-
7/28/2019 Enterprise Information Assurance (Managing Security
Operation)
1/9
Managing Security
OperationBy
Zarif Rahman
-
7/28/2019 Enterprise Information Assurance (Managing Security
Operation)
2/9
Content
Security Operation
Risk Mitigation in IA
Threat Response
Element Of Operating Security Process
Step for Security Operation Process
-
7/28/2019 Enterprise Information Assurance (Managing Security
Operation)
3/9
Security Operation
Security operation is responsible for
maintaining continuous security function
within the daily routine operation.
Security function is a management process
not technical process. It through procedure
plan.
The role of security operation is to maintain
the operational procedure needed to secure
network, application and media.
-
7/28/2019 Enterprise Information Assurance (Managing Security
Operation)
4/9
Maintaining Security
Operation
Routine ofSec.
Operation
Ensurecurrent
operatingalign with org
sec policy
Monitorperformance
of securityduties. Follow
the process
Executeoperation
housekeepingto ensuresecurityfunction
continuouslyoperate
-
7/28/2019 Enterprise Information Assurance (Managing Security
Operation)
5/9
Risk Mitigation in IAIf Information Assurance is not meet the
goal, the organizationmust performs a risk mitigation or assessment
to decide how tomeet the IA.
RISKMITIGATION
DECISION
CHANGE PRACTICE
MODIFY REQUIREMENT
NEW STRATEGY
-
7/28/2019 Enterprise Information Assurance (Managing Security
Operation)
6/9
Threat Response
Proactive Identify,creation,assessment and
optimization
Reactive
Detecting and reacting to internal orexternal violation
To make sure the organization ready to anythreat.
-
7/28/2019 Enterprise Information Assurance (Managing Security
Operation)
7/9
Element Of Operation
Security ProcessSensing
Analyzing
Responding
Managing
To identify andresolve threat
Analyst theimpact analysis
Corrective actionbased on impact
analyst
Oversees andcoordinate the
process
-
7/28/2019 Enterprise Information Assurance (Managing Security
Operation)
8/9
Step For a Secure Operation
Document the baselineSTEP 1
Determine the benchmarksSTEP 2
Establish Security Architecture
STEP 3
Create AwarenessSTEP 4
Deploy Supporting TechnologySTEP 5
Asses PerformanceSTEP 6
Spesify Corrective ActionSTEP 7
Enforce AccountabilitySTEP 8
-
7/28/2019 Enterprise Information Assurance (Managing Security
Operation)
9/9
QuizWhy is security of operations useful to overall
information
assurance?
Security operation is a critical part in IA lifecycle. The
function ensures theintegrity and performanceof the organization.
Also ensures the execution
of the policies and procedure needed to the entire
organization.
How would you differentiate operation security from incident
response?
Incident response is an action taken by the incident response
team (IRT)when an incident occurred. The action follow the
procedure and workinstructionin the operations plan to execute the
countermeasure.Operation security is a proses of maintain the
security functions.
