Copyright © 2012, Elsevier Inc. All Rights Reserved
Chapter 5
Commonality
Cyber Attacks
Protecting National Infrastructure, 1st ed.
‹#›
‹#›
The University of Adelaide, School of Computer Science
2 June 2019
Chapter 2 — Instructions: Language of the Computer
1
Certain security attributes must be present in all aspects and areas of national infrastructure to ensure maximum resilience against attack
Best practices, standards, and audits establish a low-water mark for all relevant organizations
Audits must be both meaningful and measurable
Often the most measurable things aren’t all that meaningful
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Introduction
‹#›
The University of Adelaide, School of Computer Science
2 June 2019
Chapter 2 — Instructions: Language of the Computer
2
Common security-related best practice standards
Federal Information Security Management Act (FISMA)
Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry Data Security Standard (PCI DSS)
ISO/IEC 27000 Standard (ISO27K)
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Introduction
‹#›
The University of Adelaide, School of Computer Science
2 June 2019
Chapter 2 — Instructions: Language of the Computer
3
Fig. 5.1 – Illustrative security audits for two organizations
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
‹#›
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Fig. 5.2 – Relationship between meaningful and measurable requirements
‹#›
The primary motivation for proper infrastructure protection should be success based and economic
Not the audit score
Security of critical components relies on
Step #1: Standard audit
Step #2: World-class focus
Sometimes security audit standards and best practices proven through experience are in conflict
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Meaningful Best Practices for Infrastructure Protection
‹#›
The University of Adelaide, School of Computer Science
2 June 2019
Chapter 2 — Instructions: Language of the Computer
6
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Fig. 5.3 – Methodology to achieve world-class infrastructure
protection practices
‹#›
Four basic security policy considerations are recommended
Enforceable: Policies without enforcement are not valuable
Small: Keep it simple and current
Online: Policy info needs to be online and searchable
Inclusive: Good policy requires analysis in order to include computing and networking elements in the local nat’l infrastructure environment
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 5 – Commonality
Locally Relevant and
Appropriate Security Policy
‹#›
The University of Adelaide, School of Computer Science
2 June 2019
Chapter 2 — Instructions: Language of the Computer
8
Copyright © 2012, Elsevier Inc. All .