Information Technology Reference
In-Depth Information
consideration of IA services and IA
mechanisms in light of the operational
objectives they will fulfill.
To
anticipate
is to give advance
thought to and foresee certain situa-
tions, actions, and needs. IA services
that support this phase of the IA ops
cycle include risk analysis, threat analy-
sis, vulnerability assessment, business
impact assessment, compliance assess-
ment, and compliance audit.
To
defend
is to protect, to safeguard.
IA defense includes deterrence, preemp-
tion, prevention, and mitigation. The
IA philosophy of defense in depth adds defenses at various operational layers to
force an attacker to overcome many obstacles to reach an objective. Each obstacle
to overcome requires additional time and expense on the part of the attacker. IA
defense mechanisms include firewalls, intrusion prevention systems, anti-malware,
and user validation. User validation may include something the user knows (pass-
word), something he has (token or radio frequency identification [RFID] card),
something he is (a biometric like a fingerprint), or something he does (signature
profile). An IA defense service includes security awareness, training, and education;
an aware and educated workforce is a more secure workforce.
To
monitor
is to watch over and look for certain conditions. IA monitoring
means watching over the physical environment and information technology envi-
ronment in search of anomalies or emerging patterns of irregular behavior. IA
monitoring includes anomaly detection both in real-time and in batch processing
of logs and audit trails. Monitoring is both an automated and manual process. The
most effective monitoring resource is the organization's employees. An effective
security program raises awareness of what constitutes anomalous behavior and pro-
vides a method to report observations of suspicious activity.
To
respond
is to act with forethought as a result of a stimulus. IA
2
differentiates
response from reaction by recognizing that response requires planning, while reac-
tion tends to be instantaneous and reflexive. IA responses include problem report-
ing, triage, escalation, investigation, isolation, treatment, root cause analysis, and
procedural review and modification. IA response services include computer secu-
rity incident response teams (CSIRTs), subject matter expert (SME) teams (e.g.,
isolate and treat viruses), and digital forensics specialists.
Figure 2.6 expands on the details of the IA operations cycle.
Producing effective IA operations requires methodical implementation and
traceability from operations back to business drivers. Aligning operations with
Figure 2.5
iA operations cycle (iA
ops cycle).
An audit focuses on more detail than an assessment.
