IT security risk management is best approached as a lifecycle of activities, one logically leading into the next. The most important thing to remember is that risk is evolutionary, which means these activities must be continuously repeated and refined.
The following is our basic framework of critical steps.
Security Assessment: Identify Assets
You can't secure an asset if you don't know it exists. As first step in risk management we will identify your assets, their classification and valuation. We will help you to determine the asset's values to your organization.
Thread- and Risk Analysis
The next step is critical: assessing the overall risk to the asset. There are several formal methods for doing this, including qualitative and quantitative risk analysis. To assess an asset's risk, we have to evaluate three variables:
- the overall threat to the asset (both inside and outside
- its inherent and environmental vulnerability levels
- the cost of loss, downtime and recovery should it be
Risk is calculated as: Risk = vulnerability x threat x cost
Security Policy Implementation
Once we've determined an asset's value, we will plan appropriate countermeasures. Countermeasures will be both technical and operational, using a blend of network, systems and data controls. Everything from system hardening to network partitioning to AAA to database encryption. Remember: never buy a $10 fence to corral a $5 horse!
Risks can be accepted, ignored, mitigated or transfered, but we can never prevent it. Always expecting the unexpected, we carefully plan what to do in the event that a resource is compromised. On a practical level, this step includes performing a business impact analysis and setting the framework for incident response.
Monitor Threats and Manage Vulnerabilities
What was secure yesterday may be vulnerable today. The only way to know how and where you're vulnerable is to constantly monitor networks and systems for new threats, both internal and external. On a basic level, create a management process for patching critical systems and updating gateway, server and desktop AV. Also, develop and enforce change management procedures.
Detect Intrusions and Attacks
We will help you to deploy intrusion detection sensors on critical segments of your network using a blend of host- and network-based Intrusion Detection Systems as well as both signature- and anomaly-based scanners. While correlating events across your infrastructure we are able to and refine your threat escalation procedures by matching alerts against your actual, not theoretical, exposures.
Respond to Incidents
This is where the incident response plan formulated under the Business Continuity Plan gets implemented. An Incident Response Plan kicks in at different levels depending on the severity of attack and your organization's pain threshold. There are two main response options: "pursue and prosecute" or "patch and proceed."
This outline only scratches the surface of the activities involved in the risk lifecycle. Each of these steps seems intuitive, but the devil is in the details. Few organizations effectively execute on all of these steps at any given time. Remember: The security chain is only as strong as the weakest link. We will help you to find and fix it. DTCon will support you through the whole security lifecycle.
For details and further discussion please do not hesitate to contact us.