Question

Accreditation is the evaluation of the security controls of an IT system to establish the extent to which a particular design and implementation meets a set of specified security requirements. The risk management strategy used for A&A is depicted in the document, Risk Management Framework. Select ONE of the six steps of the framework illustrated in the Risk Management Framework.

In at least 250 words, discuss the following:

1. Identify the step and associated government document.
2. Discuss the importance of the step in the overall framework.
3. What are the consequences if the step is not included in the risk management life-cycle.

Answer 1

As the years are passing by, security is growing as one of the most effective fields in the history of computers. There is a need of getting each one of the things secured with the help of internet security with ethical actions. There are many things happening on the web and promising the safety without taking any tough measures is one of the impossible tasks nowadays. Hence, companies and individuals have moved to the security tools and technologies to keep their information safe while connected to the internet.

Risk Assessment & Threat Vulnerability:

Nowadays, companies have moved on to the Agile or Rapid Application Development SDLC(Software Development Life Cycle) which has been resulting in reducing the development timeframe. Now, starting with the risk assessment, here we go,

1. Collecting Information:
   • The collection of the information is one of the major parts that plays in the security of the organization. The URL of the target must be accessible to gain information.
   • Information caught in wrong hands can turn out to be chaos for any organization. Hence, information must always be safeguarded with levels of security.
2. Risk Profiling:
   • Checking the website for each and every type of risks/threats is a very important task and must be carried on with each and every module of the organization's availability in the internet space.
   • There must be things carried out like:
     • Automated threat scanning
     • Penetration Testing
     • Black Box testing of the source codes
     • Assigning Risk Ratings to the Security Flaws
     • Reporting to higher Authorities
3. Updating Technology:
   • In the current world scenario, it has become very important to update the technologies that are been actively used and must be balanced accordingly.
   • The use of older versions will come with a bunch of vulnerabilities and threats along with the destruction of certain aspects of the organization.
4. Application Fingerprinting:
   • In an organization, there are certain things that must be checked for the known vulnerabilities and exposures. If there, one must always keep it the priority to overcome certain threats in order to run the organization smoothly.
   • The application fingerprinting consists of different levels of assessment. Here are some of the different scopes:
     • Defining Objectives
     • Devising Strategy to overcome threats
     • Role Based Access Control Matrix
     • Choosing Appropriate Security Tools

Everyone must keep in mind that being safe on the internet is an integral part of virtual life and must carry on managing the security each time there is any interference of threats or vulnerability. One must also stay updated if using any third party application as there are many zero-day fixes coming in the applications which help us to stay immune to malware and viruses that have affected the software in the past time.

Actions For Effective Risk Management Capabilities:

The actions that one must take in order to make the risk management effectiveness and up to the mark in management capabilities are as follows:

• Preparing:
  • One must always prepare for the risks and also keep the systems checked for the vulnerabilities.
  • The best approach is to plan and make changes to the system as soon as the updates are launched to the particular system.
  • The planning must work accordingly so that the risks are being minified at the user's end.
• Verifying & Eliciting:
  • Verifying each & every potential risk in the system and if found critical then eliciting the risk will ensure that the risks are eliminated properly.
  • The elimination of the risks is also being done on a certain level so that there are no further risks remaining in the system to check.
• Analyzing gaps & Evaluating:
  • Analyzing for risks is the major activities that must be taken on the developing end because if a risk is analyzed in the earlier stage it is less destructive for the system.
  • Evaluating the level of the risks also become important for the users so as to make the risks less effective on the systems.

Hence, these are the actions that could lead to the development of effective risk management capabilities.

Guidelines For Security Policies:

For the security policies, there are certain things to be always taken into consideration, we will discuss all of them as we dive in deep. So here we go,

1. Knowing The Risks:
   • It is the most important part while creating security policies to know what risks are there in the system.
   • How the information is been manipulated by the client as well as the server end. Hence, making the process more secure as data is the part for which security is always compromised.
2. Knowing The Wrongs Done By Others:
   • Knowing that the organizations who have been gone through the certain risks which reside in your system. Learning from the mistakes made by others is always a most effective way of setting guidelines.
   • The guidelines to the security policy consist of the most probable wrong things that each and every organization with similar risks are been doing.
3. Keeping Legal requirements in mind:
   • Many times organizations completely forget about the legal requirements that are been required by the officials.
   • Hence, keeping the legal jurisdictions, data holdings and the location in which you reside is also most important.
   • Recently, this has been the case with Facebook's most controversial data theft.
4. Setting level of security:
   • The level of the security that is been planned must always be kept in mind with the level of risks that are been residing in the system.
   • Excessive security in the system can also cause hindrance to the smooth business operations and hence, overprotecting oneself can also be a cause to the problem.
5. Training Employees Accordingly:
   • The training of the employees in the certain part of the security is also a major part of the security policy as the employees are the one who makes mistake.
   • So, if one trains their employee in such an order that they minimize the mistakes that are been made it will become great for the system.

Hence, these are the guidelines for creating an effective and functional security policy.

Use of Forensic Tools(Technical Controls):

• The network analysis is one of the most important parts of digital forensics which is being used by the investigators for the process of reconstructing the network activity which will be carried on by them in a particular period of time.
• They are mostly used for reconstructing the sequence of the events that took place in a time interval when the security incident happened. There are several tools which help in the process which will be managed for getting possible running outputs. Some of the tools are listed below:
  • Intrusion Detection System(IDS)which offers a security-based perspective to the network activities. They help in monitoring the network for certain suspicious traffics in the network.
  • Packet Capturing Tools also allows us to record every bit of the packets which are been traveling through the network. There is a lot of data generated by these tools. Hence, they are only used for a short period of time when these tools are needed in a short period of time.
  • Network Flow Data Collectors allows us to record data from each connection which will be passing through most of the monitored devices. These data include the source, destination, and volume of the data that is been passed.
• The personnel required for doing such investigation must be having good forensic investigating techniques and as far as certifications matter they must be at least a Certified Forensic Examiner from any renowned institution such as GIAC, EC, IACIS, etc.
• Yes, it is a tedious task to analyze network traffic for sure. As there are a variety of attacks on a network. Some of them are as follows:

• DoS attacks
• Malware Attacks
• Phishing Attacks
• Spam & Bot Attacks
• Zero Day Attacks
• UDP Flooding Attacks
• Port Scanning Attacks

• Hence, each type of attacks has different types of cure and also requires a unique type of network analyzing as there is the transmission of many packets in the network which will become tough when it comes to monitoring the network.
• The data integrity of the network is also been compromised and as in networking, there is a lot of data captured which will result in generating an ample amount of data becoming tough to keep track of.
• As we all know data transmission in the networks is a faster process and keeping the track of the data when it is transferring in such a way that we can even say every single event becomes tougher without tools.
• Data extraction process when done manually can consists of loss of data and even errors in the data. To overcome such errors it is best to use tools and make the forensic research a success.

Hence, these are the reason why we use forensic tools rather than doing it manually.

Thus, these are some of the many facets of an information security program.