K. P. SHASHIDHARAN
In the emerging scenario of digital espionage and cyber warfare,
protecting critical cyber infrastructure is increasingly becoming a
formidable challenge.
Entities in key sectors such as banking and finance, energy, oil,
power, defence, chemical, transportation, telecommunications, use a
combination of information technologies.
They depend, not only on Internet, Intranet, Local Area Network (LAN),
Wide Area Network (WAN), Metropolitan Area networks (MAN), Virtual
Private Network (VPN) but also wireless, radio, satellite-based
network technologies, different operating systems, off the shelf and
proprietary and in-house applications on leased lines, private fibre
optics and wireless networks.
Technologies for IT systems and networks can be categorised based on
their control objectives: firewalls and content management or
filtering technologies protect a network or a node by controlling the
network traffic.
TECHNOLOGIES AND STANDARDS
Authentication technologies validate the identity of the users; while
biometrics identify physical characteristics of an individual such as
a fingerprint or iris; smart tokens or cards contain embedded
microprocessors capable of storing and processing data.
Integrity checkers, based on checksums, verify the genuineness of the
network packets and stored data. Encryption technology helps in hiding
the content. Digital signatures use public key cryptography for
ensuring data integrity, authentication, and non-repudiation.
Cyber security standards, such as International Organisation for
Standardisation's ISO 17799 and Information Technology Security and
Evaluation Criteria, known also as Common Criteria Guide help in the
selection of products for managing information security. Security
architecture of cyber infrastructure needs to be monitored
continuously by Intrusion Detection Systems (IDS) and Intrusion
Prevention Systems (IPS).
Security event correlation tools provide audit logs, list of incidents
from operating systems, fire walls, applications and other services,
depending on the configuration of the logging functions. They are
configured for detecting anomalous activity on the network, taking
corrective and preventive measures. While computer forensic tools for
evidence preservation and collection prevent the accidental or
deliberated modification of evidence, forensic tools are meant for
recovery and analysis and help to recover damaged or deleted data.
Assurance to network security can be provided only by enforcing
effective configuration management which alerts problems to the users
and manages security faults, corrects configuration for improved
performance, and sets proper security logging and accounting. Many
operational techniques, such as redundant systems, are adopted to
maintain the systems and get the network up and running.
Security auditors need to check the usage of various scanners to probe
modems, internet pots, databases, wireless access points, Web pages
and applications. They also assess if patch management tools are used
for updating patches and their proper deployment.
IT SECURITY AUDITING
Responsibility for ensuring effective cyber security to critical cyber
infrastructure rests with the cyber infrastructure owners. Cyber
security policy should be based on business requirements and overall
risk assessment. The risk management process essentially should
encompass identification of IT assets to be protected, identification
of threats, vulnerabilities, risk determination, prioritization and
recommending countermeasures for risk mitigation to the risk
acceptance level.
Cyber security audit concentrates on two vital issues; firstly,
effectiveness of security architecture and integrity of the existing
security configuration; and secondly identification of weaknesses
where improvements are needed. Auditors take the help of attack
detection and penetration testing tools and the built-in audit module
in the system.
To assess the effectiveness of the security policy, planning and
procedures for authentication, authorisation, credential mapping
process and security management holistically, the auditor checks the
audit log files, analyses incidents reported, identifies security
breaches and potential weaknesses in the security architecture, for
suggesting remedial actions.
----------------------------------------------------------
Cyber security policy should be based on business requirements and
overall risk assessment, in order to be effective and the auditor
plays an important role.
----------------------------------------------------------
(This article was published in the Business Line print edition dated
October 10, 2011)
In the emerging scenario of digital espionage and cyber warfare,
protecting critical cyber infrastructure is increasingly becoming a
formidable challenge.
Entities in key sectors such as banking and finance, energy, oil,
power, defence, chemical, transportation, telecommunications, use a
combination of information technologies.
They depend, not only on Internet, Intranet, Local Area Network (LAN),
Wide Area Network (WAN), Metropolitan Area networks (MAN), Virtual
Private Network (VPN) but also wireless, radio, satellite-based
network technologies, different operating systems, off the shelf and
proprietary and in-house applications on leased lines, private fibre
optics and wireless networks.
Technologies for IT systems and networks can be categorised based on
their control objectives: firewalls and content management or
filtering technologies protect a network or a node by controlling the
network traffic.
TECHNOLOGIES AND STANDARDS
Authentication technologies validate the identity of the users; while
biometrics identify physical characteristics of an individual such as
a fingerprint or iris; smart tokens or cards contain embedded
microprocessors capable of storing and processing data.
Integrity checkers, based on checksums, verify the genuineness of the
network packets and stored data. Encryption technology helps in hiding
the content. Digital signatures use public key cryptography for
ensuring data integrity, authentication, and non-repudiation.
Cyber security standards, such as International Organisation for
Standardisation's ISO 17799 and Information Technology Security and
Evaluation Criteria, known also as Common Criteria Guide help in the
selection of products for managing information security. Security
architecture of cyber infrastructure needs to be monitored
continuously by Intrusion Detection Systems (IDS) and Intrusion
Prevention Systems (IPS).
Security event correlation tools provide audit logs, list of incidents
from operating systems, fire walls, applications and other services,
depending on the configuration of the logging functions. They are
configured for detecting anomalous activity on the network, taking
corrective and preventive measures. While computer forensic tools for
evidence preservation and collection prevent the accidental or
deliberated modification of evidence, forensic tools are meant for
recovery and analysis and help to recover damaged or deleted data.
Assurance to network security can be provided only by enforcing
effective configuration management which alerts problems to the users
and manages security faults, corrects configuration for improved
performance, and sets proper security logging and accounting. Many
operational techniques, such as redundant systems, are adopted to
maintain the systems and get the network up and running.
Security auditors need to check the usage of various scanners to probe
modems, internet pots, databases, wireless access points, Web pages
and applications. They also assess if patch management tools are used
for updating patches and their proper deployment.
IT SECURITY AUDITING
Responsibility for ensuring effective cyber security to critical cyber
infrastructure rests with the cyber infrastructure owners. Cyber
security policy should be based on business requirements and overall
risk assessment. The risk management process essentially should
encompass identification of IT assets to be protected, identification
of threats, vulnerabilities, risk determination, prioritization and
recommending countermeasures for risk mitigation to the risk
acceptance level.
Cyber security audit concentrates on two vital issues; firstly,
effectiveness of security architecture and integrity of the existing
security configuration; and secondly identification of weaknesses
where improvements are needed. Auditors take the help of attack
detection and penetration testing tools and the built-in audit module
in the system.
To assess the effectiveness of the security policy, planning and
procedures for authentication, authorisation, credential mapping
process and security management holistically, the auditor checks the
audit log files, analyses incidents reported, identifies security
breaches and potential weaknesses in the security architecture, for
suggesting remedial actions.
----------------------------------------------------------
Cyber security policy should be based on business requirements and
overall risk assessment, in order to be effective and the auditor
plays an important role.
----------------------------------------------------------
(This article was published in the Business Line print edition dated
October 10, 2011)
No comments:
Post a Comment