23-11-2012, 11:45 AM
INFORMATION SECURITY MAINTENANCE
INFORMATION SECURITY.ppt (Size: 574 KB / Downloads: 43)
The Maintenance Model
Designed to focus organizational effort on maintaining systems
Recommended maintenance model based on five subject areas
External monitoring
Internal monitoring
Planning and risk assessment
Vulnerability assessment and remediation
Readiness and review
External Monitoring
Objective to provide early awareness of new threats, threat agents, vulnerabilities, and attacks.
Entails collecting intelligence from data sources and giving that intelligence context and meaning for use by organizational decision makers
Data Sources
Acquiring threat and vulnerability data is not difficult
Turning data into information decision makers can use is the challenge
External intelligence comes from three classes of sources: vendors; computer emergency response teams (CERTs); public network sources
Regardless of where or how external monitoring data is collected, must be analyzed in context of organization’s security environment to be useful
Monitoring the Internal Environment
Maintain informed awareness of state of organization’s networks, systems and defenses.
Maintaining inventory of IT infrastructure and applications.
Planning and Risk Assessment
Primary objective to keep lookout over entire information security program
Accomplished by identifying and planning ongoing information security activities that further reduce risk
Vulnerability Assessment and Remediation
Primary goal is identification of specific, documented vulnerabilities and their timely remediation
Accomplished by:
Using vulnerability assessment procedures
Documenting background information and providing tested remediation procedures for reported vulnerabilities
Tracking vulnerabilities from where they are identified
Communicating vulnerability information to owners of vulnerable systems
Readiness and Review
Primary goal to keep information security program functioning as designed and continuously improving
Accomplished by:
Policy review
Program review
Rehearsals