1. Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011
Operations Security

2. Domain Objectives Protection and Control of Data Processing Resources
Media Management
Backups and Recovery
Change Control
Privileged Entity Control

3. Control Categories Preventive Detective Corrective Deterrent Recovery
Directive
Compensating

4. Application-related Controls
Transaction
Input
Processing
Output
Test
Supervision / balancing
Job-flow
Logging
Licensing

5. Operations Security Focus Areas
Auditors
Support staff
Vendors
Security
Programmers
Operators
Engineers
Administrators

6. Domain Agenda Resource Protection Continuity of Operations
Change Control Management
Privileged Entity Control

7. Facility Support Systems
The support systems in centralized and decentralized operation centers must be protected
Hardware
Software
Storage media
Cabling
Physical security

8. Facility Support Systems (cont.)
Fire protection
HVAC
Electrical power goals

9. Facility Support Systems (cont.)
Water
Communications
Alarm systems

10. Media Management
Storage
Encryption
Retrieval
Disposal

11. Object Reuse Securely reassigned Disclosure Contamination
Recoverability

12. Clearing of Magnetic Media
Overwriting
Degaussing
Physical destruction

13. Media Management Practices
Sensitive Media Controls
Destroying
Marking
Labeling
Handling
Storing
Declassifying

14. Misuse Prevention Threats Countermeasures Personal use
Acceptable use policy, workstation controls, web content filtering, filtering
Theft of media
Appropriate media controls
Fraud
Balancing of input/output reports, separation of duties, verification of information
Sniffers
Encryption

15. Records Management
Consideration for records management program development
Guidelines for developing a records management program
Records retention

16. Domain Agenda Resource Protection Continuity of Operations
Change Control Management
Privileged Entity Control

17. Adequate Software & Data Backup
Operations controls ensure adequate backups of:
Data
Operating systems
Applications
Transactions
Configurations
Reports
Backups must be tested
Alternate site recovery plan

18. Fault Tolerance Hardware failure is planned for
System recognizes a failure
Automatic corrective action
Standby systems
Cold – configured, not on, lost connections
Warm – On, some lost data or transactions (TRX)
Hot – ready – failover

19. RAID – Redundant Array of Independent Discs
Hardware-based
Software-based
Hot spare

20. RAID Level 0
Two or more disks
No redundancy
Performance only

21. RAID Level 1 Exact copy (or mirror) Two or more disks Fault tolerant
200% cost

22. RAID Level 2 Striping of data with error correcting codes (ECC)
Requires more disks than RAID 3/4/5
Not used, not commercially viable

23. RAID Level 3 Byte level stripes 1 drive for parity
All other drives are for data

24. RAID Level 4 Block level stripes 1 drive for parity
All other drives are for data

25. RAID Level 5 Block level stripes
Data and parity interleaved amongst all drives
The most popular RAID implementation

26. RAID Level 6 Block level stripes All drives used for data AND parity
2 parity types
Higher cost
More fault tolerant than RAID implementations 2 - 5

27. RAID Level 0+1
Mirroring and striping
Higher cost
Higher speed

28. RAID Level 10
Mirroring and striping
Higher cost
Higher speed

29. Redundant Array of Independent Taps (RAIT)
Using tapes not disk
Rea-time mirroring

30. Hot Spares
Waiting for disaster
Global
Dedicated

31. Backup Types File image System image Data mirroring
Electronic vaulting
Remote journaling
Database shadowing
Redundant servers
Standby services

32. System Recovery – Trusted Recovery
Correct implementation
Failures don’t compromise a system’s secure operation

33. Types of Trusted Recovery
System reboot
Emergency system restart
System cold start

34. Fail Secure
Cause little or no harm to personnel
System remains secure

35. Operational Incident Handling
First line of defense
Logging, tracking and analysis of incidents
Escalation and notification

36. Incident Response Team
Benefits
Protection of assets
Profitability
Regulations
Avoiding downstream damage
Limit exposure
Priorities
Life safety
Labeled data
Communication
Reduce disruption

37. Contingency Plans Business continuity plans and procedures
Power failure
System failure
Denial of service
Intrusions
Tampering
Communication
Production delay
I/O errors

38. Domain Agenda Resource Protection Continuity of Operations
Change Control Management
Privileged Entity Control

39. Change Control Management
Business and technology balance
Defines
Process of changes
Ownership of changes
Changes are reviewed for impact on security

40. Change Control Committee Responsibilities
Management
Business impact
Regulations
Risk management
Approval
Accreditation
Technical
Request process
Functional impact
Access control
Testing
Rollback
Certification

41. Change Control Procedures
Request
Impact assessment
Approval
Build/test
Implement
Monitor

42. Configuration Management Elements
Hardware inventory
Hardware configuration chart
Software
Firmware
Documentation requirements
Testing

43. Patch Management Knowledge of patches Testing Deployment
Zero-day challenges

44. Protection of Operational Files
Library Maintenance
Backups
Source code
Object code
Configuration files
Librarian

45. Domain Agenda Resource Protection Continuity of Operations
Change Control Management
Privileged Entity Control

46. Operator Privileges Data input and output Data maintenance Labeling
Inventory

47. Administrator Privileges
Systems administrators
Network administrators
Audit highly-privileged accounts

48. Security Administrator Privileges
Security administration include:
Policy
Development
Implementation
Maintenance and compliance
Vulnerability assessments
Incident response

49. Control Over Privileged Entities
Review of access rights
Supervision
Monitoring/audit

50. Domain Summary Resource Protection Continuity of Operations
Change Control Management
Privileged Entity Control