In Part 1 of this article series, we discussed Information Security Management, or ISM. This second installment will cover the implementation and monitoring of security controls, including logical access controls, remote access controls, network security, controls/detection tools against information system attacks, security testing techniques and controls that prevent data leakage.
Security controls should focus on the integrity of data, the data classification system, and the policies in places that ensure that data is handled properly.
Logical Access Controls
Ensure there are policies in place on access and access controls – logical access controls at both operating system level and the application level are designed to protect information assets by sustaining policies and procedures. The management override is akin to a fail-safe mechanism. Overall, these controls manage the identification, authentication and restriction of users to authorized functions and data.
Types and Principles of Access
Types and principles of access include subject access (identification of individual having an ID), service access (data passing through an access point), least privilege, segregation of duties and split custody.
Example: Target may have avoided their notorious 2013 breach if they had not failed to follow the principle of least privilege. An HVAC contractor with a permission to upload executables broadens the attack surface for cybercriminals.
Example: As an example of Edward Snowden’s revelations, the NSA decided to apply the principle of least privilege and revoked higher-level powers from 90% of its employees.
Ensure there are occasional or event-driven change and recovery policies – reactivation with a new password so long as the user identity can be verified. People often use weak passwords, tend to share them or transmit/store them in cleartext; a succession of failed attempts to login with a password should result in locking out the account.
Biometrics can replace passwords in future (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dimitar Kostadinov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/G_PkRS5iYuc/