Security Management TechKNOWvatioN

The Security Management TechKNOWvatioN protects the hardware, software and data resources of a technically complex environment. Security Management focuses on the prevention of service loss, detection of security violations, and restoration of services in the event of a service loss.

• Security Monitoring TechKNOWvatioN Service

The Security Monitoring TechKNOWvatioN Service is the set of services that monitors and detects security violations for a technically complex environment. Security Monitoring is concerned with real time or periodic (with frequent periodicity) monitoring for security related events. Security Monitoring identifies and resolves security problems due to a security violation or while measuring security capabilities and compliance.

• Security Violation Detection

The Security Detection Element is the service that monitors, detects, isolates, and corrects security violations in a technically complex environment on a frequent or real time basis. Security Violation Detection is concerned with identifying and fixing a problem as quickly as possible when one is found. This element is reactive.

• Security Assessment/Audit

The Security Assessment/Audit Element is the service that measures security capabilities and verifies security requirements compliance. Security Assessment focuses on looking for security holes in order to identify needs, whereas Security Audits focus on verifying compliance. Security Assessment/Audit is a form of monitoring, but the periodicity for is element is much greater than that of the Security Monitoring Element.

• Resource Access Control

The Resource Access Control TechKNOWvatioN Service is the set of services that installs, maintains and upgrades security controls and devices. Resource Access Control is concerned with how access is managed for the networks, applications, peripherals, and groups. Resource Access Control is focused on the implementation of security controls as well as granting access to these resources.

• Physical Access Control

The Physical Access Control Element is the service that implements systems and processes to control physical access to the devices of a technically complex environment. Physical Access Control is concerned with protecting the equipment of a technically complex environment from malicious and accidental damage.

• Network Access Control

The Network Access Control Element is the service that implements and administers systems and processes to prevent unauthorized access to an internal network. An internal network is one connected to an external, public network, or connected to a less secure internal network.

• User Access Control

The User Access Control Element is the service that implements and administers security controls to allow users proper access to the computing resources needed. User Access Control handles authorization and authentication of users as well as adding, deleting, and changing user accounts for accessing a technically complex environment. User Access Control ensures that users have access to the computing resources they need, such as printers, storage devices, applications, computers, and messaging services.

• Data Access Control

The Data Access Control Element implements and administers security controls to protect data that is potentially visible or available to unauthorized users. Data Access Control uses mechanisms such as data encryption and file permissions to accomplish its objectives.

• Security Development

The Security Development TechKNOWvatioN Service is the set of services that establishes and communicates security policies and procedures for a technically complex environment. The development of new security policies and procedures is based on identifying causes of security breaches, monitoring vendor advisories, and evaluating new security technologies.

• Security Policy Development

The Security Policy Development Element is the service that develops security policies for a technically complex environment. These new policies are based on changes in technology, the results of security assessments and audits, and external security advisories.

• Security Awareness Education

The Security Awareness Education Element is the service that educates the users of a technically complex environment on security related issues. Security Awareness focuses on increasing user’s awareness of security within the organization by keeping them informed of internal security practices as well as potential external security threats.

• Security Needs Analysis

The Security Needs Analysis Element is the service that analyzes the causes of security breaches, monitors vendor and CERT advisories, and evaluates new security technologies to ensure that a technically complex environment is safe from new threats.

• Business Resiliency TechKNOWvatioN Service

The Business Resiliency TechKNOWvatioN Service is the set of services that establishes, implements, tests, and maintains the disaster recovery plan for a technically complex environment. Disaster Recovery Planning is concerned with restoring services as quickly as possible in the event of a serious, major interruption of service.

• Risk Analysis

The Risk Analysis Element is the service that estimates the impact of a disruption of service to the various systems comprising a technically complex environment. Risk Analysis is concerned with determining what the likelihood of different disruption scenarios would be and the impact they would have to the business in order to determine which systems and scenarios should be protected against by the development of a disaster recovery plan.

• DRP Development

The Disaster Recovery Planning Development Element is the service that develops a disaster recovery plan for a given system or systems of a technically complex environment based on the results of a risk analysis. DRP Development documents what to do in the event of a significant disruption of service.

• DRP Implementation

The Disaster Recovery Planning Implementation Element is the service that implements a disaster recovery plan for a given system or systems of a technically complex environment. DRP Implementation involves putting all the components documented in the DRP plan in place. This includes forming and educating disaster recovery teams, installing and testing redundant equipment, or purchasing disaster recovery services from an external vendor.

• DRP Maintenance

The Disaster Recovery Planning Maintenance Element is the service that maintains the disaster recovery plan after it has been implemented. DRP Maintenance involves testing the plan on a regular basis to ensure that the plan will work and to keep the disaster recovery team trained on how and what to do. DRP Maintenance also includes updating the plan based on business or technology changes.