14- Assignment

profileColin Horn
Lesson14.pdf
Home>Information Systems homework help>14- Assignment

1

ISOL 634 Physical Security

Lesson 14 - CIA Triad, High Level Review and Incident Topics

2

Information Security Triad

Information Security

Least Privilege Need to Know Access Controls

Confidentiality

Checksums

Parity Bits

Digital Signatures

Hashes

Separation of Duties RAID Levels

High Availability

Backups

Clustering

Remote Sites

Succession Planning

Dual Control

3

High-Level Review

• Threats to physical security include:

– Interruption of services (Availability)

– Theft (Confidentiality and Availability)

– Physical damage (Availability and Integrity)

– Unauthorized disclosure (Confidentiality)

– Loss of system integrity (Integrity)

4

High-Level Review

• Threats fall into many categories: – Natural environmental threats (e.g., floods, fire)

– Supply system threats (e.g., power outages, communication interruptions)

– Manmade threats (e.g., explosions, disgruntled employees, fraud)

– Politically motivated threats (e.g., strikes, riots, civil disobedience)

5

High-Level Review • Primary consideration in physical security is

that nothing should impede “life safety goals.” – Ex.: Don’t lock the only fire exit door from the

outside

• “Safety:” Deals with the protection of life and assets against fire, natural disasters, and devastating accidents

• “Security:” Addresses vandalism, theft, and attacks by individuals

6

High-Level Review

• Physical security, like general information security, should be based on a layered defense model (defense/security in depth)

• Layers are implemented at the perimeter and moving toward an asset (most valued assets in the center with layers of security)

• Layers include: Deterrence, Delaying, Detection, Assessment, Response

7

High-Level Review • A physical security program must address:

– Crime and disruption protection through deterrence (fences, security guards, warning signs, etc.)

– Reduction of damages through the use of delaying mechanisms (e.g., locks, security personnel, etc.)

– Crime or disruption detection (e.g., smoke detectors, motion detectors, CCTV, etc.)

– Incident assessment through response to incidents and determination of damage levels

– Response procedures (fire suppression mechanisms, emergency response processes, etc.)

8

The Incident Scene

• The incident scene is the environment where potential evidence may exist

• The principles of criminalistics apply in both cases:

Identify the scene Protect the

environment

Identify evidence and potential

sources of evidence

Collect evidence Minimize the

degree of contamination

9

Live Evidence (hard to protect)

Data that is dynamic and exists in processes that disappear in a relatively

short timeframe once the system is powered down

10

Locard’s Exchange Principle

When a crime is committed, the

perpetrators leave something behind and

take something with them

11

General Guidelines

All general forensic and procedural principles must

be applied

Seizing digital evidence must not alter the evidence

Any person accessing original digital evidence

must be trained

All activity relating to seizure, access, storage, or transfer of digital evidence must be fully documented, preserved, and available for

review

While an individual is in possession of digital

evidence, he or she is responsible for all actions

Any agency responsible for seizing, accessing, storing,

or transferring digital evidence is responsible for

compliance with these principles

12

Policy, Roles, and Responsibilities

A solid foundation of knowledge and

policy

A properly trained response team

Core areas must be represented

13

Chain of Custody

Tracks evidence handling

A formal, well- documented process must be followed -

no exceptions

14

Interviewing

Investigators must keep in mind concerns, such as:

– Due process

– The rights of the individual being questioned

– Considerations unique to the organization or jurisdiction

15

Reporting and Documenting

One of the most important, yet overlooked, phases is

the debriefing and feedback phase (Information Security

Team (IST) comes back together)

16

Digital Forensics

Be authentic

Be accurate

Be complete

Be convincing

Be admissible

17

• Use this time to prepare for the Final Exam

Assignment