Five Keys to Security Fundamentals
Tags: best practices
(Excerpted & condensed from the Cisco Press book Network Security Auditing, written by Chris Jackson available June 4, 2010)
To understand security, it is critical that you realize that security is a process, not a product. Security is a broad topic, and one of the few in information technology that literally touches all aspects of a business. To focus security efforts and to make them manageable, it helps to break down the various aspects of security into the five pillars of security.
1. Assessment: Assessments document and identify potential threats, key assets, policies and procedure, and management’s tolerance for risk. Assessments are not something that are done once and then forgotten. As the business needs change and new services and technologies are introduced, regularly scheduled reassessments should be conducted. Doing this gives you an opportunity to test policies and procedures to ensure that they are still relevant and appropriate.
2. Prevention: Prevention is not just accomplished through technology, but also policy, procedure, and awareness. Expect individual security controls to fail, but plan for the event by using multiple levels of prevention.
3. Detection: Detection is how you identify whether or not you have a security breach or intrusion. If you can’t detect a compromise, then you run the risk of having a false sense of trust in your prevention techniques.
4. Reaction: Reaction is the aspect of security that is most concerned with time. The goal is to minimize the time from detection to response so that exposure to the incident is minimized. Fast reaction depends on prevention and detection to provide the data and context needed to recognize a security breach.
5. Recovery: Recovery is where you play detective to determine what went wrong so that you can get the systems back on line without opening up the same vulnerability or condition that caused the problem in the first place. There is also the post-mortem aspect that determines what changes need to be made to processes, procedures, and technologies to reduce the likelihood of this type of vulnerability in the future.