Security: Risk Management & Incident Response - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • Business partner

    • A commercial entity that has a relationship of some sort with another, separate commercial entity.

  • On-boarding / off-boarding business partners

    • On-boarding

      • Occurs when the partnership starts. It involves acclimating partners to the security practices that you expect them to follow in order to ensure a fair balance of responsibility and liability in the partnership.

    • Off-boarding

      • Occurs when the partnership ends. Both parties should agree to terminate any integration, including loss of cross-organizational access and other controls, that is no longer necessary.

  • Social media networks and/or applications

    • The public nature of social media and related apps often presents a risk to an organization's security.
    • Employees may post sensitive information on a social network that has wider-reaching consequences than simple word-of-mouth.

  • Interoperability agreements

    • Service-level Agreement (SLA)
      • This agreement clearly defines what services are to be provided to the client, and what support, if any, will be provided.
    • Business partner agreement (BPA)
      • This agreement defines how a partnership between business entities will be conducted, and what exactly is expected of each entity in terms of services, finances, and security.
    • Memorandum of understanding (MOU)
      • This type of agreement is usually not legally binding and typically does not involve courts or money. They are less formal and are typically enacted as a way to express a desire for all parties to achieve the same goal in the agreed-upon manner.
    • Interconnection security agreement (ISA)
      • This type of agreement is geared toward the information systems of partnered entities to ensure that the use of inter-organizational technology meets a certain security standard.

  • Privacy considerations

  • Risk awareness

    • Involves being consistently informed about the details of day-to-day interoperability, so that all parties are kept aware of the inherent risks involved in the relationship.

  • Unauthorized data sharing

    • Data sharing is often integral to the cooperative processes in business partnerships.
    • Although we can implement some form of access control to limit what is shared, the human element can render these controls ineffective.

  • Data ownership

    • Any policies that discuss data ownership and sharing with third parties may also include legal ramifications for employees who engage in unauthorized sharing.

  • Data backups

    • Some sensitive data is considered volatile and should not be kept in any sort of permanent storage capacity.
    • Data that you share and that a partner backs up may fall into the wrong hands, out of your control.

  • Follow security policy and procedures

  • Review agreement requirements to verify compliance and performance standards

Summarize common incident response procedures

  • Preparation

  • Incident identification

    • Identifying what the threat is, and/or the effects it is having on your systems/networks, including keeping records of the time/systems involved/what was observed, and making a full system backup as soon after the intrusion was observed, as possible, to preserve as much information about the attack as you can.

  • Escalation and notification

  • Mitigation steps

  • Lessons learned

  • Reporting

  • Recovery/reconstitution procedures

  • First responder

  • Incident isolation

    • Quarantine
    • Device removal

  • Data breach

  • Damage and loss control

Summarize risk management best practices

  • Business continuity concepts

    • Business impact analysis

      • Preparation step in Business Continuity Plan (BCP) development that identifies present organizational risks and determines the impact to ongoing, business-critical operations and processes if such risks actually occur.

    • Identification of critical systems and components

    • Removing single points of failure

    • Business continuity planning and testing

      • Paper testing
        • Reviewing plan contents using checklists to confirm whether the BCP meets predetermined, documented business needs.
      • Performing walkthroughs
        • Planners and testers walk through the individual steps to validate the logical flow of the sequence of events as a group.
      • Parallel testing
        • Used to ensure systems perform adequately at any alternate offsite facility, without taking the main site offline.
      • Cutover
        • Mimics an actual business disruption by shutting down the original site to test transfer and migration procedures to the alternate site, and to test operations in the presence of an emergency.

    • Risk assessment

    • Continuity of operations

      • Component of the BCP that provides best practices to mitigate risks, and best measures to recover from the impact of an incident.

    • Disaster recovery

    • IT contingency planning

    • Succession planning

    • High availability

    • Redundancy

    • Tabletop exercises

      • A tabletop exercise involves key personnel discussing simulated scenarios in an informal setting. TTXs can be used to assess plans, policies, and procedures.

  • Fault tolerance

    • The ability of a network or system to withstand a foreseeable component failure and continue to provide an acceptable level of service.
      • Hardware
      • RAID
      • Clustering
      • Load balancing
      • Servers

  • Disaster recovery concepts

    • Backup plans/policies
    • Backup execution/frequency
    • Cold site
      • A predetermined alternate location where a network can be rebuilt after a disaster.
    • Warm site
      • A location that is dormant or performs non-critical functions under normal conditions, but which can rapidly be converted to a key operations site if needed.
    • Hot site
      • A fully configured alternate network that can be online quickly after a disaster.