Lecture homepage: http://enos.itcollege.ee/~valdo/turve/
Safeguards can be divided into 3 classes:
- Preventive safeguards - Prevent security incidents from happening. The main line of defense.
- - Minimize vulnerabilities and risk probabilities
- - Prevent attacks
- - Decrease the ripple effects of a security incident to other IT assets
- Identifying safeguards - Tell us that a security incident has occurred so we can take suitable action.
- Reconstructive safeguards - We need to restore the environment before the security incident occurred. For example, if the firewall was disabled, it needs to be re-enabled ASAP. The more important the object, the more attention should be given to reconstructive safeguards. Methods:
- - Backup
- - Renovation
- - Replacement
- Avoiding the incident
- Identify the incident
- - Operative Identification: If the incident happens, we immediately want to be notified and take immediate action. Example: fire alarm.
- - Post Identification: If operative identification is not possible, we want the get the information as soon as possible. Log files and passive alerts (e-mails by crontab).
- - Evidence Based Identification: Security elements added to IT assets to check integrity/confidentiality.
Examples: Signatures on paper documents, checksums on files
- * Proving the incident happened (later)
Classification of Safeguards by IT Assets
- Physical assets
- Information / data
- Ability to reproduce a product/service
- Intangible aspects
Components of organizational safeguards
- Activities that someone must do
- Activities that are prohibited for certain persons
- Sanctions for doing something prohibited
- Sanctions for not doing something that must be done