What is the goal of security audits and the importance of establishing best practices within and organization?
Please refer attachment. Needs in text citations with proper APA format
*
Copyright © 2012, Elsevier Inc. All Rights Reserved
Chapter 5
Commonality
Cyber Attacks
Protecting National Infrastructure, 1st ed.
Copyright © 2012, Elsevier Inc. All Rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Certain security attributes must be present in all aspects and areas of national infrastructure to ensure maximum resilience against attack
Best practices, standards, and audits establish a low-water mark for all relevant organizations
Audits must be both meaningful and measurable
Often the most measurable things aren’t all that meaningful
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Introduction
Copyright © 2012, Elsevier Inc. All rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Common security-related best practice standards
Federal Information Security Management Act (FISMA)
Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry Data Security Standard (PCI DSS)
ISO/IEC 27000 Standard (ISO27K)
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Introduction
Copyright © 2012, Elsevier Inc. All rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Fig. 5.1 – Illustrative security audits for two organizations
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Fig. 5.2 – Relationship between meaningful and measurable requirements
*
The primary motivation for proper infrastructure protection should be success based and economic
Not the audit score
Security of critical components relies on
Step #1: Standard audit
Step #2: World-class focus
Sometimes security audit standards and best practices proven through experience are in conflict
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Meaningful Best Practices for Infrastructure Protection
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Fig. 5.3 – Methodology to achieve world-class infrastructure
protection practices
*
Four basic security policy considerations are recommended
Enforceable: Policies without enforcement are not valuable
Small: Keep it simple and current
Online: Policy info needs to be online and searchable
Inclusive: Good policy requires analysis in order to include computing and networking elements in the local nat’l infrastructure environment
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Locally Relevant and
Appropriate Security Policy
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Fig. 5.4 – Decision process for security policy analysis
*
Create an organizational culture of security protection
Culture of security is one where standard operating procedures provide a secure environment
Ideal environment marries creativity and interest in new technologies with caution and a healthy aversion to risk
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Culture of Security Protection
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Fig. 5.5 – Spectrum of organizational culture of security options
*
Organizations should be explicitly committed to infrastructure simplification
Common problems found in design and operation of national infrastructure
Lack of generalization
Clouding the obvious
Stream-of-consciousness design
Nonuniformity
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Infrastructure Simplification
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Fig. 5.6 – Sample cluttered engineering chart
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Fig. 5.7 – Simplified engineering chart
*
How to simplify a national infrastructure environment
Reduce its size
Generalize concepts
Clean interfaces
Highlight patterns
Reduce clutter
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Infrastructure Simplification
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Key decision-makers need certification and education programs
Hundred percent end-user awareness is impractical; instead focus on improving security competence of decision-makers
Senior Managers
Designers and developers
Administrators
Security team members
Create low-cost, high-return activities to certify and educate end users
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Certification and Education
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Fig. 5.8 – Return on investment (ROI) trends for security education
*
Create and establish career paths and reward structures for security professionals
These elements should be present in national infrastructure environments
Attractive salaries
Career paths
Senior managers
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Career Path and Reward Structure
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Companies and agencies being considered for national infrastructure work should be required to demonstrate past practice in live security incidents
Companies and agencies must do a better job of managing their inventory of live incidents
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Responsible Past Security Practice
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Companies and agencies being considered for national infrastructure work should provide evidence of the following past practices
Past damage
Past prevention
Past response
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Responsible Past Security Practice
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
A national commonality plan involves balancing the following concerns
Plethora of existing standards
Low-water mark versus world class
Existing commissions and boards
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
National Commonality Program
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.
Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.
Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.
Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.
Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.
Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.
We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.
Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.
You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.
Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.
Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.
From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.
Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.
Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.
You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.
You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.
Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.
We create perfect papers according to the guidelines.
We seamlessly edit out errors from your papers.
We thoroughly read your final draft to identify errors.
Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!
Dedication. Quality. Commitment. Punctuality
Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.
We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.
We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.
We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.
We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.