5.1 Security procedures

Question 1

Change management

Answer 1

How to make a change– Upgrade software, change firewall configuration,
modify switch ports
* One of the most common risks in the enterprise– Occurs very frequently
* Often overlooked or ignored– Did you feel that bite?
* Have clear policies– Frequency, duration, installation process,
fallback procedures
* Sometimes extremely difficult to implement– It’s hard to change corporate culture

Question 2

Change control

Answer 2

• A formal process for managing change– Avoid downtime, confusion, and mistakes
• Nothing changes without the process– Determine the scope of the change– Analyze the risk associated with the change– Create a plan– Get end-user approval– Present the proposal to the change control board– Have a backout plan if the change doesn’t work– Document the changes

Question 3

Onboarding

Answer 3

• Bring a new person into the organization– New hires or transfers
• IT agreements need to be signed– May be part of the employee handbook or a
  separate AUP
• Create accounts– Associate the user with the proper groups
  and departments
• Provide required IT hardware– Laptops, tablets, etc.– Preconfigured and ready to go

Question 4

Offboarding

Answer 4

• All good things…– But you knew this day would come
• This process should be pre-planned– You don’t want to decide how to do things at this point
• What happens to the hardware?
• What happens to the data?
• Account information is usually deactivated

Question 5

Playbooks

Answer 5

• Conditional steps to follow; a broad process– Investigate a data breach, recover from ransomware
• Step-by-step set of processes and procedures– A manual checklist– Can be used to create automated activities
• Often integrated with a SOAR platform– Security Orchestration, Automation, and Response– Integrate third-party tools and data sources– Make security teams more effective

Question 6

Monitoring and revision

Answer 6

• IT security is constantly changing– Processes and procedures also must change
• Update to security posture– Tighter change control, additional playbooks
• Change to an individual procedure– Update the playbooks, include additional checks
• New security concerns– Protect against emerging threats

Question 7

Governance structures

Answer 7

• Boards– A panel of specialists– Often responsible for gathering information
  for a committee
• Committees– Subject-matter experts– Considers the input from a board– Determines next steps for a topic at hand– Presents the results to the board
• Government entities– A different kind of machine– Legal concerns, administrative requirements,
  political issues– Often open to the public
• Centralized/decentralized– The source of the processes and procedures– Centralized governance is located in one location
  with a group of decision makers– Decentralized governance spreads the
  decision-making process around to other individuals or locations