StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information systems security incident - Essay Example

Cite this document
Summary
This paper defines CONOP for ‘B Concepts’.The mission of B-Concepts CIRT is: “To protect communications and promote standards that give us a unique advantage”.
To fulfill this mission the operational framework for security of the software,hardware and data associated with information systems is defined based on ISO 17799. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.1% of users find it useful
Information systems security incident
Read Text Preview

Extract of sample "Information systems security incident"

Concepts of Operations Project Information Systems Security Incident This paper defines CONOP for ‘B Concepts’. The mission of B-Concepts CIRT is: “To protect communications and promote standards that give us a unique advantage”. To fulfill this mission the operational framework for security of the software, hardware and data associated with information systems is defined based on ISO 17799. CONOP outlines the key players, their roles and responsibilities in the event of information security incident. The CONOP is defined to control the information & financial loss, for business continuity, security policy review and security awareness programme. The CIRT organization structure is detailed; roles and responsibilities of the team members are defined. CIRT acts on information & security logs to anticipate security threats and to resolve the security incidents. This paper describes the types of logs that are maintained at B-Concepts, the log management system and discusses the advantages of security logs. Three types of security logs are maintained at B-Concepts: Security process logs are records of the security procedure and security policy application. These logs are recorded in the normal condition. Security fault logs are recorded in absence of security policy and risk management strategy. Security breach logs are the records of security policy breach. Information Systems Security Incident The CONcept of OPerations on information security incident is based on the severity and impact of the incident. “An incident can be thought of as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices” (GRANCE, KENT & KIM, 2004). Security Framework “ISO 17799 refers to hundreds of best-practice information security control measures that organizations should consider to satisfy the stated control objectives” (ISO 17799, 2005). The standards propose that an organization must identify the information assets and make a risk assessment for these assets. The computer security incident response policies for B-Concepts are defined in the security policy document based on the function/business and infrastructure of the organization. Computer Incident Response Team (CIRT) CIRT structure can be based on any of the 3 models: 1. Central Incident Response Team – a single team to handle incidents throughout the organization. 2. Distributed Incident Response Team – multiple teams for handling incidents of particular logical or physical segments of the organization. 3. Coordinating Team – A team that provides guidance and advice to individuals or department wide teams. The CIRT team can be partially/fully outsourced or staffed with internal employees. B-Concepts CIRT1 Roles and responsibilities: All members of the CIRT are prepared to interact with media. One member of CIRT is nominated as POC for media and law enforcement. The members of CIRT are accessible to anyone who suspects or discovers a computer security incident that involves organization interest (GRANCE and et al., 2004). Fig 1. Incident Response Lifecycle (GRANCE and et al., 2004) The responsibilities of CIRT in the incident lifecycle are: Preparation requires acquiring tools & resources, for incident handling, making a jump-kit1 and risk assessment of systems and applications for incident prevention. Detection: incident categorization based on type2 and signs (precursor3 or incident4). Analysis is done by profiling5 and understanding the network systems behavior, studying the logs and security alerts. CIRT must create a centralized logging system & log policy, it must be able to correlate events, conduct research to gain information, collect data by packet sniffers and data filtering. CIRT is also responsible for the documentation of incident information, incident prioritization to determine the impact on affected resources and notification to the concerned authorities. Containment: physical isolation of the affected resource, freezing logs & documents for evidence. Eradication & Recovery: destroying the defaulter - attacker, malicious code, or other sources of problem. The system is recovered to normal state and security is hardened. Post incident activity is objective and subjective analysis of incident logs and CIRT activities to determine the cause of security failure & performance of the team. Levels of authority include: 1. Disconnection and confiscation of equipment, monitoring suspicious activity and reporting incidents. 2. Communication with organization ISP, the attacker ISP, vendor of vulnerable software, media, external experts and CIRT. 3. Discussion with organization public affair office, legal department and management to establish policies and procedures for information sharing and incident response. 4. Documentation of contacts, communications and logs for federal liabilities and evidentiary purposes. Organization & Structure: The following factors are considered for constituting the team: 24x7 availability of team members, full-time/part-time according to the organization requirement and budget, employee moral, quality of work and expertise6. The sensitivity of the information shared and the need to correlate logs with internal data are considered for hiring external expert. Security Measurement – CIRT Logs Security incident logs are the records of security events such as: security process, security fault or security breach. The types of incident logs that are generated are: 1. Security logs (e.g. intrusion detection & prevention, security device logs, audit logs), 2. OS logs (e.g. user account, error codes), 3. Application logs (e.g. FTP, HTTP, SMTP, malicious code) These logs can be categorized as security attack, fraud or inappropriate usage. The authenticity of the log source7 is important to determine the accuracy of log information. Information security performance metrics provide a means for the monitoring and reporting of agency implementation of security controls. They also help assess the effectiveness of these controls in appropriately protecting agency information resources in support of the agency’s mission (CHEW, CLAY, HASH, BARTOL & BROWN, 2006, page 17). Advantages of security incident logs are many. “Using information gained during incident handling to better prepare for handling future incidents and to provide stronger protection for systems and data“(GRANCE and et al., 2004) 1. Security performance metrics is generated with routine log analysis. The vulnerable information assets are identified; policy violations or fraudulent activity by internal employees or external factors is checked. The information and security system operational problems are identified and fixed. 2. Based on security logs new security policies and controls are drafted and implemented. 3. In the event of security breach these logs are used for forensic analysis. 4. The security logs are useful in performing audits on organization security8 expenditure. This data is input to the management decision making process and the security awareness program. 5. Security logs are stored to comply with Federal legislation and regulations: FISMA, HIPAA, SOX, and GLBA. Security logs review: This process includes archiving old records and destroying records that are not needed. The logs are analyzed to prepare reports for the management. The security records are used for security incident anticipation and determine the organizations financial savings by security policy implementation e.g. user authentication attempt. Security Log Management The challenges are: 1. Generation of security logs from many sources with different log formats & size. 2. Protection of logs by filtering9, archiving, size limitation10 and safe storage. 3. Pro-active analysis of logs to avoid impending problems, e.g. catch the defaulter for login attempts before security breach. A 3-tier log management infrastructure is designed to meet these challenges. “A log management infrastructure consists of the hardware, software, networks, and media used to generate, transmit, store, analyze, and dispose of log data” (SOUPPAYA & KENT, 2006, page 23). Tier Activity to overcome challenges Log Generation 1. Implement organization policy for log collection, 2. Audits to confirm log standards and guidelines. Log consolidation & storage 1. Robust & secure log storage for confidentiality, integrity & availability of log data. 2. Filtering, aggregation, normalization and correlation of logs to reduce log data. Log Monitoring Training for log reduction, clearing, rotation11, log parsing, log archiving & log analysis. Table 1. Log Management Infrastructure The B-Concepts CIRT responds to security incident logs according to the organization security policy for the event. References: 1. Chew, Elizabeth., Clay, Alicia., Hash, Joan., Bartol, Nadya. & Brown, Anthony. (May 2006). Guide for developing Performance Metrics for Information Security. NIST. Retrieved September 24, 2006, from http://csrc.nist.gov/publications/drafts/draft-sp800-80-ipd.pdf 2. Grance, Tim., Kent, Karen. & Kim, Brian. (Jan 2004). Computer Security Incident Handling Guide. NIST. Retrieved September 26, 2006, from http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf 3. ISO 17799 / ISO 27002. (2005) The international standard Code of Practice for Information Security Management. Retrieved September 24, 2006, from http://www.iso27001security.com/ 4. Souppaya, Murugiah. & Kent, Karen. (April 2006). Guide to Computer Security Log Management. NIST. Retrieved September 24, 2006, from http://csrc.nist.gov/publications/drafts/DRAFT-SP800-92.pdf Bibliography: 1. Hellman, Gretchen. (n.d.). From Logs to Logic. Information Systems Security. Retrieved September 27, 2006 from http://www.infosectoday.com/Articles/logstologic.htm 2. Kabay, M.E. (July, 2004). CIRT Management: Rapid Alerts. Network World. Retrieved September 27, 2006 from http://www.networkworld.com/newsletters/sec/2004/0712sec2.html Appendix A. Glossary CMS – Code Management System CSIR – Computer Security Incident Response DMS – Document Management System DMZ – Demilitarized Zone FISMA – Federal Information Security Management Act GLBA – Gramm Leach Bliley Act HIPAA – Health Insurance Portability and Accountability Act OS – Operating System PCB – Printed Circuit Board POC – Point of Contact SOX – Sarbanes Oxley Act Appendix B. B-Concepts CIRT The CIRT organization chart comprises of representatives from the given departments (Model 1). CIRT member is nominated as manager. Fig 2. CIRT Organization Chart The members provide CSIR support for: 1. System Administration – the external & internal security threats & incidents to the organization computer network. 2. Product release – the security incidents related to the under-development organization products. 3. Quality Assurance – the CMS/DMS & released products incidents 4. External Experts – formulating policies and assistance where internal expertise is lacking. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Information systems security incident Essay Example | Topics and Well Written Essays - 2000 words”, n.d.)
Information systems security incident Essay Example | Topics and Well Written Essays - 2000 words. Retrieved from https://studentshare.org/information-technology/1537711-information-systems-security-incident
(Information Systems Security Incident Essay Example | Topics and Well Written Essays - 2000 Words)
Information Systems Security Incident Essay Example | Topics and Well Written Essays - 2000 Words. https://studentshare.org/information-technology/1537711-information-systems-security-incident.
“Information Systems Security Incident Essay Example | Topics and Well Written Essays - 2000 Words”, n.d. https://studentshare.org/information-technology/1537711-information-systems-security-incident.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information systems security incident

Evidence Management In My Organization

Simple techniques as password cracking are no longer the demon's tool to threat system security.... This situation is of prime concern to the information security world.... Finally, the approach must also incorporate the room for dealing with never-seen-before security situations.... SIGNIFICANCE OF EVIDENCE The evidence of a security breach can be collected in any of the seven steps in the response model described above....
4 Pages (1000 words) Essay

Concepts of Operations Project

Week One GoalMission Statement B Concept Company's mission statement toward the development of an Information systems security incident is to protect communications and promote standards that give them a unique advantage.... Information and information systems happen to be essential assets of high value to B Concept Company.... There should be a Misuse Committee incident investigation and recommending measures that is responsible of correct a problem of incident....
4 Pages (1000 words) Essay

Incident response policy

The value of forming a security incident response team with explicit team member Incident response policy for Gem Infosys Incident response policy for Gem Infosys Introduction In the existing IT environment, incidents are common and appropriate measures should be taken to tackle them.... The value of forming a security incident response team with explicit team member roles is explained, as well as how to define a disaster recovery process and business continuity plan....
2 Pages (500 words) Essay

Industrial Security Plan

security officers carry out industrial safety plan implementation.... On the formulation of a policy, a security officer would ensure that all employees are alerted and in addition monitor on the compliance.... The officer may also find it necessary to ask each employee sign a statement accepting receipt of the information....
7 Pages (1750 words) Assignment

An Analysis of Security Breaches and Incident Handling

Then the author outlined some of the main procedures A privacy or security incident is an infringement, or an impending danger of a violation of an open or indirect security strategy, satisfactory utilization of policies, or standard privacy as well as security practices.... A safety or security incident turns out to be a breach while the incident engages the suspected or else actual hammering of personal or business data and information.... A security incident is a visible occurrence in a corporate network or in a personal system, for example, noticed surveys, infections proscription (Scarfone et al....
20 Pages (5000 words) Assignment

Response of the New York City Police Department during an Active Shooter incident at Penn Station

The research will also give the findings and recommendations of what should have been done to prevent the incident from taking place… The most efficient way of dealing with any incident of crime is by preventing it from taking place.... More security screening should be introduced in all railway stations, no individual should be allowed to board any mode of public transport while armed.... The only persons that should board any public transport systems are security personnel The question that a lot of people ask after such shooting incidences is why such crimes are becoming so prevalent (Green, 2013)....
14 Pages (3500 words) Research Paper

Information Security Policy for ABCD University

This paper "Information security Policy for ABCD University0 " outlines the institution's plans and strategies to be used in safeguarding its information and physical technology facilities.... This paper discusses different types of security, controls and programms.... The information security policy is thus instrumental in ensuring the university protects and makes confidential its information, data and IT assets.... ABCD University has data, information, knowledge, and physical assets that are not only of great value but are also sensitive, necessitating utmost security measures....
7 Pages (1750 words) Coursework

The Establishment of an Incident Command System in Buncefield

… The paper "The Establishment of an incident Command System in Buncefield " is a delightful example of a case study on science.... The paper "The Establishment of an incident Command System in Buncefield " is a delightful example of a case study on science.... This incident of the explosion damaged fuel tanks which most of them were of large storage capacity.... Aims/objectives Find reasons for the establishment of an incident command system in large scale incidents....
11 Pages (2750 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us