5. Security Operations
Data Handling
Goes through a life cycle as users create, use, share, modify data
Model: create, store, use, share, archive, destroy
Process of recognizing organizational impacts if there is a compromise
Dictates rules/restrictions about how info is used, stored, shared
Keeps the value, importance of data, info from leaking
Before attacking labels: Assessments
Came from laws, regulations, contracts, business expectations
Leads to better design, implementation of processes
Logging & Monitoring Security Events
Captures signals generated by events
Events: Actions that take place in the environment that cause change user IDs, activities, dates/times, device/location identity
Event Logging Best Practices:
Ingress monitoring (inner): Surveillance of inbound traffic, access
Firewalls, gateways, remote authentication servers
IDS/IPS, SIEM
Anti-malware
Egress monitoring (outer): Regulates data leaving the environment
Email, portable media,
FTP, websites, API's: Application Programming Interfaces
Encryption
Hiding data in ways only intended recipients understand it
Protects info by keeping it secret, unintelligible and transform plaintext
Confidentiality: Messages can't be understood by anyone but intended
Integrity: Hash functions & digital signatures: Verify no alteration
Uses same key in both encryption/decryption processes
Two parties communicating need to share knowledge of key
Someone who compromises comms could intercept the key
Key distribution is difficult: MITM
Out-of-Band key distribution: Sending through a diff channel
Bulk data: Backups, HDDs, portable media
Messages traversing communications channels
Streaming large-scale, time-sensitive data
Configuration Management
Only authorized changes happen
Baseline ID of a system, interfaces, documentation
Baseline: Min level of protection used as a reference point
Common Security Policies
Appropriate use of data:
Defines if data for company use, is restricted by role, or made public
Proper classification helps comply with laws and regulations
Password Policy: Expectations of systems, users, passwords
Change Management
Request For Change: Moves through various development & test stages
Last updated