Professional Documents
Culture Documents
@NoisetierGlass
@NoisetierGlass
Biometrics Authentication
Type 1 Error – FRR, False Rejection Rate – False Positive
Type 2 Error – FAR, False Acceptance Rate – False Negative
CER, Crossover Rate – Sweetspot for biometric authentication
Digital Certificate
CA, RA, CRL, Registration Process
Data Classifications
• Development of sensitivity label for data and assignment of data into these
defined sensitivity
• For purpose of configuring Baseline (minimum acceptable controls) security
• Business Objective
• Information Security Strategy
o Roadmap and Priority
• Security Program
o Its control objectives
• Security Policy
• Standards, Procedures, Guidelines
• Controls & Processes
Metrics are used for measuring effectiveness of controls and processes, metrics will
feed into IS governance to ensure alignment is achieved.
They own and are liable for IS governance, they manage the information security of
an organization through “Hands-off management”
They operate according to the business objectives. They are to deliver end results B
of D/ Executive Management want to achieve
They grant access, revoke permissions and review the privilege regularly. They define
business function/ process.
• Data custodian
• Data owners
They govern the use of data in context of business. They permit and grant access to
data in Information Systems. They make sure data is secured properly.
Balance Scorecard
• Determine the maturity of security program
• Financial, Customer, Internal Process, Innovation & Learning
• How are any of the above aligned to the business objectives?
GAP ANALYSIS
• Think about current level of risk and the desired state
ASSET CLASSIFICATION
• Are all information assets classified?
• Are all information assets attributed with owners?
RISK ASSESSMENT
THREAT ASSESSMENT
REGULATORY REQUIREMENT
BUSINESS PROCESS & REQUIREMENT
A WAY TO FORMAL ASSURE CONTROLS/ PROCESSES ARE RUNNING EFFECTIVELY
Metrics should be captured SMART, i.e. specific, measurable, attainable, relevant and
timely.
POLICY DEVELOPMENT
STANDARD DEVELOPMENTS
Business Case
Business cases are used to describe initiatives and its benefits. They are usually
presented to senior management for funding request.
GAP ANALYSIS
• Compare current state of risk assessment and desired state
Without any of the above, an effective risk management strategy will not be
established.
3. System classification
Classification should be done on all Information Systems.
Development of hardening guidelines/ standards should be compiled to
protect information systems.
ASSET VALUATION
• Qualitative, scoring from 1 → 10, or low → high
• Quantitative, value should be based on the impact to business
• Previous risk
management report/ Risk
analysis
Risk Analysis
Communications
• Intelligence
• Identify risk from the
vulnerability concluded
in asset classification Risk Treatment
phase
• Security Vulnerability
Assessment
RISK ANALYSIS
• Finding out likelihood and impact
• Ranking the risk
• Ownership assignment
RISK TREATMENT
Treatment usually change in either/ both
RISK COMMUNICATION
• Risk should be communicated with the business process owner, with one of
the following options
o Risk Acceptance
o Risk Mitigation with compensation controls
Assign
ownership Writing
of the BCP policy
program Scope
Business alignment
Business
Impact Analysis
▪ Refer to the
list of threats
Criticality
Test Results and identify
Analysis
ones with
▪ Inventory of potential
the system ▪ Figure out
▪ Statement of likelihood
impact per ▪ Mitigating
system Determine
control &
target e.g.
Test MTD/MTO/ costs
RTO/RPO/
RCapO/RCO
Develop
Develop
Recovery
Recovery Plans
Teams
Think about initiation/
declaration of BCP… who
and how?
Steps to recover
Roles and responsibilities
Damage assessment etc.
The test results must be discussed and feed back into the BIA for continuous
improvement.
Cyber Kill-chain
• Reconnaissance
• Weaponization
• Delivery
• Exploit
• Installation
• Command & Control
• Actions on Objectives
4. GAP ANALYSIS
5. PLAN WRITING
o Policy
o Playbooks
o Roles and Responsibilities
o Detection Capabilities
o Communications
o Incident Classifications
o Escalation Criteria
6. PLAN TEST
o Document Review
o Walkthrough
o Simulation
o Live-fire test
INITIATION
Initiatiom
• Incident Responders declares the incident
• Formation of Incident Response Team (IRT) and
assignment of incident commander, who coordinates
the incident response Evaluation
EVALUATION
• Incident ranking & classification
• Determine the need of notifying senior management,
this is usually based on Information Security policy Containment
• Determine the need of triggering legal proceeding, if
so, chain of custody must be kept
• Consider the need of trigger DR/ BCP
Eradication
CHAIN OF CUSTODY AND FORENSIC INVESTIGATION
• Identification
• Preservation
• Analysis Recovery
• Presentation
CONTAINMENT
• Isolation of affected systems
Remediation
• Creating backup of systems for forensic purpose
ERADICATION
• Root cause analysis is performed in this phase
• Removal of agents/ factors that cause the incident Closure
• Might rebuild the system with latest backup if
confidence of removal of agents is not high
RECOVERY Post-Incident
• Recover damaged file Review
• Recover bare metal if necessary
REMEDIATION
• Remediation of any vulnerability that got exploited in the incident
• This should be done on ALL machines not just the impacted ones
POST-INCIDENT REVIEW
• Report to management what went well (and what did not)
• Suggest improvement items to existing procedures/ IRP