Narrado – Sesión adicional: miércoles, 29 de abril de 2015.

ANALYSIS ID BEFORE PLAN

PERCENT

IMPROVEMENT NEW VALUE

Quality Management worksheet completed for this element? (check box)

Technology Selection

Evaluate physical integrity technologies, such as holograms, watermarks, and biometrics for visual badging/ID cards.

______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Based on your network architecture and security mind-set, choose where network integrity checking is most important.

______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ For the integrity checking technology you deploy, verify that it has features to protect itself from tampering. See Implementation.

Implementation

Plan for how you will implement integrity systems to prevent a hacker from easily tampering with the systems themselves.

______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Describe how you will carefully implement security for related technology such as PKI.

Operations

Define policies and procedures to detect and respond to high-impact integrity compromise.

Worksheet 3.15 Life-Cycle Management Worksheet for Integrity. (continued)

IMPLEMENTATION

Ensure that your integrity-checking scheme is well implemented. Too many aren’t. For example, organizations routinely implement systems that compute a hash snapshot (remember, a hash is used to determine whether something has changed) and then store that snapshot in a vulnerable system, thereby making it possible for a hacker to replace that snapshot with his or her own (modified) version. Another popular hacker approach is to replace your integrity-checking software with his or her own modified version. When you run your integrity-checking software, you think you’re running yours, but it’s the hacker’s. No sur- prise, the hacker’s version does not detect tampering; thus, the illicit activities go undetected.

Develop an atmosphere of "trust but verify" relative to suspicious logs that are not themselves integrity-checked.

______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Train staff (policies and procedures) to not disrupt the integrity of information monitored by intrusion detection systems.

Incident Response

The incident team should know in advance what logs and system files are integrity- checked and what are not.

______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ For those systems that are not integrity-checked, the incident team should implement a "trust but verify" approach.

______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ For sensitive related components such as PKI, the team needs a solid plan to assess the integrity of underlying components because your integrity mechanisms may rely on your PKI.

OPERATIONS

Verify that your operations group can clearly identify violations. When monitoring sensitive, high-impact infrastructure or information, your operations staff must know how to easily recognize when that infrastructure or information has been violated.

INCIDENT RESPONSE

Consider integrity checking part of your logging architecture, as well as your system files. If the logs and system files, on which the incident response team is relying to determine what has happened, how to immediately respond, and who may be responsible, are easy to tamper with (that is, their integrity is in question) then their job is more difficult. Of course, we can’t perform integrity checking on everything, such as all logs, given the state-of-the-art in technology; nevertheless, integrity checking should be part of your logging architecture as well as your system files. The incident team has to know what “level of trust” they can assume for a given log they are analyzing. Did the log come from the system that was compromised or some other system? Was there any type of integrity checking enabled for the log? What about the system files being analyzed during incident response: Which ones were integrity checked? Which ones were not? The incident team must associate a

confidence factorwith any information they use as part of the incident response process.

Business

Use Worksheet 3.16 here.

BUSINESSPEOPLE: EMPLOYEES

Give employees mechanisms to report suspicious transactions.

Where possible, enable employees to report if the integrity of important information seems out of the ordinary. This relates as much to policies and procedures as it does to program user interfaces and training. For example, if employees make use of S/MIME for secure mail, the software they use will report to the user when the integrity of a mail message is in question. Employees should be trained to understand exactly what their mail software is telling them with regard to the integrity of the mail they receive.

BUSINESSPEOPLE: CUSTOMERS

Instill confidence; earn trust. Customer confidence in your organization depends heavily on whether they can trust that you can maintain the integrity of a sales order or other service. If, say, a customer asks for 100 widgets and you deliver 1,000 due to a system glitch or hack, then that customer may lose confidence in you. Public perception, as quantified by your impact analysis, is therefore affected. Customers expect you to maintain the integrity of their transactions and of any information you hold about them. The last thing you want to have to do is to inform all your customers that you’ve been hacked and that you need them to reenter everything.

BUSINESSPEOPLE: OWNERS

Understand owner sensitivities. Owners require integrity when it comes to the organization’s financial information . They also care very much about public confidence, which is easily shaken by an incident where important information that the company relies on has been tampered with.

BUSINESSPEOPLE: SUPPLIERS

Know who and what you rely on to do business. The integrity of information provided to you by high-impact suppliers is important. To ensure integrity, implement policies and procedures that identify those suppliers from whom the integrity of information may have a significant effect on your organization and work to implement integrity measures in coordi- nation with them.

BUSINESSPEOPLE: PARTNERS

Establish technical approaches to exchange information with high-impact partners. As with suppliers, if you routinely exchange high-impact information with partners or rely heavily on each other’s infrastructure, then you should develop a plan to ensure the integrity of the information you exchange.

BUSINESS: INFORMATION

Prioritize information by integrity requirements. Following this guide- line is a very effective way to prioritize your security integrity plan. The

prioritization will often become clear when looked at in conjunction with your security impact analysis.

Worksheet 3.16 Business Worksheet for Integrity.

Business Worksheet for Integrity

In document El desarrollo del pensamiento táctico en educación primaria (página 81-84)