Information Security and Assurance - C725 - Chapter 9 Operation Security

Benefit of separation of duties

A primary benefit of separation of duties is that it enables one person's work to serve as a complementary check on another person's work. This implies that no single person has complete control over any transaction or process from beginning to end.

Documentation

Although it's the bane of most developers and IT professionals due to extra work involved, documentation of all aspects of computer support and operations is important to ensure continuity and consistency. Formalizing operational practices and procedures with sufficient detail helps to eliminate security lapses and oversights. It also gives new personnel sufficiently detailed instructions and provides a quality assurance function to help ensure that operations will be performed correctly and efficiently.

Question : Operations security seeks to primarily protect against which of the following?

Asset threats Operations security is primarily concerned with the processes, personnel, and technology of data center operations. It is needed to protect assets from threats during normal use.

What is an Audit and Monitoring?

Audits and monitoring are the mechanisms that permit the identification of security events, define the key elements of these events, and serve as the source of pertinent event information given to the appropriate individual, group, or process.

Which of the following is not a media viability control used to protect the feasibility of data storage media?

Clearing From a security perspective, media controls should be designed to prevent the loss of confidentiality, integrity, or availability of information, including data or software, when stored outside the system. This can include storage of information before it is input into the system and after it is output. Marking, handling, and storage can be used to protect the feasibility of data. Clearing is a method for clearing data from magnetic media.

What is Configuration and Change Management?

Configuration and change management controls are used for tracking and approving changes to a system. This process identifies, controls, and audits any changes by administrative personnel to reduce the threats or negative impacts of security violations

Change management

Configuration and change management, which is closely related to software support, tracks and, if needed, approves changes to the system. It normally addresses hardware, software, networking, documentation, and other changes, and the process can be formal or informal. The primary security goal of configuration management is ensuring that users don't cause unintentional changes to the system that could diminish security.

Marking (media controls)

Controlling media might require some form of marking or physical labeling. The labels can identify media with special handling instructions, locate needed information, or log media

Which of the following is the best way to handle obsolete magnetic tapes before disposing of them?

Degaussing the tapes

Separation of duties is one of the six key elements of a strong system of security controls:

Employing competent, trustworthy people with clear lines of authority and responsibility Having adequate separation of job and process duties Having proper procedures for authorizing transactions or changes to information Maintaining adequate documents and records Maintaining appropriate physical controls over assets and records Executing independent checks on performance

What is Fail-Secure system controls?

Fail-secure system controls preserve the state of the system before the crash and prevent further damage or unauthorized access to the system One example of this is a bank vault located in a high-security room. The trusted recovery control is the room itself, which can detect any attempt at an unauthorized entry and lock the perpetrator in an area where he cannot escape (see the discussion on mantraps in Lesson 8, "Physical Security Control").

Separation of duties is important within all security-related processes for two fundamental reasons

First, people are an integral part of every operations process Second, people have shortcomings.

When backing up an application system's data, which of the following is a key question to be answered first?

How to store backups Support, operations personnel, and sometimes users back up software and data. This is a function of contingency planning. The frequency depends on how often data changes and the importance of the changes. The backups should be stored securely and off site

What is block upgrade? (threat)

In this situation, a requestor asks for a large number of simultaneous changes during an upgrade, but because change management is impossible, it is bypassed. To prevent the threats from a block upgrade, changes should be packaged so they are readily managed and easily understood to preserve system security and integrity

Question : If a programmer is restricted from updating and modifying production software, what is this an example of?

Least privilege The principle of least privilege, a concept in computer security, provides minimal user profile privileges based on users' job necessities.

Question : Which security procedure forces collusion between two operators of different categories to have access to unauthorized data?

Limiting the specific accesses of operations personnel Separation of duties is a type of control that is part of many security processes to make sure that no single person has excessive privileges that could be used to conduct hard-to-detect fraud or steal secrets from a system. The idea is to force collusion among two or more insiders in order for them to perpetrate fraud or theft.

Logging (media controls)

Logging media supports accountability. Logs can include control numbers (or other tracking data), the times and dates of transfers, names and signatures of individuals involved, and other relevant information. Periodic spot checks or audits can be conducted to determine that no controlled items have been lost and ensure that all are in the custody of individuals named in control logs. Automated media tracking systems are helpful in maintaining inventories of media libraries.

Environmental Protection (media controls)

Magnetic media, such as CDs, DVDs, and other optical media, require environmental protection because they are sensitive to temperature, liquids, magnetism, smoke, and dust. Other media, such as paper and other storage, have different sensitivities to environmental factors.

Physical Access Protection (media controls)

Media can be stolen, destroyed, replaced with a look-alike copy, or lost. Physical access controls that limit these problems include locked doors, desks, file cabinets, and safes. If the media requires protection at all times, it may be necessary to actually output data to the media in a secure location (for example, printing to a printer in a locked room instead of to a general-purpose printer in a common area). Physical protection of media should extend to backup copies stored offsite. These offsite backup copies should generally be accorded an equivalent level of protection as media containing the same information stored onsite. Equivalent protection does not mean that the security measures need to be exactly the same: The controls at the off-site location are quite likely to be different from the controls at the regular site, but adequate controls must be present to preserve the integrity of media or systems used at off-site facilities.

Transmittal (media controls)

Media control can be transferred both within the organization and to outside elements. Possibilities for securing such transmittal include sealed and marked envelopes, authorized messenger or courier, or U.S. certified or registered mail.

Some people might still be inclined to engage in fraud, theft, or malicious activities because...

Motivation: Usually caused by some financial crisis that results from health problems, drugs, overspending, gambling, extortion, or relationship problems, for example. Justification: A sense that they have not been treated fairly, the employer owes them, or any other explanation that they use to give good reason for their actions Opportunity: Knowledge or belief that a fraud can be committed and remain undetected ("I'll never get caught") either because internal controls are not in place or are inadequate, or because they believe no one is minding the store.

Software Support

One type of control within this category is to limit what software is used on a given system. If users or systems personnel can load and execute any software on any system, these systems become more vulnerable to viruses, worms, malware, unexpected software interactions, or software that can subvert or bypass security controls. A second method of controlling software is to inspect or test software before it is loaded (for example, to determine compatibility with custom applications or identify other unforeseen interactions). This applies to new software packages, upgrades, off-the-shelf products, and custom software. In addition to controlling the loading and execution of new software, organizations should be cautious with off-the-shelf or downloaded system utilities. Some of the system utilities are designed to compromise the integrity of operating systems or breach logical access controls. Many organizations also include on their agendas a program to help ensure that software is properly licensed. For example, an organization might audit systems for illegal copies of copyrighted software. This problem is primarily associated with PCs and local area networks (LANs), but it can apply to any type of system. Another element of software support involves ensuring that software is not modified without proper authorization. This involves protecting all software and backup copies. This step is often accomplished using a combination of logical and physical access control

What is the primary concern of Operation Security?

Operations security is primarily concerned with data center operations processes, personnel, and technology, and is needed to protect assets from threats during normal use.

What is Operation Security?

Operations security is used to identify the controls over software, hardware, media, and the operators and administrators who possess elevated access privileges to any of these resources

Methods of disposing media

Overwriting is an effective method for clearing data from magnetic media. As the name implies, overwriting uses a program to write data (1s, 0s, or a combination) onto the media. Common practice is to overwrite the media three times. Overwriting should not be confused with merely deleting the pointer to a file, which typically happens when a delete command is used (as already mentioned). Degaussing involves magnetically erasing data from magnetic media. Two types of degaussers exist: strong permanent magnets and electric degaussers. The final method, and the only sure method of sanitization, is destruction of the media by shredding or burning.

Which of the following is the most secure way to dispose of information stored on optical media? This task contains the radio buttons and checkboxes for options.

Physical destruction

Which operations security control prevents unauthorized intruders from internally or externally accessing the system and lowers the amount and impact of unintentional errors that are entering the system?

Preventative controls Preventative controls reduce the frequency and impact of errors and prevent unauthorized intruders. Detective controls discover errors after they have occurred. Corrective or recovery controls help mitigate the impact of a loss. Directive controls are those designed to establish desired outcomes.

Type of Controls?

Preventative controls reduce the frequency and impact of errors and prevent unauthorized intruders. Detective controls discover errors after they've occurred. Corrective or recovery controls help mitigate the impact of a loss. Deterrent controls encourage compliance with external controls. Application-level controls minimize and detect software operational irregularities. Transaction-level controls provide control over various stages of a transaction

What is process controls?

Process controls are necessary for secure data center operations. They help ensure that the principles outlined previously are implemented in human-based process activities and software-based utilities and other data center management systems (such as backup libraries and program directories).

Separation of duties

Separation of duties is a type of control that shows up in most security processes to make certain that no single person has excessive privileges that could be used to conduct hard-to-detect business fraud or steal secrets from a government system. The idea is to force collusion among two or more insiders in order for them to perpetrate fraud or theft.

To ensure operations security, the individuals in charge of information security must keep these considerations in mind at all times:

Software support Configuration and change management Backups Media controls Documentation Maintenance Interdependencies

Interdependencies

Support and operations components coexist in most computer security controls: Personnel: Most support and operations staff have special access to the system. Some organizations conduct background checks on individuals who fill these positions, to screen out possibly untrustworthy individuals (see Lesson 4, "Governance and Risk Management"). Incident handling: Support and operations can include an organization's incident-handling staff. Even if they are separate organizations, they need to work together to recognize and respond to incidents (see Lesson 6). Contingency planning: Support and operations normally provide technical input to contingency planning and carry out the activities of making backups, updating documentation, and practicing responses to contingencies (see Lesson 6). Security awareness, training, and education: Support and operations staff should be trained in security procedures and be aware of the importance of security. In addition, they provide technical expertise needed to teach users how to secure their systems (see Lesson 4). Physical and environmental: Support and operations staff often control the immediate physical area around the computer system (see Lesson 8). Technical controls: Support and operations staff installs, maintains, and uses the technical controls. They create the user accounts, add users to access control lists, review audit logs for unusual activity, control bulk encryption over telecommunications links, and perform the countless operational tasks needed to use technical controls effectively. In addition, support and operations staff provide needed input to the selection of controls, based on their knowledge of system capabilities and operational constraints. Assurance: Support and operations staff ensures that changes to a system do not introduce security vulnerabilities by using assurance methods to evaluate or test the changes and their effect on the system. Support and operations staff normally performs operational assurance (see Lesson 5, "Security Architecture and Design").

Backups

Support and operations personnel (and sometimes users) back up software and data. This function is critical to contingency planning. The frequency of backups depends on how often data changes and the importance of those changes. Also, as a safety measure, it is useful to test the backup copies to ensure that they are actually usable. Finally, backups should be stored securely and off site. Users of smaller systems are often responsible for their own backups. However, they do not always perform backups regularly or thoroughly. In some organizations, support personnel are charged with making backups periodically for smaller systems, either automatically (through server software) or manually (by visiting each machine)

Maintenance

System maintenance requires either physical or logical access to the system. Support and operations staff, hardware or software vendors, or third-party service providers can maintain a system. Maintenance can be performed onsite, or you might have to move equipment to a repair site. Maintenance can also be performed remotely via communications connections. If someone who does not normally have access to the system performs maintenance, security vulnerability is introduced. Many computer systems and network devices provide default maintenance accounts. These special log-in accounts are normally preconfigured at the factory with preset, widely known passwords. One of the most common methods hackers use to break into systems is to go through maintenance accounts that still have factory-set or easily guessed passwords. Changing these passwords or otherwise disabling the accounts until they are needed is critica

A violation of the "separation of duties" principle arises when the security systems software is accessed by which of the following individuals?

Systems programmer An example of the separation of duties of a computer operation is when a company has one environment for the software developers, another for quality assurance testing, and a third for production, or the environment that end users access, to perform their duties. As software is deemed ready, it is promoted from environment to environment by systems and security administration personnel, not the programmer. This separation of duties prevents a programmer from launching into production software that can perpetrate fraud or cause damage to production data or resources.

Principle of least privilege

The principle of least privilege, or need to know, defines a minimum set of access rights or privileges needed to perform a specific job description. For example, a system administrator should have the necessary privileges to install server operating systems and software but should not have the role to add new users to the server.

mandatory vacation time

This prevents people from hiding illegal activities while performing their duties. (For instance, when other people take over the work while the person is on vacation, they might detect hidden activity.)

What is the main objective of separation of duties?

To ensure that no single individual can compromise a system Separation of duties is the prevention of conflict of interest, wrongful acts, fraud, abuse, and errors. Also, it is the detection of control failures that include security breaches, information theft, and circumvention of security controls.

Trusted Recovery Controls

Trusted recovery controls ensure that security is not breached when a computer system crashes

Question : Operations security requires the implementation of physical security to control which of the following?

Unauthorized personnel access Physical and environmental protection prevents unauthorized individuals from accessing media and protects against such factors as heat, cold, or harmful magnetic fields.

Block upgrade

Used to bypass change control

Integrity Verification (media control)

When electronically stored information is read into a computer system, you might need to determine whether it has been read correctly or subjected to any modification. You can verify the integrity of electronic information using error detection and correction or, if intentional modifications are a threat, cryptographic-based technologies. In addition, the integrity of backup media should be tested periodically so that no surprises arise when it's time to rely on them to restore normal operations.

Disposition (media controls)

When media is disposed of, it might be important to ensure that information is not improperly disclosed. This applies both to media that is external to a computer system (such as USB Flash drives and optical media) and to media inside a computer system, such as a hard disk. To prevent the threats from recovering information from disposed media, we turn to the technique of permanently removing information from media, called sanitization. Three techniques are commonly used for media sanitization: Overwriting Degaussing Destruction

Operations process controls

are a necessary element in the overall security of a computer installation. Because operators tend to possess privilege beyond other users, it's vital to impose controls to limit the damage they can cause and protect them from themselves.

Privileged entity controls

are given to operators and system administrators as special access to computing resources. Included are controls to ensure individual accountability for all actions taken while logged in as administrator.

Media viability controls

are needed for properly marking and handling assets. These include clearly marking media with contents, dates, classification (if needed), and other information to help operators locate and use the correct media more often.

Media Controls

edia controls should be designed to prevent the loss of confidentiality, integrity, or availability of information, including data or software, when stored outside the system. This can include storage of information before it is input into the system and after it is output. tapes, optical media, USB (Flash) Physical and environmental protection prevents unauthorized individuals from accessing media and also protects against such factors as heat, cold, or harmful magnetic fields. When necessary, logging the use of individual media (such as CDs and DVDs) provides detailed accountability, to hold authorized people responsible for their actions. The next sections describe some of the common media controls.

Resource protection

is needed to protect company resources and assets. Some resources that require protection are modem pools, network routers, storage media, and documentation.

Record retention processes

refers to how long transactions and other types of computerized or process records should be retained. These controls deal with computer files, directories, and libraries of software and utilities.