Continuous Monitoring Flashcards
National Industrial Security Program (NISP)
NISPOM is the manual that industry must follow
Industry: Implement security requirements
Government: establish requirements, advise and assist, provide oversight
Cleared industry safeguards all classified info
Apply to contractors with access to classified info
Security Policy Guidance
Industry: NISPOM detailed industrial security policy
Federal Government: NIST National Institute of Standards and technology
Military: DoD Policy & Guidance:
RMF
Risk Management Framework
Which of the following are important roles of the NISP in continuous monitoring?
To ensure that cleared industry safeguards classified information and information systems
To protect critical infrastructure
To thwart foreign adversaries and insider threats to information systems
Match
NISPOM: guidance requires that all individuals’ actions on a classified contractor info system be auditable
NIST SP: publications provide detailed guidance on the development and implementation of an ISCM program and security-focused configuration management
DoD Policy and Guidance: policies and guidance establishes the requirement for an integrated continuous capability to monitor and audit for threats and vulnerabilities from internal and external sources.
Risk
possibility that a threat will adversely impact an information system by exploiting a vulnerability
Threat vs. vulnerability
V: weakness or lack of controls that could facilitate, or allow, a compromise
T: a potential for the accidental or deliberate compromise of security
RMF process (Cybersecurity requirements for DoD)
Informs the acquisition process
Implements cybersecurity through use of security controls
Emphasizes continuous monitoring and timely correction of deficiencies
Adopts reciprocity and codifies reciprocity tenets
RMF ensures:
Traceability and transparency of risk-based decisions, organization-wide risk awareness, operational resilience, operation integration, interoperability
3-tiered approach to risk management:
Tier 1 Organization:(Chief Information Officer, Senior Information Security Officer, Risk Executive Function). org as a whole, core missions, business functions. Info necessary to make risk management decisions at this level. Aggregated data to enable organization-wide decision-making.
Tier 2 Mission/Business/Process (Principal Authorizing Officials, DoD Component CIO, DoD Component SISO). Ex: Controls in the PM family
Tier 3 Information Systems (Authorizing Official, Information System Owner, User Rep, Information System Security Officer, Authorizing Official Designated Representative, Program Manager/System Manager, Information System Security Officer). Technical details to support system-level actions
RMF Steps
- Categorize system
- select security controls
- security controls implemented
- Security controls assessed
- authorize the information system
- monitor security controls
Which of the following identify how the RMF supports risk management
RMF process ensures traceability and transparency across all levels of the organization
RMF process emphasizes continuous monitoring and timely correction of deficiencies
Information System Continuous Monitoring
ISCM
ISCM strategy 3 major tasks
Configuration management and security controls monitoring and assessment tasks
security status monitoring tasks
Security Status reporting tasks
ISCM processes
schedule, performance, cost
industrial, information, personnel, physical
ISCM data fundamental to execution management
Risk tolerance enterprise architecture security architecture configuration configurations configuration changes threat information
Six steps to establish ISCM
Define establish implement analyze/report respond review/update
Which of the following are security-focused configuration management (SecCM) roles in risk management?
Ensuring that adjustments to the system configuration do not adversely affect the security of the information system
Establishing configuration baseline and tracking, controlling and managing aspects of business development
Ensuring that adjustments to the system configuration do not adversely affect the organization’s operations
Four phases of security management
Phase 1 Planning: developing policy and procedure. Baseline approved specifications for ISs or CIs
Phase 2 Identifying and implementing configurations: Most secure state. Develop, approve, implement secure baseline configuration consistent with operational requirements and constraints
Phase 3 Controlling configuration changes: Emphasize management of change to maintain security. Changes implemented as approved. See if any unexpected effects. Employ access restrictions.
Phase 4 Monitoring: Validate that IS adhering to org policies, procedures and approved baseline configuration. Discovers undocumented components, vulnerabilities and unauthorized changes.
SSP
System Security Plan (Industry): ISSM or ISSO responsible for baseline changes
Patches
Configuration change control
4 audit requirements in NISP
- Audit Trail
- Individual accountability wiht uniqye ID and periodic testing
- Adds to 1 and 2 with scheduled audit analysis
- Create audit trail capable of recording changes to user access permissions
Logs
Event logs: event recorded elicits response from program and applications. Should be filtered and can be archived.
Audit logs:
