Sie sind auf Seite 1von 11

Access control Domain

Access control Identification is the assignment of unique IDs given to users. This identification is given to users so that they have the ability to identify themselves within the organization. Along with the identification there is the authorization of the users unique identification. This is the process of providing a users identify before they enter the networks systems and there are three ways of identification. This can be something the user knows, such as a password, something the user has like a ID card, and something the user is which is generally biometrics. The authorization of a user allows for the access to privilege areas of the network or system. The authorization is usually given to a user to match their current role in the network to give them the minimum access that they required to get their job done. Usually management would assign the roles beforehand so that there will be little setup later. Accounting would be the final step in the access control domain; this is when network administrators begin an audit to make sure that the users on the network have the proper privileges set to the minimum specifications that is required to complete their jobs and to make sure that the access control domain is properly set up throughout the network.

Cryptography A key area to cryptography is the encryption of transmitted data, encryption is the

when normal text of a document or file is transformed into a form of text that is unreadable called cipher text. This cipher text is intended to be only read by the intended recipient and the purpose to prevent the leak or important data by someone who intercepted the message or a possible miss-send of the document to the wrong recipient. The use of symmetrical and Asymmetrical encryption uses either a private key (symmetrical) or a public key (Asymmetrical) for encryption of the data. As encryption is a key area so is Decryption a key area for cryptography. Decryption is the process of turning cypher text into normal text that the recipient can read. Decryption allows for the sender to know that the recipient is the intended person receiving the message and that the sender is the person who actually sent the message to the recipient. Just like encryption, decryption uses symmetrical and asymmetrical algorithms to decipher the message so that the recipient can read the message. The third key area of cryptography is the use of algorithms to encrypt messages so that the information within them is secure. As mentioned before the use of symmetrical algorithms allow for a secure transmission of data by using a private key that is used to encrypt and decrypt messages that only the sender and recipient have. Asymmetrical algorithm uses a private key that the sender has and a public key which is given to the recipient just like symmetrical. The only difference is if the public key is lost it can be replaced and the recipient can still obtain their message.

Business continuity and Disaster Recovery Planning

The first key area of business continuity and Disaster Recovery Planning is to perform a formal risk assessment which will identify threats to and vulnerabilities in the information system. This will also cover potential dangers and harm that can occur with the loss of confidentiality, integrity, or availability with your companys assets and operations as well as cover the security controls that will be needed to protect said assets. The risk assessment will bring together the important data about the protection of an organizations information systems and bring about a great security plan for them. The next Key area of Business continuity and Disaster Recovery Planning is to conduct a Business impact Analysis. The goal of a BIA is to define the objective for the recovery of host computing systems that run the applications that support the business processes. The objectives for this are stated as. RTO which is the number of hours or days management has put on resuming a business process or a system and the RPO which describes the age of the data you want the ability to restore to in event of a disaster The third key area to Business continuity and Disaster Recovery Planning is to put the plan into action. By initiating the plan you can prepare to begin to continue the organizations operations as normal from a new location or from the current location. This will allow the organization to maintain its business and allow for the clientele or any other entities to continue to use their services that are needed.

Security Architecture and Design

A key area for Security Architecture and Design is to setup security policies and procedures by identifying all the assets that are within the organization that are a priority to protect, Identify all the vulnerabilities and threats that can and will happen and the risks that they will be breached, Decide which measures will protect these assists without using to many financial resources, discuss any findings and results with those that need to know of that information, as well as monitor and review the process of continuous improvement of the policies and processes Data remanence is a huge key area and can lead to a huge data breach if information is deleted from an external device but that device is not checked for fragments of data that may remain. This data can be unknowingly be retrieved because that previously removed data can be recovered through specific means. By performing a purge of the external device can prove to be effective as the data cannot be recovered in the worst case a complete destruction of the external device can prove to be the most effective. Data Access should be on a need to know basis and only specific parties should have access to the most sensitive data. Even a lone employee who unknowingly looks for a file that he may need to make a copy of and unknowingly makes a copy of the wrong file which contains sensitive data this employee has now created a data breach risk because they have access to data in which they should not have in the first place. When data is accessed an audit should be considered to locate any sensitive data that may have been copied and possibly by which employee may have made that copy to

create a plan of action to prevent this data from causing problems later down the road if it should be stolen, sold, or lost Legal, Regulations, Compliance and Investigations

A key area to Legal, Regulations, Compliance and Investigations is the gathering of evidence that is left behind by attackers who invade your network through vulnerability. One thing that should be considered during the gathering of evidence is that any and all evidence should be treated as if it is going to be presented in a court case. If there is any evidence that is tainted during the collection it may be worthless to be used against the offenders. Also the chain of custody should be highly regarded so that the integrity of the data is not affected allowing it to be utilized when the time comes. Another key area to Legal, Regulations, Compliance and Investigations is knowing when and who to report to when an incident occurs. Sometimes when an incident happens there is no need to have an outside source brought in as an internal investigation is all that is needed to handle the situation. Then there is the chance when outside legal sources such as law enforcement may be necessary for the investigation because the damages to the company fall under criminal activities. There can also be a time when clientele needs to be informed for possible data breaches that may affect their personal lives to prevent any legal ramifications. Understanding forensic procedures is a key area to Legal, Regulations, Compliance and Investigations. Knowing how these procedure are implemented the organization can fully utilize this technology to find trace evidence that is left behind that would be difficult to find by normal means. Knowing that the forensics process can lead to Media

analysis, Network analysis, and Software analysis can help the organization determine which areas they may need to keep hidden just in case

Operations Security

A key area to operations security identifies the critical information that the organization is wishing to protect. This can be a wide range of many forms of data such as that of information of military operations, undercover agents that are working in the field, upcoming products, and even secret recipes. All of these example are that of data that would need to be kept from someone such as a rival company or opposing government force. The next key area is analyzing the threat, such as who wants or needs the information that the organization is trying to protect. Who is this outside source trying to get the information and how they plan to do so. Would they attempt to hack into the organizations database, find documents that may be out in the open, or even send in a spy to infiltrate the organization to gather the information that can lead to a major data breach or security risk. A third key area of Operations Security is to look for and locate any vulnerability that may put the organization at risk. These vulnerabilities can be an indirect sources such interception if e-mails, remote access, and network assaults. Direct vulnerabilities can be that of personnel infiltrations, wiretapping, and social engineering.

Physical (Environmental) Security

The first Key area to Physical (Environmental) Security is physical entry controls. By securing areas with the proper protection and entry controls this will ensure that only those with the privileges and authorization can reach these secured areas. These areas can also be reviewed by those who enter the secure area will be recorded on a type of security log to analyze who may have been in the area during a breach. All attempts at entering a secure area can be logged and a plan for remedial actions should be put forward. Protection against external and environmental threats such as protection against damage from natural disaster such as hurricanes, floods, fires, earthquakes, explosion, riots, and any other forms of natural disasters or man-made occurrences that can be harmful to the organization. Server rooms would be ideal to be located above the ground level as this can prevent certain forms of natural disasters and make it hard for intruders to reach. Fire suppressant systems can help avoid many forms of fire damage, by using a specific type of fire suppressant system you can also prevent water damage from occurring to electronical systems. The location of public access areas as well as delivery and loading areas where unauthorized individuals are allowed access to should be controlled and have a heavy surveillance. These areas must be located away from mission critical areas to prevent any data breaches that may happen because unauthorized persons can wander about that area of the facility.

Information Security and Risk Management

Data Confidentiality is limiting the access to specific information that only authorized people should have access to. This also covers the prevention of data being accessed by unauthorized personal or individuals. Confidentiality is related to the broader concept of data privacy limiting access to individual personal information. Data integrity is the trustworthiness of information resources such as the means in which data is stored and protected. Data integrity is the action in which data is transferred or stored without being altered in any manner that can be damaging. Data integrity also provides proof that the information or data came from the source that it claims to have come from. Data integrity also covers the point in which the data was entered or received into the system without corruption in the current state no matter if the information entered at the time was correct or incorrect. Any tampering of the data after it has been entered would damage its integrity makings it unreliable. Data Availability refers to the availability of information resources as well as any information systems at the time of processing. There can be a few things that go wrong that prevent data availability which can range from a simple power outage, to a natural disaster such as floods or high winds, to a more malicious benefactor such as a Denial of Service attack. Telecommunications and Network Security

The Transmission Control Protocol (TCP) is a widely used protocol. The TCP works in the transport layer found on TCP/IP model. The primary function of TCP is the

transmission of datagram between applications, while the secondary function is related to controls that are necessary for ensuring reliable transmissions. The TCP utilizes a security technique that is called the three way handshake to establish a connection and to also terminate another connection. The three way hand shake consists of a SYN request, which than the it is met with a SYN-ACK and then the final confirmation of the three way hand shake is the ACK. Internet Protocol Version 4 (IPV4) the internet protocol is used to transmit data from one computer to another through an internet connection allowing for long distant and immediate communications. Protecting the Internet protocols is the IPsec which is a suit of protocols created to secure the transmission of information with the internet protocols. IPsec using the Internet Key Exchange, Authentication Header, and Encapsulation Security Payload protocols to further protect the Internet Protocols. Intrusion detection and Intrusion prevention is a major key area for network security. By detecting intrusions the security team can trace the activities back to any vulnerability that allowed the intrusion to make it into the network allowing for a security patch to fix the point of breach. Intrusion prevention is a different instead of detecting intrusions when they have entered the network, an IPS stops the intrusion dead in its tracks preventing the attacker from entering or severally slowing them down.

References Antigaugaming.gov (2009) Physical & environmental security retrieved October 8, 2012 from: http://www.antiguagaming.gov.ag/files/G010_Physical_Environmental_Security.pdf privacy.med.miami.edu (2006) Privacy/data Protection Project retrieved October 8, 2012 from: http://privacy.med.miami.edu/glossary/xd_confidentiality_integrity_availability.htm Microsoft.com (2011) Security Functions of Cryptography retrieved August 31 2012 from: http://technet.microsoft.com/en-us/library/cc961634.aspx Wiley.com (n.d.) Cryptography basics retrieved august 31 2012 from: http://media.wiley.com/product_data/excerpt/94/07645487/0764548794.pdf Reading room sans (2001) Understanding intrusion detection systems retrieved September 14, 2012 from: http://www.sans.org/reading_room/whitepapers/detection/understanding-intrusiondetection-systems_337 Massacci F, Koshutanski H (2002) An Access Control Framework for Business Processes for Web Services retrieved September 14, 2012 from http://www.koshutanski.net/Publications/kosh-mass-03-XMLSec.pdf