Question

Question 1

Describe the roles of change management, security enforcement, accountability, monitoring, and auditing for a successful security operations management. Provide real-world examples.

Question 2

List and describe common technical and regulatory steps of a forensic investigation from beginning to the end.

Answer 1

1. Roles can be understood as follows:

Change management:

This is the core of security operations and all other strategies that go with it. Change management deals with firewall changes, rules and regulations, updating them and editing them when needed. It also deals with modifications of configuration of the systems. This helps in ensuring that security operations are being executed in collaboration.

For example, if there is a need for warehouse distribution, the organization will have to create placement for the current situation and make sure that new distribution is secure.

Security enforcement:

It makes sure that networks and servers along with databases and applications are not compromised. It deals with incidents related to security and other analysis activities.

For example, in case of computer breach, the enforcement team will make sure that all the systems are shut down and the network doesn't accept any data from the outside.

Accountability:

This is a very significant part of security operations. The teams working with the operations should know certain roles and responsibilities that make sure that security is assured. They should also be aware of the guidelines and expectations from the systems.  

For example, while deciding for a new network infrastructure for the organization, it is essential that everyone understands their roles and who to contact in case of emergency.

Monitoring:

Regular monitoring helps keep the posture of security operations in check. It not only helps in detecting the threats but also fixing them and preventing them from further occuring in the future.

For example, in an organization where there are supply chains, monitoring will help in understanding if the solutions are delivered to the clients on time.

Auditing:

Auditing, if defined properly, can help understand the potential threats. It also helps in assessing the performance of security operations. The risks can be identified and prioritized.

For example, in financial organizations, external auditing is also critical because there is a need for ways to ensure that internal regulations are met.

2. Three main Forensic investigation steps:

Identification:

There are different types of investigations in forensics. It is important to identify the type and purpose. Based on the goal of investigation, the resources are identified. There can be memory related resources, screen related, and so on.

Preservation:

Once the resource and type is identified, the data is extracted from the resource. It is ensured that it is kept separately and isolated from other outside influences. It is secured in a protected way and preserved for further analysis.

Analysis:

Analysis would mean that data is analysed by identifying the tools and strategies to be used. It also includes processing data and getting some output. The results or output is again analysed and interpreted.

Documentation:

The results of analysis are documented along with the camera shots. Sometimes sketches are made and mapped to the original devices. Photographs of subcomponents are taken as well.

Presentation:

Once documentation is done, a summary is prepared and it is presented in understandable form with facts.