View
220
Download
0
Category
Preview:
Citation preview
IT Incident Response
www.bestitdocuments.com
The goals
How to achieve this
Po
licie
s
Sta
nd
ard
s
Architecture
People
Process &
Technology
What can we really do
Management by in Standards Guidelines & Procedures
System Safeguard
Security & Internet
architecture
What we really need
The goalsP
olic
ies
Sta
nd
ard
s
Management by in
Security Policies sets the stage for standards, guidelines and
procedures
Define what behavior is not allowed
Communicates consensus amongst governance
stakeholders
Facilitates the “Good neighborly” philosophy for networking
What we really need
The goals
Po
licie
s
Sta
nd
ard
s
Management by in
Security Policies must be:Implementable and enforceable
Concise and ambiguous
Balance protection & productivity
Balance protection & productivity
Security Policies should:
State reasons why policy is needed
Describe the coverage – who, what where and how
Define contacts & responsibilities
Define how violations will be handled
What we really need
Policy Definitions
Program Policy• Used to create IT security program• Sometime referred to as departmental or company security policy
Issue-Specific Policy• Addresses issues of concern (what-ever)
System-Specific Policy• Focuses on decisions to protect a particular system• Procedures, standards, Guidelines are used to describe how policies are implemented
Tools to implement policy
Operational Standard• Specify uniform use of specific technologies organization wide ID
badges
Guidelines• Recognize that IT systems vary and that safeguards may be
implemented in many ways
Procedures• Detailed steps to be followed (set-up user accounts)
Strategies• Broad direction on implementation
Directions• Focused implementation Instructions
Enforceability
Policies• In some jurisdictions, adherence to “policy” may be the only legal enforceable document
• Guidelines, standards, procedures should probably have a very specific tractability reference to policy – check with legal department
IP Service Categories
Business process integration
Security Coordination
Education & Training
Prevent
Assess
Respond Detect
IRT Security Cycle
SysAdmin
NetAdmin PolicyIPC Legal/Policy
Technical Collaboration
Incident Handling – Forensic Analysis
Criminal Investigation
Incident Handling
(Technical)
UserIncident
Activity
Hostile
Benign
Illegal
Enterprise Wide Collaboration on Incidents
Operation Collaboration
Incident Handling
(Operational)Incident Response Options
Recommended