Security Programs

We must make management aware of the

Tangible & loss of life, equipment, etc... Intangible Losses confidence of partners, employees confidence in organisation

We need to define and train cross-functional teams

We should define a Charter Scope We need to define the asset inventory and assign responsibility matricies.

We need to define ICS Policies and procedures. We should choose a standard. This standard will give a procedure to implement.

We then should perform risk and vulnerability assessments.

Where Risk = Impact x Probability

Probability - Quantitative
Likelyhood - Qualitative
Mitigation - Minimize Risk
Resiliance - How quickly you can run back to normal
Threat Modelling
  1. Build Asset Inventory
  2. Vulnerability Assessment of Asset
  3. Identify All Prospective Threat Agents
  4. SLE: Single Loss Expectancy (impact)
  5. ARO: Annualized Rate of Occurance
  6. ALE: Annualized Loss of Expectency
  7. Set the Control Accordingly


Controls

Events

You need teams that are continuously preparing, analysing and acting on the above events.

Analysing Logs


  Actual   Log's Claim

    TRUE   POSITIVE
    TRUE   NEGATIVE
    FALSE  POSTIVE
  **FALSE  NEGATIVE**

Look at the second term first. This tell you what the log is saying. The first is the truth/falsity in reality. In this case, the last scenario is most dangerous.

Containment, Eradication & Recovery

Post-Incident Active

Root Cause Analysis

http:///wiki/?securityprogram

30nov16   admin