9. Proprietary & Confidential
@GoCyberSec | January, 2020
Asset Management
• Tracking valuable asset throughout their life cycle
–Reduce Vulnerabilities
• Architecture and Design weaknesses
• System sprawl and Undocumented assets
10. Proprietary & Confidential
@GoCyberSec | January, 2020
Environmental Controls
HVAC systems
• Higher-tonnage HVAC systems provide more cooling capacity
–Keeps server rooms at lower operating temperatures
–Results in fewer failures and longer MTBF times
• Temperature control systems
–Help ensure a relatively constant temperature
• Humidity controls
–Reduce the potential for ESD damage
–Reduce damage from condensation
12. Proprietary & Confidential
@GoCyberSec | January, 2020
Environmental Controls
• HVAC systems
–Should be integrated with the fire alarm systems
–Have dampers or the ability to be turned off in the event of a fire
• Extinguish fire
–Remove the heat
–Remove the oxygen
–Remove the fuel
–Disrupt chain reaction
13. Proprietary & Confidential
@GoCyberSec | January, 2020
Shielding
• Shielded cables
–Protects against EMI and RFI
–Prevent someone from capturing network traffic
• EMI shielding
–Prevents outside interference sources from corrupting data
–Prevents data from emanating outside the cable
• Protected distribution of cabling
• Faraday cage
14. Proprietary & Confidential
@GoCyberSec | January, 2020
Redundancy and Fault Tolerance
• Single point of failure
–Any component whose failure results in the failure of an entire
system
• Remove single points of failure with
–RAID (disk)
–Failover clustering (server)
–UPS and generators (power)
• Single points of failure are often overlooked until a disaster occurs
15. Proprietary & Confidential
@GoCyberSec | January, 2020
Disk Redundancies
• Inexpensive
• Adds fault tolerance and increases availability
• Hardware RAID more efficient than software RAID
16. Proprietary & Confidential
@GoCyberSec | January, 2020
Disk Redundancies
• RAID-0 (striping) no redundancy
–Two or more disks
• RAID-1 (Mirroring) uses two disks as a mirror
–Two disks
• RAID-5 can survive failure of one disk
–Three or more disks
• RAID-6 can survive failure of two disks
–Four or more disks
• RAID-10 combines RAID-1 and RAID-0
–Even number of disks
17. Proprietary & Confidential
@GoCyberSec | January, 2020
Server Redundancy
• Failover clusters for high availability
• Remove a server as a single point of failure
19. Proprietary & Confidential
@GoCyberSec | January, 2020
Disk Redundancies
• UPS
–Provides short-term fault tolerance for power
–Can protect against power fluctuations
• Generators provide long-term fault tolerance for power
20. Proprietary & Confidential
@GoCyberSec | January, 2020
Protecting Data with Backups
• Full backups
–Fastest recovery time
• Differential backup
–Backs up all the data that has changed since the last full or is
different since the last full backup
• Incremental backup
–Backs up all the data that has changed since the previous
backup
21. Proprietary & Confidential
@GoCyberSec | January, 2020
Protecting Data with Backups
• Snapshot backup
• Testing backups
• Test restores
– Best way to test the integrity of backup data
– Full test restore
• Verifies a backup can be recovered in its entirety
• Partial test restore
– Verifies that individual files can be restored
22. Proprietary & Confidential
@GoCyberSec | January, 2020
Protecting Data with Backups
• Protecting backups
–Label clearly to identify the data
–Use physical security prevent unauthorized access
–Protect it during location transfers
• Copy should be stored in separate location
• Destroy when no longer needed
–Degauss the media, shred or burn the media, or scrub with
software to overwrite data
24. Proprietary & Confidential
@GoCyberSec | January, 2020
Backup Policies and Plans
• Data to backup
• Off-site backups
• Label media
• Testing
• Retention requirements
• Frequency of backups
• Protect backups
• Disposing of media
25. Proprietary & Confidential
@GoCyberSec | January, 2020
Business Continuity Elements
• Protect against disasters and outages
–Fires
–Attacks
–Power outages
–Data loss from any cause
–Hardware and software failures
–Natural disasters, such as hurricanes, floods, tornadoes, and
earthquakes
26. Proprietary & Confidential
@GoCyberSec | January, 2020
Business Continuity Elements
• Business impact analysis (BIA) identifies:
–Systems and components that are essential to the
organization’s success (must continue to operate)
–Maximum downtime limits for these systems and components
–Scenarios that can impact these systems and components
–Potential losses from an incident
–Assets to include in recovery plans
27. Proprietary & Confidential
@GoCyberSec | January, 2020
Business Impact Analysis
• Impact
• Privacy impact
• Privacy threshold assessment
–Identifies PII
–Typically uses a simple questionnaire
• Privacy impact assessment
–Do if system holds/processes PII
–Identifies risks related to PII, such as data loss
28. Proprietary & Confidential
@GoCyberSec | January, 2020
Business Impact Analysis
• Recovery Time Objective (RTO)
–Identifies maximum amount of time it should take to restore a
system after an outage
–Derived from maximum allowable outage time identified in the
BIA
• Recovery Point Objective (RPO)
–Refers to the amount of data an organization can afford to lose
29. Proprietary & Confidential
@GoCyberSec | January, 2020
Risk Metrics
• Mean time between failures (MTBF)
–Provides a measure of a system’s reliability
–Usually represented in hours
–MTBF indicates the device can be repaired
• Mean time to recover or mean time to repair (MTTR)
–The time it takes to restore a failed system
–Often specified in contracts as a target
30. Proprietary & Confidential
@GoCyberSec | January, 2020
Risk Metrics
• Mean time between failures (MTBF)
–Provides a measure of a system’s reliability
–Usually represented in hours
–MTBF indicates the device can be repaired
• Mean time to recover or mean time to repair (MTTR)
–The time it takes to restore a failed system
–Often specified in contracts as a target
31. Proprietary & Confidential
@GoCyberSec | January, 2020
Continuity of Operations Sites
• Provides an alternate location for operations after a critical outage
• Most common sites are hot, cold, and warm sites
• Hot site
–Includes personnel, equipment, software, and communications
capabilities of the primary site
–All the data is up to date
–Can take over for a failed site within an hour
–Most effective disaster recovery
solution for an alternate site
–Most expensive to maintain
32. Proprietary & Confidential
@GoCyberSec | January, 2020
Continuity of Operations Sites
• Cold site
–Has power and connectivity needed for COOP activation, but
little else
–Least expensive and hardest to test
• Warm site
–Compromise between a hot site and a cold site
• Mobile site
–Do not have dedicated locations
–Can provide temporary support during a disaster.
33. Proprietary & Confidential
@GoCyberSec | January, 2020
Continuity of Operations Sites
• Mirrored site
–Identical to the primary location
–Provide 100 percent availability
• Order of restoration
–Return least critical functions first
34. Proprietary & Confidential
@GoCyberSec | January, 2020
Disaster Recovery Plan (DRP)
• Part of BCP
• Includes a hierarchical list of critical systems
• Prioritizes services to restore after an outage
• Testing validates a DRP
• Recovered systems tested before returning to operation
–Can include a comparison to baselines
35. Proprietary & Confidential
@GoCyberSec | January, 2020
BCP and DRP Testing
• Validate BCPs and DRPs through testing
• Tabletop exercises
–Discussion-based only
–Typically performed in a classroom or conference setting
• Functional exercises
–Hands-on exercises
–Test backups, server restoration, and server redundancy
36. Proprietary & Confidential
@GoCyberSec | January, 2020
Chapter 9 Summary
• Implementing defense in depth
• Comparing physical security controls
• Adding redundancy and fault tolerance
• Protecting data with backups
• Comparing business continuity elements
Editor's Notes
Malicious code that attached itself to a host application
-host application must be executed to run
- Find other host application to infect by replication
- payloads delete files, random reboots
- join computer botnet
SLE = $2,000
ARO = 12
ALE = $24,000
SLE = $2,000
ARO = 12
ALE = $24,000
SLE = $2,000
ARO = 12
ALE = $24,000
EMI – Electromagnetic interference
RFI – Radio Frequency Interference
Interferes with normal signal transmission
SLE = $2,000
ARO = 12
ALE = $24,000
SLE = $2,000
ARO = 12
ALE = $24,000
RAID-0 – files are spread across multiple disk
- Better read and write performance
RAID -1 – Data written to on disk is written to the other disk parity