Вы находитесь на странице: 1из 4

Threat/Risk Action

Infrastructure compromise may Mitigation


lead to information leakage and Organizational networks should be securely designed, including:
regulatory impact due to
exploitation of poorly-designed
1) Secure Infrastructure Architecture:
network architecture a) Securing the perimeter of the network using state of art security
appliances to limit the exposure of infrastructure and hosted
applications.
b) Segmentation of business systems based on criticality of
information and required exposure level at server level.
c) Hardening the OS, application and where possible using secure
variants of critical services (i.e. DNSSEC instead of DNS and SFTP
instead of FTP).
2) Process for regular review of configuration setting of security
solutions

3) Periodic Network Security Review


Solutions required

Application aware firewalls


IPS/IDS
Secure remote access
Web application firewalls and load balancers
Jump server (session monitoring and password vaulting)
Network admission control and segmentation
Secure Web gateway

Data leakage and misuse due to Mitigation: Review of endpoint & server protection solutions in the
lack of control on advanced organization, find gaps and improve
malware attacks on information
systems and endpoints
Solutions
APT Protection and detection
Microsoft's Enhanced Mitigation Experience Toolkit, App
locker and Advanced Threat Analytics
Host firewall
Mitigation:
Exploit misconfigured, 1. Pre hardened Operating system images as best practices.
vulnerable organizations
information systems &
2. Harden application as per manufacturer recommendation and
applications leading to data industry best practices
leakage and compromise 3. Automated review of security hardening against benchmarks
4. Regular vulnerability scanning
Solution required:
Enterprise vulnerability scanner
Hardening benchmarks and scanner

Humans may directly or indirectly Mitigation:


leak confidential Information due Review of human aspects of security and develop process to
to:
Social engineering
strengthen the technical controls to minimize reliance on end users.
Phishing links Solution and processes required
Ransom wares Security Awareness Activity
Lack of security End point hardening and encryptions
awareness Employee Screening/ Background checks for critical roles
Disgruntled
Criminal intent
Secure file storage for end-users
Data loss prevention
Mitigation
Exploit vulnerable authorization 1. Secure the authentication mechanism so that credential for
mechanisms - Authentication
and authorization
user and application remains encrypted in storage, transit.
2. Compliment AD credential with second factor authentication.
3. Restrict access on need to know basis.
4. System-to-system (& API) is secured using appropriate
cryptography
5. User identities are provisioned and managed.

Solutions
Two factor authentication
Jump servers for use of privileged identities
Privilege identity security (vaulting, threat analysis and service
accounts)
Identity and access management
Certificate based authentication support for upcoming
systems.
HSM for securing encryption keys

Compromise supplier or Mitigations:


business partner of target Vendor security review
organization
a) Review of security organization of critical suppliers
b) Security SLA with critical partners
Insecure transmission and 1)Authentication data should be encrypted in communication and
storage of critical data(Password, storage
Pin, Cryptographic Keys)
1a) Identify the databases where authentication data(passwords,
PIN, token, key etc) is passing through and stored. Confirm if the
data is encrypted with latest encryption.

2)Servers to server communication should be based on


certificate/token/keys

3)Process for management of cryptographic keys should be


documented which should cover(responsibility of key owner,
protection of keys, process for manadatory key discolsure

4)All organizational keys should be protected by centralized solution


e.g. HSM

5) A third party certificate authority should be used to grant trusted


certificate

6) USSD and SMSC when processing financial transaction to


support encryption through STK or enhanced capabilities
Lack of controls on information MDM, Byod policy
on organizational devices for policy
enforcement, loss and theft.
1)Security guideliens for new business initiative(4G, Digital. IOT,
Lack of proactive security in Cloud)
new business initiative to cope
up with emerging threats will
2)Cloud security framework
render security ineffective and Virtualization security
leakage/compromise of 3)IOT security guidelines
information systems/data
Security resources review
Cloud - Lack of control over
information in Multi-tenant
environment i.e Virtualization
and Cloud

IOT - Supercharged connectivity


overwhelming legacy
defences/IOT leaks sensitive
data
Exploit insecure usage, disposal 1)Information management
and handling of an organisations 2) Roles and responsibiilties to be defined against each asset
information and information assets
due to lack of information,asset
3) All assets and critical informaiton to be classified
management and classification 4) Review destruction and reuse of media policy for gaps
5) Consolidation of asset registers to give holistic view of assets in
the organization
6) Process for updation og asset register and supported automated
scanning probing to validate accuracy
7)Inventory of critical desktop applications
8) Post Implementation Security Reviews to be planned for the year
2016
Insider Threat

Вам также может понравиться