Hello,
I am Mike Anderson, INFOSEC student at UAT and would like to discuss some general approaches towards implementing security and improving upon current methodologies being implemented. In particular, I am referring to the Plan, Do, Check, Act approach (link @ bottom). This simply entails a reference cycle which is to be repeated as necessary; What to do, What order, How to do it, Verification of Improvement, Next. This essentially covers all the grounds; policies, risk assessment, maintenance, access control, monitoring, logs, analysis, vulnerability assessments, reporting, sustaining effective security, etc, etc.
Some implementation frameworks for deploying such a security plan include:
-Security Knowledge In Practice (skip)
-The IDEAL Model
-Visible Ops and Visible Ops security
-Chemical Sector Cyber Security Program
The framework that particularly jumped at me was the SKIP framework. It provides a cycle allowing for continuous improvement of the security of your systems. Not only is it critical in detection as well as response to improve your security structure but adequate planning time is also crucial. You learn by doing. Enabling time in your agenda to analyze and perhaps what worked and what did not can prove to be priceless to your security stance overall. A negative aspect to this implementation framework could be within the detection step. No, we cannot analyze every ping or scan made on our networks but we need to ensure not to let human error slide into play, thus overlooking some potential threats/issues. Any relevant advice on the matter from someone who may have some specific hands-on with these particular approaches would be appreciated. Thank you.
https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/deployment/574-BSI.html
