1.Collect, analyze, and disseminate strategic intelligence about threats to systems.
-In the information systems security world, it is difficult to collect information about attackers (though such intelligence information should be sought). It is however much easier to collect and analyze information on technical and procedural vulnerabilities, both to characterize the nature of these vulnerabilities and their frequency at different installations. Dissemination of information about these vulnerabilities enables administrators of the information systems that may be affected to take remedial action.
2.Monitor indications and warnings
-All defenses,physical and cyber rely to some extent on indications and warning of impending
attack. The reason is that if it is known that attack is impending, the defense can take actions to reduce
its vulnerability and to increase the effectiveness of its response
3.Be able to identify intruders
-Electronic intruders into a system are admittedly hard to identify. Attacks are conducted
remotely, and a chain of linkages from the attacker’s system to an intermediate node to another to another
to the attacked system can easily obscure the identity of the intruder. Nevertheless, certain types of
information if collected may shed some light on the intruder’s identity. For example, some attackers
may preferentially use certain tools or techniques or use
certain sites to gain access
4.Test for security weaknesses in fielded and operational systems
-Recognized vulnerabilities are not always corrected and known fixes are frequently found not to have
been applied as a result of poor configuration management. Thus, it is essential to use available tools and conduct “red team” or “tiger team” probes often
and without warning to test security defenses. In order to maximize the impact of these tests, reports
should be disseminated widely.
5.Plan a range of responses
-Any organization relying upon information systems should have a number of routine information
systems security activities. But when attack is imminent, an organization could prudently adopt additional
security measures that during times of non-attack might not be in effect because of their negative impact
on operations. Tailoring in advance a range of information systems security actions to be taken under
different threat conditions would help an organization plan its response to any given attack
6.Coordinate defensive activities throughout the enterprise
-Any large, distributed organization has many information systems and subnetworks that must be
defended. The activities taken to defend each of these systems and networks must be coordinated
because the distributed parts have interconnections and the security of the whole organization depends on
the weakest link. Furthermore, it is important for different parts of organizations to be able to learn from
each other about vulnerabilities, threats, and effective countermeasures.
No comments:
Post a Comment