Home / All Blog News>Privacy Statement: Prevention, Detection and Response

Privacy Statement: Prevention, Detection and Response

Posted by        0 Comments
Privacy Statement: Prevention, Detection and Response

Information security is a process that goes through stages of building and consolidating security for a long time. The security process is difficult to determine the purpose to reach the absolute. In other words, the security process has no destination, the security of a system must be carried out regularly and continuously. Although the information security process has many plans and actions, we can group them into three phases prevent detect , and deal

Each stage requires plans and actions to move the stage to the next step. The development of new types of attacks, the emergence of new security vulnerabilities, requires time-tuning as well as methods in the prevention, detection and response processes. In some cases, a change in a single stage will affect the whole process. Lessons learned during the countermeasures will be presented while planning preventative and configuring protection.

As mentioned, information security is a process, a cycle of constant changes in perceptions and vulnerabilities. In order to carry out the process well, the plan must be implemented one step ahead of the consultant's plan or at least with the plan of the consultant. To do this, each stage must be guaranteed designed with a full capability and supervisory management.

The ultimate goal of the information security process is to protect three properties of information:

  • Confidentiality - Information is only viewed by competent persons. The reason for keeping the information confidential is because it is the product owned by the organization and sometimes it is the information of the organization's customers. This information should be kept confidential or in accordance with the terms between the organization and the customer of the organization.

  • Integrity & nbsp; - Information must not be damaged, degraded, or changed. Information needs to be dealt with to avoid accidental or deliberate change.

  • Availability - Information must always be kept in a state of readiness for the competent person when they need it.

There are several types of attacks that damage the system without affecting any of the attributes listed above. An attack on confidentiality will reveal unauthorized access. An attack on integrity will destroy or damage the information and a readiness attack will break or cause a denial of service. Information security protects these attributes by:

  • Protect confidentiality.
  • Guaranteed integrity.
  • Maintain & nbsp; ready.

An organization that wants to succeed in protecting the above attributes of information needs to have a proper plan. Having a proper plan before an accident minimizes the risk of the attack and minimizes the time it takes for detection and response if an attack occurs. Let's go back to testing each stage of the prevention, detection, and coun- try process, illustrating each individual process and how they relate to each other.

Prevention

Information security professionals must continually improve their capabilities by working faster, not harder. This is a better way to prevent deterrence, then catch up and keep abreast. Preventing an accident requires careful analysis and must be planned.

Information is a valuable asset that requires protection commensurate with its value. Measurement of the level of protection must be made to protect information from unauthorized alteration, damage, or exposure in the event of an accident or intentional act. During the protection phase, the information security policy, control and process will be designed and implemented. Information security policies, security awareness programs, and access control procedures are all interrelated and need to be developed early. Information security policy is the foundation for all that is built.

Information security policy

The first object in the development of a protection plan is to identify what needs to be protected and document this information in a common policy. The policy must determine the responsibilities of the organization, the individuals and the manager. This policy also sets out the responsibilities for implementation, disciplinary action, security review and review. In addition, the policy must be clear, concise, coherent and consistent. If it is not clearly understood, the policy will be poorly enforced and valid, and inspection and review will be ineffective. Each time a manager confirms approval of a complete policy, the organization needs to be fully aware of the requirements of the policy.

Security awareness

Security awareness is a process of educating employees about the importance of security, how to use security measurement tools, reporting procedures for security breaches, and common responsibilities. of employees when implementing information security policy. Security awareness should be used for this purpose. The action plan will continue the process of maintaining a level of awareness for all human beings. The program should be designed for dissemination to the entire organization as well as a separate training focus. The program will emphasize the workforce and the importance of the participants. To motivate individuals, a process of recognition will be made to compliment or reward employees for good security education.

Thing Control the access process

Access is the way in which users use information systems to exploit information. Of course, all users can not access all the information systems and information in them. Access will be blocked and denied based on the underlying identifiers. In order to manage this access the system forms the account using the authentication and authentication methods to ensure rules in identifiers and authentication to limit access to resources.

  • Identification Identification ) - identifier is a unique identifier. That's what a user (user, client, application software, hardware, network) uses to distinguish it from other objects. A user identifies who he / she is. Identifiers created for users are not allowed to be shared with any other user or group of users. The user uses the identifier to access the allowed resource.
  • Authentication Authentication is the process of validating a user's identity. When a user presents his or her identity, the user's access and identity must be authenticated. Authentication ensures a level of trust by three factors including:

What you know - Password is the most frequently used way. However, from a secret phrase and PIN number is also used. They are known as single factor authentication or authentication.

What you have - This authentication element uses what you have, such as an identity card, smartcard, etc. Each item requires the user to own something to authenticate. This is a more reliable way of requiring two factors, such as what you know and what you have to do. This type of authentication is known as two-factor authentication or multi-level authentication.

What you represent - The best authentication element is what you represent. These are specific body characteristics such as fingerprints, retina, or DNA. The measurement of these factors is called biometrics. This best authentication process requires three factors. Machine tools or applications with high security will use three factors to authenticate a user.

  • Accuracy - Authentication is a process that allows the user to identify authenticated use of certain resources. Access to resources is governed by rules of decentralization that allow for better control of user operations. Permissions are distributed on a principle of minimum number of permissions. The less permissions there are, the fewer the requirements for performing the task / task, and the authority should not extend the right to the minimum required time to complete the task. This restricts access to, form new daily tasks & amp; bsp; and reduce accountability.

    Whenever an organization adopts a policy, it should create a cognitive environment and implement access control processes, which must implement the identified detection and response planning strategies. It is the task of a pioneering organization to prepare for an attack or a disaster rather than responding to threats that are not properly assessed.

    The process of detecting danger or danger of using resources is more than warning. In spite of this, responding to an accident uses more resources than identifying hazards. A successful organization must understand what needs to be prevented, discovered, and each alert must know how to optimize the resource balance used for malicious response. With both times, time is a core issue.

    Detect

    Detecting the threat to the system is a very important issue. With the ever-increasing threat, no matter how well the system is protected, it is still at risk and requires higher skills. There is no "perfect" security solution based on incomplete information. A layer of protection is applied so that whenever a layer breaks, it will be known and will be alerted. The most important factor in this measure is the timely detection and alertness of danger. Intrusion Detection System (IDS) is used for this purpose.

    IDS has the ability to control the operation of the system and notify the responsible person when the activity requires authentication. The system can detect attack traces, file changes, configuration and other system activity. To protect the system, the whole system needs to be monitored. Tools to detect unauthorized computer intruders will be located in a reasonable place on the network and on the application layer. However, controlling a network or servers that are busy is not an easy task. This detection tool must be able to distinguish the difference between a normal activity and a harmful activity. This tends to be an art rather than a science. IDS must be modified or "transformed" as required so IDS can work with a specific network or server. This adjustment process recognizes a known threat, type of invasion, method and process of infiltration.

    As mentioned above, discovering computer intrusion is more important than an alert. Although it is a dynamic warning, the warning is like a brain. Try to visualize a fire alarm that detects fires, distinguishes between fires, shows the origin and the path, alerts the staff in the building and fire departments. Intelligently report to the fire station in advance so that they promptly deal. All of the above and the ability to distinguish normal actions such as cooking fires. Configuring the system to detect unauthorized intrusion is just like a tool. A warning will be intelligently controlled as a brain.

    Whenever the IDS is properly configured and placed in a reasonable place, the problem is just the time before the alert is called and the message is sent. So what? Without a documented coping plan, you are completely passive and bewildered.

    Response

    For the detection process to be valid, there must be a timely response. Responding to an accident should be well planned. Making a major decision or developing a policy while under attack is a method of dealing with disasters. Many organizations have spent a tremendous amount of money and a lot of time dealing with disasters such as storms, earthquakes, fires and floods. But in reality, the risk is greater when a computer security threat occurs compared to one of the disasters above. Equipment that is not efficient enough and resources will lead to the need to deal with computer security threats.

    Coping plans must be written and approved by appropriate leadership. The plan should clarify the priority of each type of event and require an appropriate level of alert and response for each event / hazard priority. A computer security severity (CSIRT) team will be formed with a specific role and responsibility defined. These roles should be assigned to qualified members of the organization. Group managers are assigned and assigned responsibility for explaining hazards, combining group activities, and reporting to higher levels of management.

    There are two dangers and how the philosophy of danger appears. An organization often wants to remove unauthorized connections, eliminating the root cause of the disaster and restoring the system. This approach is more feasible when performing tasks with more efficient machines and time to recover properly. Another method is to track and arrest the vandal. Managers must consider each solution on a case by case basis and deal with it in practice. When the decision-making body takes a measure, the theory of coping must be documented in the response plan. Implementers will be assigned tasks that match their skills.

    After the accident has been clarified and the notice is sent to those who deal with the accident, the accident must be re-zoned, the fault and the "clean" system restored. Each process requires a special skill and plays a particularly important role in dealing with hazards. Previous analyzes and reports, however, are one of the most important steps towards solid protection throughout the information security cycle. This step is especially important for learning lessons. By providing examples of who, what, where, why, and when questions and answers are valuable, an organization can incorporate lessons learned in each process. security.

    Development cycle

    To dissipate internal and external attacks, the security organization must be properly prepared. As noted, the security process has no destination. It is a dynamic process requiring management skills and flexibility. Disciplined management of detection, protection and response processes requires continuous improvement. Provide broad support and cover the most important points of the strategy.