Security lifecycle management process

Introduction-

The Security Lifecycle is a process that must be continuously executed. It is an ongoing process that can help guide a security organization.

Purpose-

  1. application web issues 
  2. web application information security 
  3. a process which software is securely development 

Excepted outcome-
  1. an increased awareness of how to prevent web application attacks 
  2. implementation the SLCMP process into the SDLC 
  3. more securely build application and infrastructure 
Need to know -
1. web- based malicious activity has accelerated 
2. cyber criminals want your information 
3. rapid adaptation to security measures 





Phases-

the model follows  the basic steps of IDENTIFY – ASSESS – PROTECT – MONITOR.

a) Identify
 it includes the System and network administrators, application developers and individuals from the network operations. Basic information such as OS, applications, patch level, customer and location need to be collected for each system. 
Many times there are systems connected to a network that people have forgotten about or didn’t know that it even existed. Identifying systems is the goal at this point in the Lifecycle.
Once you’ve gathered all of this information you’ll want to document it in a format that can be easily searched, sorted and reused. A small database containing information such as hostname, OS, business applications supported and location on the network will be very helpful. The goal should be to have a well documented inventory of resources from the entire enterprise.

b) Assess
 The assessment phase of the Security Lifecycle builds on the identification phase. Once the assets have been identified, the next step is to perform a thorough security assessment. The assessment phase can encompass many different aspects from reviewing processes and procedures to vulnerability scanning.

system administrators, network administrators and developers that support applications running on the systems. Find out as much as you can about the application, how it is configured and where the various components reside.

Some of the items that should be examined might be:
Password and User Account Policies. ¸ 
Review of Userids and Groups ¸ 
Review of Administrator or Root accounts ¸ 
Review of web server configurations ¸ 
Review of what is being logged and who has access to the logs. ¸ 
Trusted relationships with other servers. 


c) Protect
 Once you have mapped out the network and systems and identified some vulnerabilities, you will need to bring the systems in-line with corporate security policy and standards. Essentially it is now time to protect the systems. This phase of the lifecycle is sometimes referred to as the ‘mitigation’ phase, since the objective is to mitigate any risks identified during the assessment phase. 

The focus of this phase is to configure and update each system and network component, so that its security is strengthened and complies with corporate policy. Thus eliminating some vulnerabilities and mitigating others

First is creditability and trust within your organization. In order to make changes to systems and network components, you will need the help and cooperation of individuals across the organization – typically system and network administrators. If you demand changes to critical systems

Secondly, you don’t want to implement changes on critical systems until they’ve been thoroughly tested. quickly  strict security policy on critical servers could have disastrous results.

d) Monitor 

The last phase of the security lifecycle is to monitor the security that you have established. Once you’ve strengthened the security of servers, firewalls and routers, you need to ensure that those changes remain in place. Additionally, you need to monitor the compliance of new systems that are introduced into the enterprise. Computer systems are dynamic and are continually being updated and modified by administrators, developers and anyone else that has access to them. A process needs to be implemented that monitors and measures the status of security across the enterprise. There are several key goals for the monitoring phase: security compliance and verification and validating the security posture of the enterprise.

common attack tools-
  1. phishing 
  2. malicious code software 
  3. spam
  4. worms 
  5. torjan
  6. virus
  7. key stroke logger 
  8. denial of service 
  9. web application attack
threats on web application -
  1. broken authentication 
  2. broken access control 
  3. insecure storage 
  4. improper error handling 
  5. insecure configuration management 
  6. cross- site scripting (XSS)
  7. unvalidated input 
  8. buffer overflows 
  9. injection flaws 
  10. application denial-of-service 

Comments

Popular Posts