Welcome back to the H C I S P p certification course with Sai Buri. I'm still happy you're here for security definitions and concepts. Part two. My name is Shalane Hutchins.
To continue our discussion about security definitions and concepts, we're going to cover logging and monitoring, vulnerability management and contingency planning.
So we mentioned before that logging and monitoring is a detective control.
It detects things after the fact, rather than a preventive control of stopping something before it happens.
An audit log is a chronological record of information systems activities, including records of system access and operations performed in a given period.
Monitoring is the act of systematically reviewing the log information to detect abnormal actions and to send alerts when pre defined thresholds are met.
Walking has two purposes.
First, is the capture system level in transactional information about what happened on the system?
And Second, an independent party can monitor the logs in a way that allows for the identification of a system breach or misuse of a system.
The introduction of high tech requires an increased focus on audit and notification.
Security professionals not only need to ensure logging is happening, but that the level of data being collected is documented and policies and procedures and implemented in every I T system, including mobile and medical devices.
I'll also add that laws need to be protected from modification and or destruction.
This way. The integrity of the logs have maintained.
If system administrators have access to change or delete the logs, they could potentially remove record of unauthorized activities that were performed from an inside threat or an outside threat.
When we talk about vulnerability management, we're talking about the systematic examination of an information system or product
to determine the adequacy of security measures,
identify security deficiencies and provide data from which to predict the effectiveness off proposed security measures and confirmed the adequacy of security measures after implementation.
That's a lot of words to describe a penetration test or vulnerability assessment.
You do these tests to find out if the security controls and processes you have in place are working like you expect them to, and if not,
where are they weak or non existent?
Typically, you can hire a third party to perform the assessment and provide you with results, or you can create a team within your organization to periodically performed these tests.
Other terms used to describe these testers are white hat hackers
When engaging a firm to conduct these tests, it's crucially important to document the rules of engagement, meaning identifying the scope in very specific terms of what they can and came out test
over what period of time and should they be able to infiltrate your system, how far they should be allowed to go?
You typically want them to stop and not actually copy any data, but tell you the steps they took to get to the data.
That must also sign confidentiality agreements to ensure that any information found is not shared with anyone outside of the two parties.
It's also important to define when they can perform their tests. You typically don't want pen testers doing their tests during production hours because she's something go wrong and take out a production system that wouldn't be good for anyone involved.
Also, you want to Onley. Let those who need to know that the test is being performed so that countermeasures such a specific escalation protocols are not kicked off, such as notifying law enforcement
vulnerabilities can take many forms such as errors and software or configuration air.
The common repository for vulnerabilities is maintained by NIST, and it's publicly available.
It's called the National Vulnerability Database,
or in VD, that nist dot gov.
Let's talk about contingency planning.
The purpose of contingency planning is to establish strategies for recovering access to Elektronik ph I. Should the organisation experience in emergency or other destruction, such as a power outage or disruption of critical business operations?
The goal is to have pH I available when needed.
Think about the pandemic situation we're experiencing right now. It was imperative that organisations can continue to function when people can't go to work in the physical buildings or are forced to work with limited staffing.
If these plans are not documented and tested, organizations would have a hard time, as some did, maintaining the same level of support for the customers and patients.
Hitler's contingency plans standard has the following five specifications. Let's go over them quickly. Here,
covered entities are required to establish and implement procedures to create and maintain retrievable exact copies of electronics. PH I.
A data backup plan must be documented and routinely updated.
The data backup plan is necessary to assure continued capabilities and guard against unforeseen Vince
Asset management and criticality analysis support The data backup plan and execution processes.
The disaster recovery clean
covered in disease were required to establish and implement as needed procedures to restore any loss of data after an emergency.
While it's called a disaster recovery plan, it's really about data recovery and focuses on the restoration of lost data.
The emergency mode operation plan is the full continuity of operations plan or the business continuity plan
to ensure the continuation of critical business processes for protection of the security of Elektronik ph. I while operating in an emergency mode
again. Many entities air currently operating under this emergency mode as long as the pandemic it's affecting the U. S. And the rest of the wall.
The specifications for testing and revising procedures insures that contingency plans are kept up to date when business processes change.
Often simple steps in plans are missed because they've not been tested from start to finish.
It's critical that all steps or documented because during an emergency situation, emotions run high and the inability to think clearly can be overcome with explicit document it step by step procedures.
The application and data criticality analysis specifications requires covered entities toe assess, the relative criticality of specific applications and data and support of other contingency playing components.
Not all information access are equally critical.
Not all business processes have the same requirements for recovery in the event of a disaster.
Completing the analysis usually involves a formal process called a business impact analysis,
within which the recovery time objective or RTO, and the recovery point objective are Pete. Oh, identify
the rto is the maximum amount of time the business can tolerate an interruption.
And the R P bo recovery point objective is the maximum amount of data you can tolerate losing during a disruption.
So let's do a knowledge check
which standard allows for the identification of misuse or a breach,
blogging and monetary,
Which standard identifies deficiency within security
Great job. One more.
Which standard identifies strategies
for recovering Elektronik ph. I
during an emergency or disruption?
Did you guess contingency planning it So you're correct.
So what we covered today was logging and monitoring
vulnerability, management and contingency planning.
Thank you for joining me, and I'll see you for security definitions and concepts. Part three