Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
NIRMALA
UNIT-7
Incident Preparation:
Incidents move fast, so a comprehensive preparation phase is critical. Preparation, as
defined by NIST, involves implementing the right tools and setting up the right processes
ahead of an incident occurring. Important steps in this phase include identifying your
“crown jewels”—the assets that must be protected at all costs—and Analyzing data from
previous incidents to guide your planning.
D3 comes equipped with industry-standard playbooks, so you can be sure that your
procedures are set up for a strong response. Our dynamic playbook editor enables you to use
experience from previous incidents to tailor the playbooks to your exact needs. Setting up
communications plans is another important part of preparation, which D3 supports with
automated notifications, scheduled reporting, and an internal communications platform.
In this model, information and assets are assessed for confidentiality, integrity and
availability needs. Defences are tuned to provide the level of protection appropriate to the
value of the information and the risk appetite of the company.
The basis is strategic military principles of taking the fight to the enemy. Honeypots and
(digital) tar traps can be set up to attract, slow down, or funnel attackers to certain parts of a
defended but valueless network. This can help identify and act against zero-day exploits, by
hindering the attacker, and then assist in identifying the attack vector so it can be addressed.
Proactive intelligence will strengthen defences and increase resilience against the effects of
Advanced Persistent Threats (APT) and ensure the smallest possible attack surface for zero-
day attacks. The latter allows faster detection of attacks and identification of remediation
activities. Enhanced and detailed information can then be extracted and passed to the
relevant authorities.
Clearly, staying one step ahead in potential attack vectors can make the defining difference.
Thus, research and development is at the heart of this dynamic approach. But proactive cyber
security posture does not render current firewall and safeguard infrastructure pointless.
The proactive posture is most productively implemented in conjunction with the ‘traditional’
defences. It builds on the active to turn the enterprise from a perimeter and defence in-depth
approach to one that combines data centricity with intelligence. This in turn allows firms to
predict adverse security events before they occur and take proactive defence measures.
To work effectively, this strategy demands long-term commitment. This is a challenge, given
limited resources and shortage of appropriately skilled workers. (Although, over time, these
obstacles will likely reduce.) But for big institutions safeguarding substantial, valuable and
continuously growing data sets, the prospect of proactive - and much more effective – cyber
security is increasingly attractive.
Dr.G.NIRMALA
CIA-Triangle:
A simple but widely-applicable security model is the CIA triad stands for:
Confidentiality
Integrity
Availability
These are the three key principles which should be guaranteed in any kind of secure
system.
This principle is applicable across the whole subject of security Analysis, from access
to a user’s internet history to security of encrypted data across the internet.
CONFIDENTIALITY:
Confidentiality is the security principle that controls access to information. It is designed to
ensure the wrong people cannot gain access to sensitive information while ensuring the right
people can access it.
Access to information must be restricted only to those who are authorized to view the
required data. Data can be categorized according to the type and severity of damage that
could happen to it should it fall into unauthorized hands. According to these categories, strict
measures can then be implemented.
Protecting confidentiality may also include special training for those who share sensitive
data, including familiarizing authorized users with security risk factors and teaching them
how to guard vulnerable data assets.
In addition to training, strong passwords and password-related best practices must be used as
well as information about social engineering attacks to prevent them from unwittingly
avoiding proper data-handling rules and potentially causing disastrous results.
An example of a method used to ensure confidentiality is the use of data encryption. Two-
factor authentication is now becoming the norm for authenticating users to access sensitive
data, while user IDs and passwords should be considered standard practice.
Other methods include biometric verification, security tokens, and digital certificates. Users
should also be cautious to reduce the number of places where the information appears and
where sensitive data is transmitted in order to complete a transaction.
Dr.G.NIRMALA
INTEGRITY:
The second component of the triad, integrity assures the sensitive data is trustworthy and
accurate. Consistency, accuracy, and trustworthiness of data should be maintained over its
life cycle. Sensitive data should not be altered in transit, and security measures, such as file
permissions and user access controls, should be taken to make sure that it cannot be modified
by unauthorized users.
In addition, version control should be used to prevent unintentional changes and deletions
from authorized users from becoming a problem. Other measures should also be taken to
detect data changes that might occur due to a non-human-caused event, such as a server crash
or an environmental failure. Sensitive data should also include cryptographic checksums for
verification of integrity. In addition, backups or redundancy plans should be planned and
implemented to restore any affected data in case of an integrity failure or security breach in
order to restore data back to its correct state.
AVAILABILITY:
Availability is the guarantee of reliable and constant access to your sensitive data by
authorized people. It is best guaranteed by properly maintaining all hardware and software
necessary to ensure the availability of sensitive data. It’s also important to keep up with
system upgrades. Providing adequate communication throughput and preventing bottleneck
helps as well. Redundancy, failover, RAID, and clustering are important measures that should
be considered to avoid serious availability problems.
A quick, adaptive disaster recovery plan is crucial for the worst-case scenarios, which will
depend on the successful execution of a full disaster recovery plan.
Safeguards against interruptions in connections and data loss should consider unpredictable
events such as a fire or a natural disaster. To prevent data loss, backup should be located in a
geographically separate location, and in a fireproof, waterproof vault.
To prevent downtime due to malicious attacks such as denial-of-service DOS attacks and
network intrusions, extra software and security equipment should be used as well.