Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This lesson focus on risk mitigation and stresses risk mitigation strategies including change management, incident management, audit and other actions. We discuss the impact of data loss and theft, how that occurs and what strategies can be employed by security professionals to minimize its occurrence AND its adverse effects of those occurrences. [toggle_content title="Transcript"] This has to do with, given a scenario implement appropriate risk mitigations strategies. The first item we look at is change management. In the world of IT we must do proper change management to ensure that all changes carried out in the IT or enterprise are properly reviewed. We have to know, Who is asking for this change? We will review the change. What is the impact of this change on the infrastructure? What is the impact of this change on the enterprise collectively? Does this change or do these changes introduce new vulnerabilities? Do they deviate from the best practices and standards or the policies that are in place? Without proper change management anybody, everybody can just decide to make changes and these could introduce fraud or bring down the network. Organizations should ensure that changes goes through proper review, so that we know, Do we have to pay for these modifications? Is it a onetime payment? Is it a recurring payment? Can the organization afford this change? All departments have to be reviewed to see the impact of the changes collectively for the organization. The next item we look at is Incident Management. Incidents must be properly identified and managed otherwise small issues could build up overtime and become big issues. If incidents are not properly managed, they could get swept under the carpet. Incidents have to be carefully managed. We have to have best practice management strategies. These can mitigate incidents as they occur as incidents starts to occur and they are properly identified we can mitigate the severity of the damage caused by these risks. We also should do, user rights and permissions reviews. Periodically, we assign new permissions to users and sometimes we forget to remove these permissions. We should do, user rights and permissions reviews to ensure that our users do not build up excessive permissions overtime. The principal of this privilege dictates that our user should have the exact permission they need to do their work. No more, no less. As you would find some organizations would assign permissions to people or users within the enterprise and over sometime forget to withdraw these permissions. If we perform user rights and permissions reviews, we get to review the right users should have. Is this sufficient? Have they exceeded their assignments? Then those permissions have to be reviewed and removed. We should also perform Routine Audits. Routine audits for our infrastructure. Routine audits for the users. Routine audits for all the controls within the network because with time some controls might fail. Some controls might be weakened overtime or comprised. If you were to ask your users for example, What sort of time or how do they conform to the policies? They will repeat what is in the policy for you word for word. They know what's in the policy, but are they carrying out what is in the policy. By performing routine audits we could detect. This is a detective control. We can do routine audits on our infrastructure. Are the controls working as they should? We captured the logs. We captured the reports and see if the controls are working as they should. If not then reports could be written for remediation. These controls can be put right as they should work. We need to enforce policies to prevent data loss or theft. Management policies might dictate that there should be no data loss or theft. This can be done using software. Software solutions that would find sensitive information. They prevent sensitive information from being stolen, such that; if users attempt to copy, move, send information that should not be moved from the storage system, if the system detects suspicious activities the system will prevent user interaction with the data such that the data cannot be stolen. In doing data loss prevention, software is used to prevent data from being stolen. We could also implement technical solutions. Maybe, we could disable USB. We could disable copying of data. We could disable sending of data from a media. By disabling the USB you are able to enforce the policies that also prevent data loss or theft. You could disable USB drives, USB ports in the bios. If disabled, the usage of USB devices cannot work. That enforces the policy to prevent data loss and data theft. [/toggle_content]