CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide. Gibson Darril. Читать онлайн. Newlib. NEWLIB.NET

Автор: Gibson Darril
Издательство: Автор
Серия:
Жанр произведения: Зарубежная образовательная литература
Год издания: 0
isbn: 9781119042754
Скачать книгу
work together toward the goal of reliable security governance is a solid strategy.

      Two additional examples of organizational processes that are essential to strong security governance are change control/change management and data classification.

      Change Control/Management

      Another important aspect of security management is the control or management of change. Change in a secure environment can introduce loopholes, overlaps, missing objects, and oversights that can lead to new vulnerabilities. The only way to maintain security in the face of change is to systematically manage change. This usually involves extensive planning, testing, logging, auditing, and monitoring of activities related to security controls and mechanisms. The records of changes to an environment are then used to identify agents of change, whether those agents are objects, subjects, programs, communication pathways, or even the network itself.

      The goal of change management is to ensure that any change does not lead to reduced or compromised security. Change management is also responsible for making it possible to roll back any change to a previous secured state. Change management can be implemented on any system despite the level of security. It is a requirement for systems complying with the Information Technology Security Evaluation and Criteria (ITSEC) classifications of B2, B3, and A1. Ultimately, change management improves the security of an environment by protecting implemented security from unintentional, tangential, or affected diminishments. Although an important goal of change management is to prevent unwanted reductions in security, its primary purpose is to make all changes subject to detailed documentation and auditing and thus able to be reviewed and scrutinized by management.

      Change management should be used to oversee alterations to every aspect of a system, including hardware configuration and OS and application software. Change management should be included in design, development, testing, evaluation, implementation, distribution, evolution, growth, ongoing operation, and modification. It requires a detailed inventory of every component and configuration. It also requires the collection and maintenance of complete documentation for every system component, from hardware to software and from configuration settings to security features.

      The change control process of configuration or change management has several goals or requirements:

      ■ Implement changes in a monitored and orderly manner. Changes are always controlled.

      ■ A formalized testing process is included to verify that a change produces expected results.

      ■ All changes can be reversed (also known as backout or rollback plans/procedures).

      ■ Users are informed of changes before they occur to prevent loss of productivity.

      ■ The effects of changes are systematically analyzed.

      ■ The negative impact of changes on capabilities, functionality, and performance is minimized.

      ■ Changes are reviewed and approved by a CAB (change approval board).

      One example of a change management process is a parallel run, which is a type of new system deployment testing where the new system and the old system are run in parallel. Each major or significant user process is performed on each system simultaneously to ensure that the new system supports all required business functionality that the old system supported or provided.

      Data Classification

      Data classification, or categorization, is the primary means by which data is protected based on its need for secrecy, sensitivity, or confidentiality. It is inefficient to treat all data the same way when designing and implementing a security system because some data items need more security than others. Securing everything at a low security level means sensitive data is easily accessible. Securing everything at a high security level is too expensive and restricts access to unclassified, noncritical data. Data classification is used to determine how much effort, money, and resources are allocated to protect the data and control access to it. Data classification, or categorization, is the process of organizing items, objects, subjects, and so on into groups, categories, or collections with similarities. These similarities could include value, cost, sensitivity, risk, vulnerability, power, privilege, possible levels of loss or damage, or need to know.

      The primary objective of data classification schemes is to formalize and stratify the process of securing data based on assigned labels of importance and sensitivity. Data classification is used to provide security mechanisms for storing, processing, and transferring data. It also addresses how data is removed from a system and destroyed.

      The following are benefits of using a data classification scheme:

      ■ It demonstrates an organization’s commitment to protecting valuable resources and assets.

      ■ It assists in identifying those assets that are most critical or valuable to the organization.

      ■ It lends credence to the selection of protection mechanisms.

      ■ It is often required for regulatory compliance or legal restrictions.

      ■ It helps to define access levels, types of authorized uses, and parameters for declassification and/or destruction of resources that are no longer valuable.

      ■ It helps with data life-cycle management which in part is the storage length (retention), usage, and destruction of the data.

      The criteria by which data is classified vary based on the organization performing the classification. However, you can glean numerous generalities from common or standardized classification systems:

      ■ Usefulness of the data

      ■ Timeliness of the data

      ■ Value or cost of the data

      ■ Maturity or age of the data

      ■ Lifetime of the data (or when it expires)

      ■ Association with personnel

      ■ Data disclosure damage assessment (that is, how the disclosure of the data would affect the organization)

      ■ Data modification damage assessment (that is, how the modification of the data would affect the organization)

      ■ National security implications of the data

      ■ Authorized access to the data (that is, who has access to the data)

      ■ Restriction from the data (that is, who is restricted from the data)

      ■ Maintenance and monitoring of the data (that is, who should maintain and monitor the data)

      ■ Storage of the data

      Using whatever criteria is appropriate for the organization, data is evaluated, and an appropriate data classification label is assigned to it. In some cases, the label is added to the data object. In other cases, labeling occurs automatically when the data is placed into a storage mechanism or behind a security protection mechanism.

      To implement a classification scheme, you must perform seven major steps, or phases:

      1. Identify the custodian, and define their responsibilities.

      2. Specify the evaluation criteria of how the information will be classified and labeled.

      3. Classify and label each resource. (The owner conducts this step, but a supervisor should review it.)

      4. Document any exceptions to the classification policy that are discovered, and integrate them into the evaluation criteria.

      5. Select the security controls that will be applied to each classification level to provide the necessary level of protection.

      6. Specify the procedures for declassifying resources and the procedures for transferring custody of a resource to an external entity.

      7. Create an enterprise-wide awareness program to instruct all personnel about the classification system.

      Declassification is often overlooked when designing a classification system and documenting the usage procedures. Declassification is required once an asset no longer warrants or needs the protection of its currently assigned classification or sensitivity