Главная Обратная связь


Process activities, methods and techniques. The purpose of the ISM process is to ensure that the security aspects with regard to services and all Service Management activities are appropriately managed

The purpose of the ISM process is to ensure that the security aspects with regard to services and all Service Management activities are appropriately managed and controlled in line with business needs and risks:

The key activities within the ISM process are:

  • Production, review and revision of an overall Information Security Policy and a set of supporting specific policies
  • Communication, implementation and enforcement of the security policies
  • Assessment and classification of all information assets and documentation
  • Implementation, review, revision and improvement of a set of security controls and risk assessment and responses
  • Monitoring and management of all security breaches and major security incidents
  • Analysis, reporting and reduction of the volumes and impact of security breaches and incidents
  • Schedule and completion of security reviews, audits and penetration tests.

The interactions between these key activities are illustrated in Figure 4.27.

Figure 4.27 IT Security Management process

The developed Information Security Management processes, together with the methods, tools and techniques, constitute the security strategy. The security manager should ensure that technologies, products and services are in place and that the overall policy is developed and well published. The security manager is also responsible for security architecture, authentication, authorization, administration and recovery.

The security strategy also needs to consider how it will embed good security practices into every area of the business. Training and awareness are vital in the overall strategy, as security is often weakest at the end-user stage. It is here, as well, that there is a need to develop methods and processes that enable the policies and standards to be more easily followed and implemented.

Resources need to be assigned to track developments in these enabling technologies and the products they support. For example, privacy continues to be important and, increasingly, the focus of government regulation, making privacy compliance technologies an important enabling technology. Security controls

The Information Security Manager must understand that security is not a step in the lifecycle of services and systems and that security cannot be solved through technology. Rather, information security must be an integral part of all services and systems and is an ongoing process that needs to be continuously managed using a set of security controls, as shown in Figure 4.28.

Figure 4.28 Security controls for threats and incidents

The set of security controls should be designed to support and enforce the Information Security Policy and to minimize all recognized and identified threats. The controls will be considerably more cost-effective if included within the design of all services. This will ensure the continued protection of all existing services and that new services and access to them are in line with the policy.

Security measures can be used at a specific stage in the prevention and handling of security incidents, as illustrated in Figure 4.28. Security incidents are not solely caused by technical threats – statistics show that, for example, the large majority stem from human errors (intended or not) or procedural errors, and often have implications in other fields such as safety, legal or health.

The following stages can be identified. At the start there is a risk that a threat will materialize. A threat can be anything that disrupts the business process or has negative impact on the business. When a threat materializes, we speak of a security incident. This security incident may result in damage (to information or to assets) that has to be repaired or otherwise corrected. Suitable measures can be selected for each of these stages. The choice of measures will depend on the importance attached to the information.

  • Preventive: security measures are used to prevent a security incident from occurring. The best-known example of preventive measures is the allocation of access rights to a limited group of authorized people. The further requirements associated with this measure include the control of access rights (granting, maintenance and withdrawal of rights), authorization (identifying who is allowed access to which information and using which tools), identification and authentication (confirming who is seeking access) and access control (ensuring that only authorized personnel can gain access).
  • Reductive: further measures can be taken in advance to minimize any possible damage that may occur. These are ‘reductive’ measures. Familiar examples of reduction measures are making regular backups and the development, testing and maintenance of contingency plans.
  • Detective: if a security incident occurs, it is important to discover it as soon as possible – detection. A familiar example of this is monitoring, linked to an alert procedure. Another example is virus-checking software.
  • Repressive: measures are then used to counteract any continuation or repetition of the security incident. For example, an account or network address is temporarily blocked after numerous failed attempts to log on or the retention of a card when multiple attempts are made with a wrong PIN number.
  • Corrective: The damage is repaired as far as possible using corrective measures. For example, corrective measures include restoring the backup, or returning to a previous stable situation (roll-back, back-out). Fallback can also been seen as a corrective measure.

The documentation of all controls should be maintained to reflect accurately their operation, maintenance and their method of operation. Management of security breaches and incidents

In the case of serious security breaches or incidents, an evaluation is necessary in due course, to determine what went wrong, what caused it and how it can be prevented in the future. However, this process should not be limited to serious security incidents. All breaches of security and security incidents need to be studied in order to gain a full picture of the effectiveness of the security measures as a whole. A reporting procedure for security incidents is required to be able to evaluate the effectiveness and efficiency of the present security measures based on an insight into all security incidents. This is facilitated by the maintenance of log files and audit files and, of course, the incident records of the Service Desk function. The analysis of these statistics on security issues should lead to improvement actions focused on the reduction of the impact and volume of all security breaches and incidents, in conjunction with Problem Management.

sdamzavas.net - 2020 год. Все права принадлежат их авторам! В случае нарушение авторского права, обращайтесь по форме обратной связи...