Information Technology Reference
In-Depth Information
may alert via audio, page, cell phone call, or e-mail, or initiate a trouble ticket with
a local help desk.
The mechanics of network management also include voice and data traffic man-
agement. Careful planning of voice networking may vastly reduce long-distance and
local per-call access charges. Although worth a bit of planning, overcomplicating
voice management has diminishing returns in an environment of $.02 per minute
long-distance charges. Data traffic management includes ensuring quality of service
(QoS) for streaming traffic (e.g., voice and video) and traffic shaping to handle traffic
between disparate bandwidth links (e.g., T1 pipe encountering a 256K bottleneck).
SOC mechanics include the IA infrastructure (firewalls, etc.) and application
of IA philosophies like defense-in-depth. Additionally, SOC mechanics include a
watch-the-watcher configuration to monitor IA infrastructure operations. The fire-
wall may watch Internet traffic; the meta-view of the firewall watches the firewall
to ensure proper functionality.
8.9.1.3 Network Management and IA
2
IA must be integrated with existing business and technical operations, including
network management. IA training prepares NOC personnel to be aware that opera-
tional anomalies may be infrastructure problems or may be symptoms of an attack.
For instance, NOC must be able to determine whether 100 percent CPU utilization
on a server is a runaway application or an attack signature. From a denial-of-service
perspective, the end is the same. However, the response activity is significantly dif-
ferent. An extension of the NOC is the security operating center (SOC). Whereas
NOC personnel keep an eye on network infrastructure, the SOC personnel keep
an eye on the IA infrastructure, ensuring proper operations of firewall, VPN, IDS,
and AV. They are accountable for patch management and IA updates like the latest
AV virus signature files.
8.9.2
Operations Security Management
Operations are the support, control, monitoring, and maintenance of information,
information technology, physical infrastructure, and personnel that support the
organizational mission. Operations security is the assurance these aspects function
in compliance with organizational policy and within defined safety parameters.
Operational concerns include cyber, physical, and personnel.
To achieve a good baseline of operational security, consider the following:
n
−
−
−
Continuity management
Continuity of operations
Disaster recovery
Backup and recovery, backup media rotation and off-site storage
