System Security Planning: the Configuration of the System - Research Paper Example

Cybersecurity Profile due: System security plan System security plan is important to any organization. The security plan will ensure the information system of the particular organization is well preserved, and access is only available to authorized persons. The underlying objective is to improve the protection of information technology resources. The security plan addresses the policies, goals, and objectives of the organization’s security program and documents the process for making changes to the information system without any compromise. In general, the security plan provides an overview of the system’s security requirements and gives a description of the controls that are in place or are planned to meet the security requirements (Nancy & Gregory, 2011). While securing systems, users can be one of the weakest links, and they, therefore, need to be trained adequately for them to understand system security risks. The NIST requires a cybersecurity profile to outline clearly the alignment of the functions, categories and subcategories of the business requirements, risk tolerance and resources within the organization. The cyber security profile identifies opportunities for improvement of the cyber security and moving the system from its current to a better state in terms of security. This paper will look at some security measures considered incorporated in a system security plan. Access Control (AC) Controls These are safeguards incorporated in a computer, systems software, operation, and related devices for protection of critical IT resources against vulnerabilities both internally and externally. Implementation of effective logical access controls, an organization significantly reduces the risks to the system environment. Some logical access controls that have been incorporated into the system include assignment of access privileges, object re-use, session controls, re-certification of users, encryption, networking, dial-in, as well as use of warning banners. The core of an access-control system aims at securing evaluation of whether an established identity can access a particular computing resource, which is also called an object. A resource may be a service of some sort, an information receptacle such as a file or a Web resource like a uniform resource identifier (URI). The access control is decided over an existent security context and a controlled resource (Benantar, 2006). Intrusion detection system Intrusion detection systems are widely used in the enhancement of the security of information systems. The intrusion detection system detects and tracks the slightest signs of malicious activity and also keep a record of it. The systems deal with threats and attacks. This is accomplished by collection of information from a variety of systems and network sources. They then do an analysis of the information for possible security problems. It monitors a system under protection and also logs invasion attempts. Intrusion detection systems are of three types. They collect data and parse it with big analytics so as to produce signatures before spreading them to each instance requiring protection (Di & Mancini, 2008). The three classifications of IDS are; 1. Host-based intrusion detection system (HIDS), which collects data via endpoint security management systems. HIDS monitors the individual hosts and other devices on the network. It is the least harmful form of intrusion detection systems. It is capable of providing end-point protection by detecting unwelcome traffic and logging it for further analysis. It also ensures critical files are safeguarded by reporting any modification or deletion of such files to the administrator. 2. The other one is network-based intrusion systems (NIDS) that is tasked with the collection of data through anomaly detection systems. It performs an analysis of the passing traffic on the entire subnet. It works in a safe mode, where it matches the traffic passed on the subnets to the library of known attacks. After identification of the attack, the administrator is sent an alert. An example of NIDS will include its installation on the subnet where the firewalls are located such that they can detect any intruder into the firewall. 3. The third one is application-based intrusion detection systems (AIDS) whose role is the collection of data by integration of a Web application firewall with dynamic application security testing systems (Di & Mancini, 2008). Audit and accountability (AU) controls Audit and control of information systems is an important activity in an organization. According to NIST SP 800-53 control, an organization should develop, disseminate and periodically keep reviewing information such as the formal, documented, audit and accountability policy as a way of addressing the purpose, scope, roles, responsibilities, management commitment, and compliance. Documented procedures should be followed for facilitation of the audit and accountability policy and associated audit and accountability controls (Fitzgerald, 2011). The control identifies important events which require auditing and are relevant to the security of the information system. The organization then specifies the information in order of priority and carries out the auditing activities. Information system performance can be highly affected by the auditing activity. Based on risk assessment, the organization decides the events requiring auditing on a continuous basis and the event requiring auditing in response to particular situations. The audit records are generated at various levels of abstraction such as at the packet level as the information goes through the network. This makes it critical to select the most suitable level of abstraction for the actual audit record to facilitate the identification of root causes to problems. Once the causes have been identified, the auditable events are implemented which are defined by the organization after ensuring they are capable of supporting after the fact investigations of security incidents. This is followed by generation of audit records for events such as successful and unsuccessful log-on and log-off, change of passwords, opened and closed files, specific actions such as reading, editing, and deleting records or fields and printing reports. The captured events are saved in the administrator’s accounts where he can easily access and carry out risk mitigation (Fitzgerald, 2011). Implementation of control The organization maintains a regular analysis and review of its information system audit records which are used as indicators of any inappropriate or unusual activity. This is in accordance with NIST SP 800-53 control. Suspicious activities are investigated, and the report findings forwarded to the appropriate officials for them to take necessary actions. This is achieved by automated mechanisms which immediately alert security personnel of any inappropriate or unusual activities on the information system. Audit records will be used to show what happened after an event, for real-time analysis. The security specialists in the organization regularly review the audit information such as audit review after every event such as log on or off. The audit allows the management to hold employees responsible for user actions on the computer systems. To ensure the reliability of the audit records, the system is configured such that it includes a timestamp for each event which gets captured in the audit log. The system log files include the exact date and time for an event which was performed at a particular time. The system and network administrators can then configure organizational systems for synchronization with local system clocks to the corresponding organization time server (Raggad, 2010). Conclusion System security planning is a process involving several activities as recommended by the NIST. Use of tools such as access controls will ensure high-level security by keeping information away from unauthorized persons. Logical access controls provide encryption of data and give alerts in case of intrusion. However, intrusion detection systems are the best for the detection and alerting the administrators of any infiltration into the system. Data auditing, on the other hand, requires to be done on a regular basis. This serves to control the activities happening within the system. The control identifies important activities to be audited and recorded for the administrator to keep track of any threats on the information system. This is followed by the configuration of the system for synchronization with organization server in real time. References Benantar, M. (2006). Access control systems: Security, identity management and trust models. New York, NY: Springer. Di, P. R., & Mancini, L. V. (2008). Intrusion detection systems. New York: Springer. Fitzgerald, T. (2011). Information Security Governance Simplified: From the Boardroom to the Keyboard. CRC Press. Nancy R.Kingsbury,Gregory C.Wilshusen (2011). Information Security: IRS Needs to Enhance Internal Control Over Financial Reporting and Taxpayer Data. DIANE Publishing Raggad, B. G. (2010). Information security management: concepts and practice. CRC Press. Read More