scope of DRP training must be Plan customized to each individual’s responsibilities. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 42 / 46 Testing K of ,U Risk Mitigation Checklist review Security Simplest, least labor-intensive form of testing Controls - sh lecture 4 Dr. Huwaida Each individual has a checklist of responsibilities under the ou Tagelsir Elshoush DRP sh Introduction During testing, each individual reviews his/her checklist El Identifying and Evaluating Can be done as a group or individually Relevant a id Countermea- sures Tabletop exercise wa Controls Categories Test facilitator describe a specific disaster scenario Hu Security Plans Business Continuity Plan DRP team members verbally walk through their responses Disaster Recovery Plan to the scenario. Backup Plan Dr Incident Response Plan Scenarios can be disseminated at the test or in advance Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 43 / 46 Testing K of ,U Risk Mitigation Security Soft test (parallel test) Controls - DRP team members are given a disaster scenario and sh lecture 4 Dr. Huwaida respond by activating the recovery facility ou Tagelsir Elshoush Recovery facility works in parallel with main facility, does sh Introduction not take responsibility for full operation El Identifying and Evaluating A more comprehensive test, also a more expensive test Relevant a id Countermea- sures Hard test (full-interruption test) wa Controls Categories Used only rarely in mission critical situations, too Hu Security Plans disruptive and expensive Business Continuity Plan Disaster Recovery Plan Involves full transfer of control to alternative facility and. Backup Plan back Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 44 / 46 Implementing the Plan K of ,U Risk Mitigation Security Controls - sh lecture 4 When a plan must be implemented, the situation is going Dr. Huwaida to be chaotic ou Tagelsir Elshoush sh Introduction Plan must define actions of first responders, whoever they might be El Identifying and Evaluating All employees should know what to do if they witness an a Relevant event that might signal a need for disaster recovery id Countermea- sures wa Controls Categories The authority to declare a disaster situation should be carefully allocated Hu Security Plans Business Continuity Plan Possibly to multiple people Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 45 / 46 Maintaining the Plan K of ,U Risk Mitigation Security Controls - sh lecture 4 Dr. Huwaida The disaster recovery team’s membership, procedures, and ou Tagelsir Elshoush tools will change over time sh Introduction The team should rely heavily on checklists to avoid panic El Identifying and and chaos Evaluating Checklists must be up-to-date Relevant a id Countermea- sures wa Controls Categories The DRP should be continually tested and evaluated with lessons learned debriefings Hu Security Plans Business Continuity Plan Disaster Recovery Plan. Backup Plan Dr Incident Response Plan Contingency Dr. Huwaida Tagelsir Elshoush Risk Mitigation Security Controls - lecture 4 46 / 46

Lecture 4 - Risk Mitigation Security Controls.pdf

Document Details

Tags

Related

Full Transcript

Upgrade to continue