Security Programs
We must make management aware of theTangible & loss of life, equipment, etc... Intangible Losses confidence of partners, employees confidence in organisation
We need to define and train cross-functional teams
We should define a Charter Scope We need to define the asset inventory and assign responsibility matricies.
We need to define ICS Policies and procedures. We should choose a standard. This standard will give a procedure to implement.
We then should perform risk and vulnerability assessments.
Where Risk = Impact x Probability
Probability - Quantitative Likelyhood - Qualitative Mitigation - Minimize Risk Resiliance - How quickly you can run back to normalThreat Modelling
- Build Asset Inventory
- Vulnerability Assessment of Asset
- Identify All Prospective Threat Agents
- SLE: Single Loss Expectancy (impact)
- ARO: Annualized Rate of Occurance
- ALE: Annualized Loss of Expectency
- Set the Control Accordingly
- RTO - Recovery Time Objective (How long will you take to recover?)
- RPO - Recovery Point Objective (how often do you backup?)
- MTO - Maximum Tolerable Outage
- Risk Mitigation
- Risk Avoidance
- Risk Transference
- Risk Acceptance
- Risk Ignorance
Controls
- Physical Controls
- Technical
- Policy
- Directive Control
- Preventitive Control
- Detective Control
- Corrective Control
Partial Service Restoration
- Recovery Control
Full Recovery
- Deterent Control
- Compensatory Control
Style of Arrange controls for fall backs
Events
- Event - Something Happens Once
- Incident - Something is Happening Repeatedly
- Problem - Incidents are prevailing over long period
Analysing Logs
Actual Log's Claim TRUE POSITIVE TRUE NEGATIVE FALSE POSTIVE **FALSE NEGATIVE**Look at the second term first. This tell you what the log is saying. The first is the truth/falsity in reality. In this case, the last scenario is most dangerous.
Containment, Eradication & Recovery
Post-Incident Active
Root Cause Analysis- Who
- What
- Why
- Recommendations
30nov16 | admin |