Monday, January 9, 2023

Incident Management

 Incident Management has the following steps: 

  1. Detection - automated using tools such as Intrusion Prevention and Detection software, anti malware tools, automated log audits or users detect anomalies etc.  
  2. Response - engage Computer Security or Computer Incident Response Team (CIRT or CSIRT). A formal engagement method should be in place. CSIRT are trained to do what is required and will be engaged in this and the next steps.  
  3. Mitigation - contain the incident, limit the impact and so on.
  4. Reporting - internal, e.g. a serious incident needs to be reported to CEO and if customer info leaked to certain authorities within a mandated time-frame. 
  5. Recovery - bring the system back to a fully functional state, may require rebuilding, patching, configuring ACLs etc. 
  6. Remediation - Root Cause Analysis and taking steps to prevent in future. 
  7. Lessons Learned
One can use the acronym DRMRRRL(Drums Roll) if that makes it easier to remember! 


Posted by at No comments:

Subject and Objects

 In a security context, subject is normally a user but could be a process, computer or an organisation. A  subject is active. It always receives information about, or data from, the object. 

On the other hand, an object is the entity that always provides or hosts information or data. 

A process accessing a database is a subject whereas the database and its components are objects. 

The two roles  of subject and object can switch while two entities communicate to accomplish a task.



Posted by at No comments:

Saturday, January 7, 2023

Data Classification (Government & Commercial)



Class # Government Classification Commercial Classification Impact of leak
Class 3 Top Secret    Confidential/Proprietary  Exceptionally Grave Damage
Class 2 Secret
Private Serious Damage
Class 1 Confidential Sensitive Damage
Class 0 Unclassified
 Public No Damage


Posted by at No comments:

SOC 1, SOC 2, SOC3 and Type I and Type II Audits

  One of the topics which most definitely is asked in CISSP exam is types of audit engagements based on Statement on Standards for Attestation Engagements no. 18 (SSAE No. 18 or SSAE 18)

There are three types of System and Organization Controls (SOC) reports:

  1. SOC 1 – Internal Control over Financial Reporting
  2. SOC 2 – Trust Services Criteria
  3. SOC 3 – Trust Services Criteria for General Use Report 
Please note these for exam: 
    ====>>>    SOC 3 is for public and SOC 2 is for internal use!
    ====>>>    SOC 1 is for financial reporting!

There are 2 levels of SOC reports: 

  • Type I, is more of a "point in time" report and describes if a service organisation's systems and whether the design of specified controls meet the relevant trust principles. It is more of a documentation review than actually thoroughly auditing functionality etc. 
  • Type II, addresses the operational effectiveness of the specified controls over a period of time: usually 9 to 12 months - at least 6 months! 
Posted by at No comments:
Labels: , ,
Subscribe to: Comments (Atom)