The Corrupting Influence Of Secrecy On National Policy Decisions.
Strategic Information Security is a strategic plan to provide the organization’s management, the information required to make decisions regarding security keeping in mind the business objectives of an organization. Information security protects business operations by minimizing vulnerabilities and protecting infrastructure, applications and data from damage (Whitman, 2010).
Information security focuses on protection strategies, technology and service provider selection, and deployment best practices. The threat environment is changing, and security professionals must continuously improve protection against increasingly sophisticated and damaging attacks. There is also increasing pressure to satisfy complex regulatory compliance requirements. Information security leverages tools and techniques to protect business operations develop assessment and remediation strategies, select appropriate technology and service providers, and ensure effective deployment of security controls.
Consider These Factors to Determine Your Readiness
What Information Security Means to the CIO
Before approving the deployment of infrastructure, application, and data protection technologies and services, CIOs should:
Ensure that the need for new security capabilities has been prioritized through a risk assessment that evaluates the threat environment, known vulnerabilities, recent security incidents and compliance issues.
Define the enterprise’s process, technology and service requirements for security assessment; network, application and data protection; vulnerability remediation; and security monitoring.
Use technology and process requirements to select appropriate infrastructure, application, or data protection technologies or services that are specific to the enterprise’s needs.
What Information Security Means to IT Leaders
IT leaders should consider these factors in the selection, development, deployment and ongoing improvement of information security technology and service initiatives:
Security risk environment — Assess the current threat environment, making sure to include internal and external threats.
Existing security controls and architecture — Review their status and effectiveness within the context of the risk environment for your enterprise and industry.
Business processes and initiatives — Identify planned and current business programs that will modify existing security risks or create new forms of security risk.
IT processes and initiatives — Identify planned and current IT management strategies and tactics that will change existing security risks or create new types of security risk.
Regulatory drivers for security — Catalog the internal and external policies, standards and regulations that govern security operations in your SenAd and industry.
What Information Security Means to Technology Professionals
Technical professionals should take the following steps to ensure a successful implementation of information security:
Manage threats and attacks using a combination of effective technologies, such as anti-malware and security information and event management (SIEM), and practices.
Build control architectures that can work across IT environments that intersect with the Nexus of Forces of cloud, mobile, big data and social.
Focus on being pragmatic and manage the risks of mobility, social, big data and cloud by saying “How?” instead of “No.”
Ensure high-value assets are protected using zoning and perimeter architecture, but support unmanaged or mobile devices on end-user networks as appropriate.
Use data masking, tokenization and/or encryption — as well as discovery and monitoring solutions, such as data loss prevention (DLP) and database audit and protection (DAP) solutions — where confidentiality is required (Whitman, 2010).
Conduct Your Information Security Technology and Services Initiative Using This Structured Approach
Information security technology and services are effective only if they are able to rapidly adapt to changing threat environments. As a result, many activities within information security are highly tactical and rapidly move through multiple phases during their design, deployment and management. A clear project management methodology has to be implemented in the planning process. For the planning, SenAd implements a planning process involving its stakeholders including the inside stakeholders and the outside stakeholders, its management team including the board of directors, the employees and keeping in mind the SenAd environment that attributes to the physical structure environment, technological environment, political and legal and the competitive environment. Information security management works like any other management process where the difference here is that the emphasis is more on the focus on the security issues.
Successful security projects maintain a strong focus on supporting business objectives and use the phases below to structure security programs:
Strategize and Plan: Use risk assessment to identify and prioritize security projects and programs. Integrate business objectives and initiatives with the risk mitigation prioritization process to define short-term and midterm plans for information security management.
Architect Solution: The design of security tools and services must align with enterprise objectives for flexibility, efficacy and cost containment. Identify performance parameters for information security projects, and integrate these into solution designs.
Select Solution: Security solutions can affect nearly all employees and processes. Minimize disruption to operations and maximize security performance by aligning security solutions with architectural standards and infrastructure deployment and management models.
Operate and Evolve: Use continuous performance monitoring of security technology and services to find and close gaps. Compare updated risk assessments with current performance measures to identify areas for improvement, replacement or development of new security solutions.
Critical Capabilities Definition
SIEM technology provides a set of common core capabilities that are needed for all cases. Other SIEM capabilities are more critical for the threat management use case or the compliance use case. Many SenAds will apply SIEM technology broadly across their IT infrastructures and will implement most SIEM capabilities, but they typically start with a narrow deployment that implements a subset of functions to resolve a specific compliance gap or security issue.
SenAds should evaluate the following set of SIEM capabilities:
Scalable architecture and deployment flexibility:
These are derived from vendor design decisions in the areas of product architecture, data collection techniques, agent designs and coding practices. Scalability can be achieved by:
A hierarchy of SIEM servers — tiers of systems that aggregate, correlate and store data
Segmented server functions — specialized servers for collection correlation, storage, reporting and display
A combination of hierarchy and segmentation to support horizontal scaling
During the planning phase, many SenAds underestimate the volume of event data that will be collected, as well as the scope of analysis reporting that will be required. An architecture that supports scalability and deployment flexibility will enable an SenAd to adapt its deployment in the face of unexpected event volume and analysis.
Real-time event data collection: SIEM products collect event data in near real time in a way that enables immediate analysis. Data collection methods include:
Receipt of a syslog data stream from the monitored event source
Agents installed directly on the monitored event source or at an aggregation point, such as a syslog server
Invocation of the monitored system’s command line interface
APIs provided by the monitored event source
External collectors provided by the SIEM tool
Note: The technology should also support batch data collection for cases where real-time collection is not practical or is not needed.
Log management and compliance reporting:
Functions supporting the cost-effective storage and analysis of a large information store include collection, indexing and storage of all log and event data from every source, as well as the capability to search and report on that data. Reporting capabilities should include predefined reports, as well as the ability to define ad hoc reports or use third-party reporting tools.
Security event analytics is composed of dashboard views, reports and ad hoc query functions to support the investigation of user activity and resource access in order to identify a threat, a breach or the misuse of access rights.
Incident management support:
Specialized incident management and workflow support should be embedded in the SIEM product primarily to support the IT security SenAd. Products should provide integration with enterprise workflow systems, and should support ad hoc queries for incident investigation.
User activity and data access monitoring:
This capability establishes user and data context, and enables data access and activity monitoring. Functions include integration with identity and access management (IAM) infrastructure to obtain user context and the inclusion of user context in correlation, analytics and reporting. Data access monitoring includes monitoring of database management systems (DBMSs), and integration with file integrity monitoring (FIM) and data loss prevention (DLP) functions. DBMS monitoring can take three forms — parsing of DBMS audit logs, integration with third-party database activity monitoring (DAM) functions or embedded DAM functions. FIM can be provided by the SIEM product directly or through integration with third-party products.
The ability to parse activity streams from packaged applications enables application-layer monitoring for those components, and the ability to define and parse activity streams for custom applications enables application-layer monitoring for in-house-developed applications. Integration with packaged applications, an interface that allows customers to define log formats of unsupported event sources, and the inclusion of application and user context are important capabilities that enable the monitoring of application activities for application-layer attack detection, fraud detection and compliance reporting.
Deployment and support simplicity:
Deployment and support simplicity is achieved through a combination of embedded SIEM use-case knowledge, and a general design that minimizes deployment and support tasks. Embedded knowledge is delivered with predefined dashboard views, reports for specific monitoring tasks and regulatory requirements, a library of correlation rules for common monitoring scenarios, and event filters for common sources. There should also be an easy way to modify the predefined functions to meet the particular needs of an SenAd.
Michael E. Whitman and Herbert J. Mattord. Management of Information Security, 3rd ed. INFORMATION SECURITY STRATEGIC PLAN, University of Connecticut, Jason Pufahl, (April 2010).
William Leonard (2011), The corrupting influence of secrecy on national policy decisions, in Susan Maret (ed.)Government Secrecy (Research in Social Problems and Public Policy, Volume 19), Emerald Group Publishing Limited, pp.421-434
Kimberly A. Galt, Karen A. Paschal, Amy Abbott, Andjela Drincic, Mark V. Siracuse, James D. Bramble, Ann M. Rule (2008), Privacy, security and the national health information network: A mixed methods case study of state-level stakeholder awareness, in Grant T. Savage, Eric W. Ford (ed.)Patient Safety and Health Care Management (Advances in Health Care Management, Volume 7), Emerald Group Publishing Limited, pp.165-189
Nicholas Wilkinson (2011), National security, secrecy and the media – a British view, in Susan Maret (ed.)Government Secrecy (Research in Social Problems and Public Policy, Volume 19), Emerald Group Publishing Limited, pp.131-151
Byeong Jo Kim (2009), Civil–military relations of Korea in the 21st Century, in Giuseppe Caforio (ed.)Advances in Military Sociology: Essays in Honor of Charles C. Moskos (Contributions to Conflict Management, Peace Economics and Development, Volume 12), Emerald Group Publishing Limited, pp.507-525
Andy Phippen, Simon Ashby (2013), Digital Behaviors and People Risk: Challenges for Risk Management, in Miguel R. Olivas-Luján, Tanya Bondarouk (ed.) Social Media in Strategic Management (Advanced Series in Management, Volume 11), Emerald Group Publishing Limited, pp.1-26