Term
| Discover Information Protection Needs |
|
Definition
1.1 Analyze the Organization's Mission
1.2 Determine the relationship and importance of information to the mission (IMM, PNE)
1.3 Indentify legal and regulatory requirements related to the data, i.e. privacy requirements
1.4 Identify classes of threats (HTI, PHE)
1.5 Determine Impacts (HTI, PHE)
1.6 Identify Security Services
1.7 Document Information Protection needs (IPP)
1.8 Document Security-Management Roles and Resposibilities
1.9 Identify Design Contraints (Legacy Systems, Regulations)
1.10 Assess Information Protection Effectiveness
1.11 Support C&A |
|
|
Term
|
Definition
Information Management Model
Drawn from information management processes in the organization.
(Operational doctrine, web pages, annual reports, Mission Needs statement (MNS), CONOPS)
The main components of the model are information Domains. Each indentifies 3 elements
-Users or members of the information domain
-Rules, privileges, roles and resposibilties that apply to the users in managing all the information.
-Information objects being managed, including processes.
|
|
|
Term
|
Definition
Protection Needs Elicitation
1 Approaching the customer
2 Acquiring the IMM
3 Least-Privilege IMM
4 Threat Analysis
5 Customer Priorities
6 Preparing the IPP
7 Customer Buy-in |
|
|
Term
|
Definition
Harm to Information
(Value of information and degree of harm to the Mission) |
|
|
Term
|
Definition
Potentially Harmful Events
(Malicious adversaries, thier degree of motivation, and the probability of accidents and natural disasters) |
|
|
Term
| Define System Security Requirements |
|
Definition
2.1 Develop System Security Context (other interfacing systems, supporting systems, data exchange (data flow))
2.2 Develop Security CONOPS (How will this system support the mission of the organization, What information management and protections functions will this system perform)
CONOPS is developed from the user perspective
2.3 System Requirements
-Functional Requirements
*Quantity, Quality, Coverage, Timelines, Availability
-SE and ISSE cooperative effort
-Requirements provide a baseline for the systems development.
2.4 Design Contraints
-External Systems
-Standards
-contracts
-Threats
2.5 Assess Information Protection Effectiveness
2.6 Support System C&A |
|
|
Term
| Design System Security Architecture |
|
Definition
3.1 Perform Functional Analysis and Allocation
Analyze candidate systems architectures
Allocate security services to architecture
Select mechanism types
Submit security architecture(s) for evaluation
Revise security architecture(s)
Select security architecture
(Functional Architecture - What does each component do, what performance is required)
3.2 Assess Information Protection Effectiveness
-Ensure that the selected security mechanisms provide the required security services
-Explain to the customer how the security architecture meets the security requirements
-Generate risk projection
-Obtain concurrence from the customer in the security architecture
3.3 Support System C&A
-Prepare and submit final architecture documentation for risk analysis
-Coordinate results of the risk analysis with Accreditor and Certifier
|
|
|
Term
| Develop Detailed Security Design |
|
Definition
4.1 Ensure compliance with Security Architecture
4.2 Perform trade-off studies
4.3 Define System Security Elements
-COTS
-GOTS
-Custom built security
-CC Protection Profiles
|
|
|
Term
| Implement System Security |
|
Definition
5.1 Support System Implementation
-Acquire and integrate needed security products
-Verify compliance with requirements
*Interoperability
*Meet evaluated criteria (CCEP, NIAP, NIST, NSA, FIPS)
*Configuration Management
5.2 Testing and Evaluation
-Demonstration
-Observation
-Analysis
-Testing
**Test Individual components and the entire system
5.3 Assess Information Protection Effectiveness
5.4 Support System C&A
5.5 Support Security Training |
|
|
Term
|
Definition
-Input to C&A Process Activites
-Verification that system protects against threats identified in the original threat asessment
-Tracking assurance mechanisms related to implementation and testing
-Inputs and review of System Life Cycle support plans, operational procedures, training programs
-Formal assessment prior to final effectiveness asessment
-Participation in examination of all system issues |
|
|
Term
|
Definition
-Always keep the problem and the solution spaces seperate
-The problem space is defined by the customer's mission or business needs
-The Systems Engineer and ISSE define the solution |
|
|
Term
| Three Primary Elements for Defense-in-depth |
|
Definition
People
Technology
Operations |
|
|
Term
| What are the key elements of the People factor of Defense-in-depth |
|
Definition
-Senior Management Support
-Understanding the Threats
-Policies and Procedures
-Assignment of Roles and Resposibilties
-Commitment of resources
-Training
-Enforcement
-Controlling and monitoring access by people to facilties and critical elements |
|
|
Term
| Paradigm of Defense-in-depth |
|
Definition
-Protect
*Preventative controls and mechanisms
-Detect
*Identify attacks
*Expect attacks
-React
*Respond to attacks
*Recover |
|
|
Term
| Technology in Defense-in-depth |
|
Definition
-Technology deals with the procurement of the right technologies
-Procurement procedures
*Evaluation of products (FIPS140-2, CC Standards)
*IA Architecture and standards
*Validation by reputable third party (CC VPL)
*Configuation guidance |
|
|
Term
| Operations Element of Defense-in-Depth |
|
Definition
-Security Policy
-C&A
-Security Management
-Key Management
-Respond quickly and restore critical services |
|
|
Term
| Defense-in-depth Technology focus areas |
|
Definition
-Defend the computing environment
-Defend the enclave boundaries
-Protect the network & infrastructure
-Defend the supporting infrastructures |
|
|
Term
|
Definition
-Lists the engineering priciples for IT Security
-System level security principles
-Derived from concepts in SP 800-14
-33 IT Security principles grouped into 6 categories
6 Categories are:
-Security Foundation
-Risk Based
-Ease of use
-Increase Resilience
-Reduce Vulnerabilities
-Design with Network in Mind
-Protection Profiles and Security targets |
|
|
Term
|
Definition
| Risk is a function of the likelihood of a given threat-source's exercising a particular potential vulnerabiltity, and the resulting impact of that adverse event on the organization. (SP 800-30) |
|
|
Term
|
Definition
1. Intent and method targeted at the intentional exploitation of a vulnerabiltity
2. A situtation and method that may accidentally trigger a vulnerabiltity.
Common threat sources are natural, human or environmental. |
|
|
Term
|
Definition
| The potential for a threat source to exercise (accidental or intentionally exploit) a specific vulnerability. |
|
|
Term
|
Definition
| A flaw or weakness in system security procedures, design, implementation or internal controls that could be exercised (accidentally triggered or intentionally exploited) and could result in a security breach or violation of system's security policy. |
|
|
Term
|
Definition
| The probability that a potential vulnerabiltity may be exercised within the construct of an associated threat environment. |
|
|
Term
|
Definition
| A control to reduce risk. |
|
|
Term
|
Definition
Risk management is a process. It allows management to balance costs with benefits.
The purpose of Risk Management is to identify potential problems:
-Before they occur
-So that risk-handling activities may be planned and invoked as needed
-Across the life of the product or project
Risk management activities are critical to providing risk based, cost-effective security |
|
|
Term
| Objectives of Risk Management |
|
Definition
-Better security of IT systems
-Well-informed risk management decisions
-Assist management in the system authorization process |
|
|
Term
| SDLC Phases and Risk Management |
|
Definition
Phase 1 - Initiation
-The need for an IT system is expressed and the purpose and scope of the system is documented
-Identified risks are used to support the development
Phase 2 - Development or Acquisition
-The IT System is designed, purchased, programmed, developed, or otherwise constructed
-Indentified risks that may lead to architecture and design tradeoffs
Phase 3 - Implementation
-The system security features should be configured, enabled, tested, and verified
-Risk management process supports the assessment of the system implementation against its requirements
Phase 4 - Operation or Maintenance
-The system performs its functions. Typically the system is being modified on an ongoing basis through the addition of hardware and software
-Risk management activities are performed for periodic system reauthorization or whenever major changes are made.
Phase 5 - Disposal
-This phase may involve the disposition of information, hardware, and software
-Risk management activities are performed for system components that will be disposed of or replaced in order to ensure that the hardware and software are properly disposed of |
|
|
Term
| Key roles in Risk Management |
|
Definition
Senior Management
-Provides policy, resources, and makes decisions - ultimately resposible
Chief Information Officer
-Resposible for IT planning, budgeting, and performance
ISSO
-Resposible for monitoring risk
System and Information Owners
-Resposible for ensuring that proper controls are in place
Business and Functional Managers
-make trade off decisions affecting mission accomplishment
IT Security Practitioners
-Responsible for proper implementation of security requirements
Security/Subject Matter Professionals
-Must understand risk and design and conduct appropriate training |
|
|
Term
| What is Risk Management Comprised of? |
|
Definition
| Risk Assessment, Risk Mitigation, Evaluation and Assessment |
|
|
Term
| What is Risk Assessment comprised of? |
|
Definition
-Indentification of risks
-Evaluation of risks
-Risk impact
-Recommendation of risk-reducing measures |
|
|
Term
| What are the 9 Risk Assessment steps? |
|
Definition
Step 1 - System Characterization
-Inputs:
Hardware
Software
System Interfaces
Data and Information
People
System Mission
-Outputs:
System Boundary
System Functions
System and Data Criticality
system and data sensitivity
Step 2 - Threat Identification
-Inputs:
History of system attacks
Data from Intelligence agencies, mass media
-Outputs:
Threat Statement
Step 3 - Vulnerability Identification
-Inputs:
Reports from prior Risk Assessments
Audit comments
Security Requirements
Security Test Results
-Outputs:
List of Potential Vulnerabilities
Step 4 - Control Analysis
-Inputs:
Current controls
Planned controls
Outputs:
List of Current and Planned Controls
Step 5 - Likelihood Determination
Inputs:
Threat source motivation
Threat capacity
Nature of Vulnerability
Current controls
Outputs:
Likelihood Rating
Step 6 - Impact Analysis
-Inputs:
Mission Impact Analysis
Asset Criticality Assessment
Data Criticality
Data Sensitivity
Outputs:
Impact Rating
Step 7 - Risk Determination
-Inputs:
Likelihood of threat exploitation
Magnitude of impact
Adequacy of planned or current controls
-Outputs:
Risk and associated Risk Levels
Step 8 - Control Recommendations
Step 9 - Results Documentation
(Risk Assessment Report) |
|
|
Term
| SP 800-30 Risk Mitigation Strategies |
|
Definition
Risk Assumption
Risk Avoidance
Risk Limitation
Risk Planning
Research and Acknowledgement
Risk Transference |
|
|
Term
|
Definition
Prioritizing, evaluating, and implementing recommendations from the Risk Assessment Report
Risk-Based - Cost-effective security |
|
|
Term
|
Definition
Problem Definition
Solution Analysis
Process Planning
Process Control
Product Evaluation |
|
|
