Collect Security Process Data

In this part of this tutorial, we’ll take a look at collecting security process data to help you understand the different aspects of security process data. Organizations should collect data about policies and procedures and review it because Assessment of security management processes and systems helps an organization determine the efficacy of its key processes and controls. So, Security process data should be updated to mitigate the risk related issues.

Account Management

Account management reviews ensure that users only retain authorized permissions and perform allowed actions and restricting them from unauthorized access and modifications. The types of reviews include

  • All user account provisioning was properly requested, reviewed, approved, and executed.
  • If an employee is transferred from one part of the organization to another, as well as if his or her role in the organization changes, his/her account access permissions must be immediately updated in accordance with the new role and position.
  • As soon as each person’s term of office expires, all of his/her account permissions must be terminated immediately.
  • All users holding privileged account access still require it, and their administrative actions are logged.
  • Each user account can be checked upon request.
  • All unused user accounts are evaluated to see whether they can be deactivated.
  • All users’ access permissions must be certified regularly, if necessary.

Key Performance and Risk Indicators

Key performance and risk indicators are measurements of key activities in an information security program. These indicators can help to management understand how well the security program and its components are performing.

Security managers should monitor key performance and risk indicators on an ongoing basis. Items that need to be monitored continuously, for example, can include the following:

  • Number of open vulnerabilities
  • Repeat audit findings
  • Time to resolve vulnerabilities
  • The user attempts to visit known malicious sites
  • Number of compromised accounts
[rev_slider alias=”Advertisement-1″ /]

Backup Verification Data

Organizations deal with huge amounts of data which needs protection for a variety of reasons such as Disaster Recovery (DR).If a disaster strikes, the organization will reach a point where it will need to recover existing backups prepared before the disaster. Now, if the backup itself – for whatever reason – cannot be used, the organization will face a new and bigger catastrophe. So, Organizations should periodically inspect the results of backups to verify that the processed functions effectively meet the organization’s data protection needs. This may involve reviewing logs, inspecting hash values, or requesting an actual restore of a system or file.

Organizations need to regularly test the ability to actually recover data from backup media, to ensure that they can do so in the event of a hardware malfunction or disaster.

There are several considerations including the following:

1- Data recovery versus disaster recovery: There are two main reasons for backing up data:

  • Data recovery: When data storage location (such as Hard disk or SAN) has a major problem, or when data has been intentionally or unintentionally deleted (human error), and so on. In this case, should backup media is near production systems, in such a way that data recovery is simple.
  • Disaster recovery: When an event has resulted in damage to primary Processing systems, so necessitating recovery of data onto alternate Processing systems, and this must be done until the problem of the primary processing systems is finally resolved and normal conditions are established. Quite the opposite of the previous case, this type recovery requires backup media to be far away from the primary processing site so that it is not involved in the same natural disaster. Some organizations have developed a very good strategy. They use two backup media. One is kept close to production / administration systems and the other is stored in a very far geographical location (for example, outside the city, state, or even country). It is very important that the backup media stored in the far area should not have a very old backup and should be systematically and plannedly updated in terms of content.

2- Data integrity: there is a rule known as referential data integrity. This rule means that a database should not be recoverable to a state where relationships between indexes, tables, and foreign keys would be broken.

3- Version control: For requests to recover data to an earlier state, must many components so roll-back to same state. These components include computer programs, any changes in the applications, operating system versions and patches, and etc.

4- Staging environments: Depending upon the reason for recovering data, it may be appropriate to recover data onto a separate environment. For instance, if certain transactions in an e-commerce environment were lost, it may make sense to recover data including the lost transactions onto a test server, so that those transactions can be found.

If older data was recovered onto the primary production environment, this would effectively wipe out transactions from that point in time up to the present.

Training and Awareness

Organizations need to have training programs for their staff to increase their awareness. If this item properly do, then personnel at all levels of the organization can understand how to respond to new threats and vulnerabilities.

Security awareness training is discussed in security and risk management domain, earlier.

Disaster Recovery (DR) and Business Continuity (BC)

Most organizations after a disaster, cannot afford to be unable to perform their business processes for the very long period. This means that disaster recovery operations in these organizations are slow or that the above organizations do not have the ability to recover disasters at all.

The organization needs a plan that process disaster recovery regardless of what happens around.

This is same the business continuity that we discussed about it in the previous sections of this course.