Cybersecurity and information security for an organization is top of mind for many. However, the process of how to "catch up" or stay on top of the latest trends can become a dreadful second thought. In this blog, we take the time to acknowledge the challenges and steps needed for creating and meeting security goals.
Where to Begin
Creating an information security architecture that effectively ensures the confidentiality, integrity, and availability of database environments is no easy task. Techniques used to attack databases, and other systems are developed using the same technology used to protect these systems.
This means that as security systems become more sophisticated, malware becomes more sophisticated. As technology becomes more advanced, so do intruders. By the time you reach a level of security where you feel comfortable, several new intrusions will have been developed, and the process starts all over again.
As previously discussed in How to Stay Ahead of Malware and Keep Your IT Infrastructure Secure, the focus was placed on securing your IT network with a 3-step plan against malware. But perhaps a strategy might be best thought of after reviewing an organization's security architecture.
In Database Security (2012), an outlined process of creating and maintaining security architecture utilized four specific phases. Excerpts from those phases are below.
Phase 1: Assessment and Analysis
Assessing and analyzing an organization’s data security needs involves the identification of vulnerabilities, threats, and assets existing within an environment’s devices, resources, and vendor relationships.
A security audit must be thorough and exhaustive, searching for every type of potential threat that may exist within the database environment. Threats can range from social engineering gaps to external firewall faults. They can be present within any of the computer, network, and database layers, so all types of security should be addressed.
By identifying risks, defining the likelihood of a threat to an asset, and determining the cost of a breached or lost asset, you can prioritize and plan reasonable measures to counteract these threats.
Steps often taken to complete a risk assessment can include:
- Creating a list of all devices and resources within a database environment.
- Identifying the vulnerabilities and assets involved with each resource and device.
- Defining the value of these assets as well as the cost of any damage from the threats.
- Prioritizing your security measures.
Phase 2: Design and Modeling
The design and modeling phase involves the creation of policies and prototype security architecture that fits an organization’s needs. The policies created will rely strictly on the results of the assessment and analysis phase.
The prioritized lists of threats dictate how the model is developed and what policies are put into place. In the design and modeling phase, security policies and procedures are created, necessary firmware and software changes are defined, and security tools or applications that are used to minimize risk are identified.
The entire organization must be included in this process. From senior management to human resources to network users, all should be made aware of the security efforts taking place. Involving the entire organization in this process will ensure policies are correctly focused and realistic for both user and business needs.
Steps often taken to complete a risk assessment may include:
- Define the policies and procedures that need to be put into place.
- Define the firmware and software changes that support the policies defined in step one.
- Identify the implementation plan.
- Create baselines to determine success and failure.
- Define a plan for user training and awareness.
Phase 3: Deployment
During deployment, the security policies, firmware, and tools defined in previous phases are put into place. These security measures are deployed using the steps that were defined in the design and modeling phase.
A test environment is often created to simulate the environment in which deployment will take place. Firmware and software are purchased and also tested to ensure that unforeseen variables do not affect the overall deployment and security goals.
Changes to user training and awareness are put into place in this phase as well.
Steps often taken in Phase 3 can include:
- Adjust user training and awareness based on user acceptance.
- Test firmware and software changes in a controlled simulation environment.
- Deploy changes as defined by the deployment plan.
Phase 4: Management and Support
The management and support phase involves the ongoing support, maintenance, and assessment of the security architecture deployed in phase three. During this phase, the performance of the security system is monitored, and any failures or breaches would result in the reevaluation of the security architecture.
Security policies can go through minor changes, yet too many small changes or a failure in a system may initiate the need to repeat the entire process from the beginning.
Steps often taken to complete a risk assessment may include:
- Monitoring performance of security architecture as well as user security awareness and training.
- Revising policy as necessary.
- Identify the need for a reassessment and initiate the start of the security life cycle.
Multilayered Nature of Security Architecture
Deploying multiple layers of security within critical database environments can be an effective approach to minimizing the risk of a data breach.
Essentially, if multiple layers of security are applied to a data storage environment, then intruders will have a more difficult time accessing the data.
In multi-layer, secured environments, an intruder who might compromise the first layer will have to find a way to bypass the second and even a third to obtain access, making intrusion more complicated and time-consuming.
Consider a scenario in which a database administrator wants to protect his network from malicious e-mail attachments. He develops training to teach users about the dangers of e-mail, hoping to educate them to identify the signs (such as file extensions) of dangerous attachments.
If this is the only measure taken to ensure that attachments do not pose a threat to a network, then one forgetful user can cause major damage to a system. If a second layer is added to this strategy, such as the implementation of a filter placed on the exchange server to block and quarantine certain well-known malicious e-mail attachments, the risk of a security leak is lessened.
In this scenario, the attachment must fool the exchange server by changing its filenames, and a forgetful user must download the attachment from the e-mail account.
Even a third layer can be applied, such as a firewall that is configured to deny certain types of traffic from entering the network, further lessening the risk.
For a breach to occur now, the firewall, exchange servers, and user all must be fooled into allowing the attachment to intrude upon the network. Therefore, the more security layers that you can apply, the more secure our environment will be. By recognizing the most common patterns among organizations at risk, you can drill down on fixing these issues today.
CimTrak: Network-Wide Security
CimTrak enables security teams to fight the risks of common network security mistakes, even as your total endpoints and applications increase. With network-wide file integrity monitoring, you can establish total accountability with audit trails that cannot be altered.
CimTrak also offers unique, advanced protection against threats by providing admins with the ability to restore systems and files to a prior state immediately. For a product demo, click here now.
April 4, 2017