Information Technology Reference
In-Depth Information
n
−
−
Identity and privilege management
Authentication and authorization management
Access control; cyber, physical, badging, identity management; privilege
management; visitor management, including monitoring, logging, foren-
sic data analysis, enforcement, and interdiction
Access to production data, applications, operations center
Operational impact managment
Scheduling off-hours activity; principle of least-impact or no-impact
changes
Configuration management
New COTS/GOTS (government off-the-shelf software); staging devel-
opment to production
Risk management, back-out/recovery plans
Production management
Monitoring resources, systems, infrastructure; service level agreements
(SLAs)
Logging, log management, log review, activity reconstruction
Patch management
−
n
−
n
−
−
n
−
−
−
An IA architectural principle is:
security is an intrinsic element of service delivery
and is everyone's business
. Approaching security throughout the SDLC and ELCM
ensures the IA architect considers security at every step. The budget may not allow
for all security measures, but conscious risk acceptance is better than a big, expen-
sive, after-the-fact surprise. The rules in Table 8.3 provide good security guidelines
and may provide key elements of a security awareness program.
8.10 Computer Security incident
response team (CSirt)
An incident response team (IRT) responds to organizational security events; a com-
puter security incident response team (CSIRT) responds to organizational computer
security events. The CSIRT resides within the operations group, likely as a subset of
security operations. Figure 8.8 shows CSIRT as an elaboration of the IA operations
cycle
respond
phase, an operational construct under the security operations aspect of
enterprise operations management (EOM). EOM includes network operations, secu-
rity operations, system operations, and management operations. A comprehensive
EOM monitors cyber, physical, and personnel security and includes consolidated log
management, aggregate log analysis, and aggregate intelligence analysis.
An effective CSIRT infrastructure includes security incident management:
technology, process, and personnel (Figure 8.9). Moreover, effective CSIRT also
requires a meta-view of CSIRT activities that provides analysis of effectiveness,
