To help simplify network design, it is recommended that all security mechanisms come from a single vendor. The Cisco SecureX architecture is a comprehensive, end-to-end solution for network security that includes solutions to secure the network, email, web, access, mobile users and data center resources. Cisco Security Manager and CCP provide network management options for Cisco SecureX solutions.
! The SDLC includes five phases: initiation, acquisition and development, implementation, operations and maintenance, and disposition. It is important to include security considerations in all phases of the SDLC. ! Risk analysis is the systematic study of uncertainties and risks. It estimates the probability and severity of threats to a system and provides an organization with a prioritized list. Risk analysts identify the risks, determine how and when those risks might arise, and estimate the impact (financial or otherwise) of adverse outcomes.
The first step in developing a risk analysis is to evaluate each threat to determine its severity and probability ! After the threats are evaluated for severity and likelihood, the information is used in a risk analysis. There are two types of risk analysis in information security, quantitative and qualitative. ! Quantitative risk analysis uses a mathematical model that assigns a monetary figure to the value of assets, the cost of threats being realized, and the cost of
security implementations. Monetary figures are typically based on an annual cost. ! Quantitative risk analysis is more mathematically precise and typically used by organizations as cost justification for proposed countermeasures. ! There are various ways of conducting qualitative risk analysis. One method uses a scenario-based model. This approach is best for large cities, states, and countries
because it is impractical to try to list all the assets, which is the starting point for any quantitative risk analysis. For example, by the time a typical national
government lists all of its assets, the list would have hundreds or thousands of changes and would no longer be accurate. ! !!!! Quantitative risk analysis relies on specific formulas to determine the value of the risk decision variables. These include formulas that calculate the asset value
(AV), exposure factor (EF), single loss expectancy (SLE), annualized rate of occurrence (ARO), and annualized loss expectancy (ALE). ! Quantitative Risk Analisis Formula !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! AV is the cost of an individual asset. EF is the loss, represented as a percentage, that a realized threat could have on an asset. SLE is the result of AV * EF, or the cost of a single instance of a threat. ! Cisco calls this the Borderless Network. In this new Borderless Network, access to resources can be initiated by users from many locations, on many types of endpoint
devices, using various connectivity methods. ! To address these very issues, Cisco has outlined a security architecture called Cisco SecureX. ! The SecureX security architecture for the Borderless Network relies on a lightweight, pervasive endpoint. Its role is not to scan content or run signatures. Instead,
its sole focus is making sure every connection coming on or off the endpoint is pointed at a network scanning element somewhere in a Cisco security cloud. These
scanning elements are now capable of running many more layers of scanning than a single endpoint possibly could: five layers of malware signatures, data loss
prevention and acceptable use policies, content scanning, and more. ! This architecture is designed to provide effective security for any user, using any device, from any location, and at any time. !! This architecture is comprised of five major components: Scanning engines: Delivery mechanisms: Security intelligence operations (SIO): Policy management consoles: The next-generation endpoint: ! In the Borderless Network, security must begin with the endpoint. ! A context-aware scanning element is a network security device that does more than just examining packets on the wire. It looks at external information to understand
the full context of the situation. To be context aware, the scanner has to consider the who, what, where, when and how of security. ! A context-aware policy uses a simplified descriptive business language to define security policies based on five parameters: !!!!!! The person’s identity The application in use The type of device being used for access The location The time of access ! Cisco SIO is the world’s largest cloud-based security ecosystem, using almost a million live data feeds from deployed Cisco email, web, firewall, and IPS solutions. ! Cisco ScanSafe Cloud Web Security: !! Analyzes web requests for malicious, inappropriate, or acceptable content Offers granular control over open and encrypted web content Extends real-time protection and policy enforcement to remote employees Blocks unwanted and malicious emails, while protecting confidential data ! To ensure a secure working environment within the operations department, certain core principles should be integrated into the day-to-day activities: !!! Separation of duties Rotation of duties Trusted recovery Change and configuration controls ! After a network is operational, it is important to ascertain its security status. Many tests can be conducted to assess the operational status of the system: !!! Network scanning Vulnerability scanning Password cracking Log review Integrity checkers Virus detection Wardialing Wardriving (802.11 or wireless LAN testing) Penetration testing ! Business continuity planning may address the following concerns: !!! Moving or relocating critical business components and people to a remote location while the original location is being repaired Using different channels of communication to deal with customers, shareholders, and partners until operations are returned to normal !