the Palo Alto Networks Cyber Security Academy presents the Secure Business Systems administration
security policy enforcement and incident Response presentation.
Password policy enforcement is partially simplified by having effective password security procedures already in place. If the security procedures and policies air effectively communicated than compliance should be fairly simple for the affected participants. Enforcement then would be measured by
having a simplified procedure statements that can be verified
or audited frequently.
So any time there's a change to a system service or we adopt any new devices, upgrades, new operating systems, password policy, audit and update should be conducted
during these events. Administrators maybe challenged to manage and securely store all changes to system level credentials. There should be accurate record keeping and communications so that system policy passwords administrative passwords are effectively managed
during an actual incident. Response event responders also need to be able to consult a playbook that would clearly outline what are the core tasks and priorities. However, incident responders need to be flexible. Often times the actual incident. Conditions
are different than what are focused on during the response playbook. Changing conditions can introduce a lot of complexity.
A responder needs to make decisions and judgements in real time.
So in those instances, it's very critical that the response team effectively communicates any changes or adjustments that they make to a response policy and that all events air accurately documented.
Overall incident response teams need to have clearly defined goals, and they should understand that responsibly mediation tasks need to be performed in specific orders.
For example, one incident response task could require changing passwords on a services platform. Those password changes then need to be conducted downstream in a systematic manner so that child and integrated service accounts that are updated are updated in accordance with the parental services
and that all credentials now match
the originally updated core service credentials.