Security Definitions and Concepts Part 2
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Welcome back to the HCISPP Certification course
00:00
with Cybrary.
00:00
I'm so happy you're here, for security,
00:00
definitions and concepts, part 2.
00:00
My name is Schlaine Hutchins.
00:00
To continue our discussion about
00:00
security definitions and concepts,
00:00
we're going to cover,
00:00
logging and monitoring,
00:00
vulnerability management, and contingency planning.
00:00
We mentioned before that logging and
00:00
monitoring is a detective control.
00:00
It detects things after the fact,
00:00
rather than a preventive control
00:00
of stopping something before it happens.
00:00
An audit log is
00:00
a chronological record of information systems activities,
00:00
including records of system access,
00:00
and operations performed in a given period.
00:00
Monitoring is the act of
00:00
systematically reviewing the log information,
00:00
to detect abnormal actions,
00:00
and to send alerts when predefined thresholds are met.
00:00
Logging has two purposes.
00:00
First, is to capture system level and
00:00
transactional information about what
00:00
happened on the system, and second,
00:00
an independent party can monitor
00:00
the logs in a way that allows for
00:00
the identification of a system breach
00:00
or misuse of a system.
00:00
The introduction of high-tech requires
00:00
an increased focus on audit and notification.
00:00
Security professionals not only
00:00
need to ensure logging is happening,
00:00
but that the level of data being collected
00:00
is documented in policies and procedures,
00:00
and implemented in every IT system,
00:00
including mobile and medical devices.
00:00
I'll also add that logs need to be
00:00
protected from modification and/or destruction.
00:00
This way the integrity of the logs is maintained.
00:00
If system administrators have
00:00
access to change or delete the logs,
00:00
they could potentially remove record of
00:00
unauthorized activities that were performed
00:00
from an inside threat or an outside threat.
00:00
When we talk about vulnerability management,
00:00
we're talking about the systematic examination
00:00
of an information system or product,
00:00
to determine the adequacy of
00:00
security measures, identify security deficiencies,
00:00
and provide data from which to predict
00:00
the effectiveness of proposed security measures,
00:00
and confirm the adequacy of
00:00
security measures after implementation,
00:00
that's a lot of words to describe
00:00
the penetration test, or vulnerability assessment.
00:00
You do this test to find out if
00:00
the security controls and processes you have in place,
00:00
are working like you expect them to,
00:00
and if not, where are they weak or non-existent?
00:00
Typically, you can hire
00:00
a third party to perform the assessment,
00:00
and provide you with results,
00:00
or you can create a team within
00:00
your organization to periodically perform these tests.
00:00
Other terms used to describe these testers are
00:00
White Hat Hackers or Pen Testers.
00:00
When engaging a firm to conduct these tests,
00:00
it's crucially important to
00:00
document the rules of engagement,
00:00
meaning identifying the scope in
00:00
very specific terms of what they can and cannot test,
00:00
over what period of time,
00:00
and should they be able to infiltrate your system,
00:00
how far they should be allowed to go.
00:00
You typically want them to stop
00:00
and not actually copy any data,
00:00
but tell you the steps they took to get to the data.
00:00
They must also sign
00:00
confidentiality agreements to ensure that
00:00
any information found is not
00:00
shared with anyone outside of the two parties.
00:00
It's also important to define
00:00
when they can perform their tests,
00:00
you typically don't want Pen Testers
00:00
doing their tests during production hours,
00:00
because should something go wrong and
00:00
take out a production system,
00:00
that wouldn't be good for anyone involved.
00:00
Also, you'll want to only let those who
00:00
need to know that the test is being performed,
00:00
so that countermeasures such as
00:00
specific escalation protocols are not kicked off,
00:00
such as notifying law enforcement.
00:00
Vulnerabilities can take many forms,
00:00
such as errors in software or configuration error.
00:00
The common repository for
00:00
vulnerabilities is maintained by NIST,
00:00
and it's publicly available.
00:00
It's called, the National Vulnerability Database,
00:00
or nvd.nist.gov.
00:00
Let's talk about contingency planning.
00:00
The purpose of contingency planning is to establish
00:00
strategies for recovering access to electronic PHI,
00:00
should the organization experience
00:00
an emergency or other disruption
00:00
such as a power outage or
00:00
disruption of critical business operations.
00:00
The goal is to have PHI available when needed.
00:00
Think about the pandemic situation
00:00
we're experiencing right now.
00:00
It was imperative that organizations can continue to
00:00
function when people can't go to
00:00
work in the physical buildings,
00:00
or are forced to work with limited staffing.
00:00
If these plans are not documented and tested,
00:00
organizations would have a hard time,
00:00
as some did,
00:00
maintaining the same level of support,
00:00
for the customers and patients.
00:00
HIPAA's contingency plans standard,
00:00
has the following five specifications.
00:00
Let's go over them quickly here. Data backup plan.
00:00
Covered entities are required to
00:00
establish and implement procedures to create
00:00
and maintain retrievable exact copies of electronic PHI.
00:00
A data backup plan must be
00:00
documented and routinely updated.
00:00
The data backup plan is necessary,
00:00
to assure continued capabilities
00:00
and guard against unforeseen events.
00:00
Asset management and criticality analysis support
00:00
the data backup plan and execution processes.
00:00
The disaster recovery plan.
00:00
Covered entities are required to
00:00
establish and implement as needed,
00:00
procedures to restore any loss
00:00
of data after an emergency.
00:00
While it's called the disaster recovery plan,
00:00
it's really about data recovery,
00:00
and focuses on the restoration of lost data.
00:00
The emergency mode operation plan,
00:00
is the full continuity of
00:00
operation plan or the business continuity plan,
00:00
to ensure the continuation of
00:00
critical business processes for
00:00
protection of the security of electronic PHI,
00:00
while operating in an emergency mode.
00:00
Again, many entities are
00:00
currently operating under this emergency mode,
00:00
as long as the pandemic is
00:00
affecting the US and the rest of the world.
00:00
The specification for testing and revising procedures,
00:00
ensures that contingency plans are kept
00:00
up-to-date when business processes change.
00:00
Often, simple steps and plans are
00:00
missed because they've not
00:00
been tested from start to finish.
00:00
It's critical that all steps are documented,
00:00
because during an emergency situation,
00:00
emotions run high,
00:00
and the inability to think clearly can be
00:00
overcome with
00:00
explicit documented step-by-step procedures.
00:00
The application and data
00:00
criticality analysis specification requires
00:00
covered entities to assess
00:00
the relative criticality of
00:00
specific applications and data
00:00
in support of other contingency plan components.
00:00
Not all information assets are equally critical.
00:00
Not all business processes have
00:00
the same requirements for
00:00
recovery in the event of a disaster.
00:00
Completing the analysis,
00:00
usually involves a formal process,
00:00
called a business impact analysis,
00:00
within which the recovery time objective,
00:00
or RTO, and
00:00
the recovery point objective, RPO, are identified.
00:00
The RTO is the maximum amount of
00:00
time the business can tolerate an interruption.
00:00
The RPO, recovery point objective,
00:00
is the maximum amount of data,
00:00
you can tolerate losing during a disruption.
00:00
Let's do a knowledge check.
00:00
Which standard allows for
00:00
the identification of misuse or a breach?
00:00
[NOISE] Logging and monitoring.
00:00
Which standard identifies deficiency within security?
00:00
[NOISE]
00:00
Vulnerability management. Great job.
00:00
One more. Which standard identifies strategies for
00:00
recovering electronic PHI during
00:00
an emergency or disruption?
00:00
[NOISE]
00:00
Did you guess contingency planning?
00:00
If so, you're correct.
00:00
What we covered today was logging and monitoring,
00:00
vulnerability management, and contingency planning.
00:00
Thank you for joining me,
00:00
and I'll see you for security,
00:00
definitions and concepts, part 3.
Up Next
