policies detail how an organization protects their information technology assets to include physical assets, data and human capital.
The documentation evolves in parallel with new technologies, regulations and state of the art practices.
The how of adhering to policy regulations is detailed and procedures that Dr Day to Day operations
procedures outlined the way organizations operate, address threats, engaged employees, control access and adhere to legal requirements.
Continuous monitoring is an example of a procedure that support security policies and other directors.
Analysts. You secure establish baselines to compare against configurations in operation.
Any changes in behavior or deviation from baselines would result in an alert, followed by further analysis to determine the severity of the change.
When updates are made to the environment, new baselines need created to ensure monitoring is comparing appropriate configurations.
Reviewing an auditing security logs is an additional component of continuous monitoring. Besides aiding and troubleshooting issues, continuous monitoring procedures are typically requirement for regulation compliance.
When an alert is received indicating an adverse event, incident response procedures are referenced and in turn may initiate computer investigations. These investigations require mindful due diligence because of sensitive information handling such as customer data may be involved
procedures for computer investigations include identifying affect the systems the individuals involved and associated risks
depending on the nature of the incident. If criminal or civil issues are applicable, law enforcement may need contacted.
Certain data breaches require notifying authorities
evidence collection must be tracked using the chain of custody process to remain admissible in legal proceedings.
Past management procedures. Track system updates to ensure systems are current with application patches and within a reasonable time frame
patches are typically provided by vendors to mitigate vulnerabilities and correct bugs as they were discovered.
It is the best practice toe have procedures to test patches in a sandbox before releasing to production environment to ensure they address the issue as expected and do not negatively impact production systems
once the patches are deemed safe there, then deployed into production and closely monitor to confirm they're working as intended.
These procedures are more efficient when a centralized patch management system is employed,
just as security policies continuously evolved to reflect industry changes and new threats. Controls used to enforce those policies need revisited
each time new vulnerabilities are discovered. Controls need apply to combat those threats.
Compensating control development is the procedure of developing controls to prevent vulnerabilities from being exploited.
The controls are developed based on three characteristics.
The likelihood the vulnerability will be exploited,
the risk associated with the vulnerability and the cost benefit of implementing a new control versus remaining exposed.
New and pre existing controls need to be carefully configured and tested thoroughly. This process can't be performed manually or be automated
with manual configuration settings reviewed against a set of recommendations, if a setting difference from the recommendation that control is flagged and reported
the Security Content Automation Protocol also known. This cap is a tool that uses predefined fouls to verify system compliance against the federal Information Security Management Act that follows control Testing guidelines outline. In this 853 a publication,
Well automated control, Tess can't be faster and offer consistency. There are times and manual checks are needed,
it controls or other events like updates or patches or flag. They do not follow the recommended configuration settings or are causing an issue with the working system and are marked as an exception.
Exceptions typically must be resolved within a certain amount of time marked unresolvable or have the time limit extended
with extending the time limit. Remediation plane is usually created if issues air complicated with hurdles such as unrealistic time restraints. Lack of resource is revived with testing options.
Remediation plans are developed, which outlined the issues and desired results.
Remediation plans contained attainable resolutions with dethroned steps and metrics to measure the process and outcome.
Procedures detailing actions in support of policies or regulations. Helping organization with managing information security needs and maintaining compliance.
Whether the procedures guide monitoring for unexpected changes to the environment or testing to ensure anticipated changes won't adversely affect security or operations.
They're an important part of information security management. They require their own review and updating processes.