© 2018 Margaret Hillary. All rights reserved.
Indomitable hackers will continuously search for ways to circumvent security controls within an infrastructure. While the C.I.A. model does provide the cornerstone of computer security, there are a few other policy components which enhance this foundation. Auditing and Accountability and Non-Repudiation are essential to any business model; particularly in ensuring checks and balances.
Auditing and Accountability
Conducting routine audits for administrators and users provides the assurance security policies are adhered to. Additionally, it will test the policy effectiveness. Auditing is an effective measure to verify company and customer accountability and the prevention of security incidents and attacks. Essentially, it keeps tabs on whats going on through system logs. Who has access to this data and has been logging in? When have they been logging in? Whose made changes to something?
Tools such as Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) can be utilized to monitor the network and prevent nefarious activity. Security notifications and critical messages can be recorded though Systems logs regarding systems applications. Additionally, bandwidth consumption, CPU, and memory can be monitored though performance logs. Gathering and analyzing data on logs such as: access logs, IDS logs, firewall logs, application logs and anti-virus logs, can identify if a network has been attacked. Auditing gives the assurance of success or failed logons, time stamp collection, IP address source/destination, filenames and ensures access control rules have been invoked.
Verifying auditory data can be a daunting task, particularly in large data sets. But there are many log analysis and correlation tools that can be utilized to facilitate preventative and corrective security controls. There are several log analysis tools in the market; Splunk, LogRhythm and ArcSight are among a few which can maximize the efficiency of the collected logs.
Accountability is a fundamental function which correlates directly into auditing. Conducting an audit will almost always assign accountability to whomever owns the system/code, executed the duty/task, and/or a person will have the responsibility to alert whomever is directly responsible/upper management. This means any portion which has been created, altered, deleted, or even read has an associated responsibility on one or more persons. The functions for which an individual is accountable for should be factored into the overall information security plan. This can be promptly measured by personnel who possesses organizational authority for information assurance. Each informational asset should possess an “owner” by a person(s) who is generally accountable for each asset(s).
The tasks and liabilities of all personnel in relation to information assurance, is required to be outlined comprehensively. Any ambiguity in the initializing phase through the monitoring and closing phases of infosec is essentially indiscriminate. The largest threat agent against a system is that from within.
Non-repudiation ensures non-retraction of a task, action, event, etc; it is invariably attributed to someone. This, of course, adds additional depth to cryptography. Proof in integrity is absolute. Validation of origin with a high assurance of authenticity is present. Digital Signatures can “sign” your messages with private keys, while allowing others to verify your message via your public key (asymmetric encryption) – which is verification therein itself. Repudiation is the the unequivocal validation that someone performed a particular task and there is absolutely accountability of action. Because of this, non-repudiation directly correlates to Accountability.
Business and technical leaders ought to measure auditory approaches, administer routine system assessments and execute appropriate logging processes. System baselines are essential in reducing redundancy and timeboxing security controls in a more efficient manner. These audited events are not only means to assign accountability and verify accountability through non-repudiation; they are tools for investigative purposes, audit suspicious activities, and to store for lessons learned.