Security Procedures - CompTIA Security+ SY0-701 - 5.1
Summary
TLDRThe video script discusses essential security procedures in organizations, emphasizing change management to prevent downtime and errors. It outlines steps including risk assessment, formal plans, and approval processes via a change control board. The script also covers onboarding and offboarding processes, the importance of playbooks for incident response, and the integration of SOAR platforms for automation. It highlights the need for continuous monitoring and updating of security postures, governance structures, and the unique considerations for public sector organizations.
Takeaways
- 🔄 Change management ensures systematic processes for changes in systems to prevent downtime and errors.
- 📋 Steps in change management include determining the scope, assessing risk, and creating a formal plan.
- ✅ A change control board approves and schedules changes, ensuring there's a backup plan.
- 👋 Onboarding involves providing new hires with necessary resources and ensuring they have the right permissions.
- 🚪 Offboarding includes managing user assets and data, and disabling accounts to retain important information.
- 📚 Playbooks outline step-by-step procedures for specific events like data breaches or ransomware recovery.
- 🤖 SOAR platforms integrate and automate tasks across diverse systems to improve efficiency.
- 🔍 Continuous monitoring and updating of processes are essential to maintain security and efficiency.
- 🛡️ Governance involves a board setting objectives and committees implementing them, with different approaches for public and private sectors.
- 🏛️ Public sector governance focuses on legal, administrative, and political issues with meetings open to the public.
Q & A
What is the primary purpose of change management in an organization?
-The primary purpose of change management is to ensure there are processes and procedures in place for every change made to systems, which helps prevent downtime, confusion, and mistakes during changes.
What are the initial steps taken in the change management process?
-The initial steps in change management include determining the scope of the change, assessing the risk involved, and creating a formal plan for the change.
What is the role of a change control board in an organization?
-A change control board is responsible for analyzing all proposed changes, approving and scheduling them, and ensuring there is a backup plan in case something goes wrong during the change process.
Why is it important to document changes made during the change management process?
-Documenting changes is important so that everyone is aware of what was modified in the systems, which aids in transparency and traceability.
What does the onboarding process involve for a new hire or a transfer in an organization?
-The onboarding process involves providing the new hire with the employee handbook or acceptable use policies, creating new accounts for network access, assigning the correct rights and permissions, and providing necessary technology such as laptops and mobile devices.
Why is it crucial to create formal offboarding policies and procedures?
-Formal offboarding policies and procedures are crucial to ensure a structured approach to handling user assets, data management, and account disabling when an employee leaves the organization.
What is the significance of maintaining playbooks in an organization?
-Playbooks are significant as they define a set of steps to be followed in case of specific events, such as a data breach or ransomware attack, providing a clear and structured response plan.
How can a SOAR platform help in automating security processes?
-A SOAR (Security Orchestration, Automation, and Response) platform helps by integrating many third-party products into one platform, automating connections between diverse systems, and allowing security teams to focus on more important work.
What does it mean to constantly monitor and revise processes and procedures in an organization?
-Constantly monitoring and revising processes and procedures means staying updated with new technologies, updating security postures, creating additional playbooks, and ensuring that all procedures account for emerging threats.
What is the role of a board in the governance structure of an organization?
-In the governance structure, a board, which may be a board of directors, sets broad objectives and tasks for a committee to follow, providing direction and approving or providing feedback on completed tasks.
What are the differences between centralized and decentralized governance in an organization?
-Centralized governance involves one group making decisions for the entire organization, while decentralized governance allows decisions to be made by those closer to the tasks, such as individuals doing the particular jobs.
Outlines
🛠️ Change Management and Organizational Security Practices
This paragraph outlines the critical role of change management within an organization. It details the steps involved in the change management process, from determining the scope of changes to obtaining approval from stakeholders. The importance of a change control board is emphasized, which is responsible for analyzing, approving, and scheduling changes, as well as ensuring a backup plan is in place. The paragraph also discusses the necessity of documenting changes for transparency and reviews the onboarding and offboarding processes, highlighting the security team's role in providing new hires with necessary policies and access rights. Additionally, it touches on the creation of formal offboarding procedures to manage user assets and data upon departure. The concept of maintaining playbooks for various scenarios, such as data breaches or ransomware recovery, is introduced, emphasizing the integration of these into automated processes via a SOAR platform to streamline security operations.
🏛️ Governance Structures and Organizational Decision Making
The second paragraph delves into the governance structure of organizations, starting with the role of a board, which sets broad objectives for committees to implement. It explains the committee's function in taking direction from the board and working towards meeting set goals, which are then presented back for approval or feedback. The paragraph distinguishes between public and private sector governance, noting the public sector's focus on legal, administrative, and political issues, with an emphasis on transparency through open meetings. It also explores different governance approaches, such as centralized and decentralized models, and how they affect decision-making within an organization. The summary underscores the importance of selecting a governance model that best fits the organization's needs.
Mindmap
Keywords
💡Change Management
💡Change Control Board
💡Onboarding
💡Offboarding
💡Playbooks
💡SOAR Platform
💡Governance
💡Centralized Governance
💡Decentralized Governance
💡Emerging Threats
Highlights
Change management procedures help prevent downtime, confusion, and mistakes when changes are made in an organization.
Determining the scope of changes, such as modifying a single server or multiple devices, is the first step in change management.
Assessing the risk associated with changes is crucial, especially when dealing with entire operating systems or specific applications.
A formal plan and end user approval are necessary before implementing changes.
Most organizations have a change control board to analyze, approve, and schedule changes, ensuring there is always a backup plan.
Documenting completed changes is important so everyone knows what was modified.
Onboarding involves providing new hires with employee handbooks, creating new accounts, and assigning correct rights and permissions.
Offboarding includes determining the fate of user assets and data, disabling accounts to preserve important decryption keys and data.
Organizations maintain playbooks to define steps for specific events, such as data breaches or ransomware recovery.
Integrating playbooks into a SOAR platform helps automate mundane tasks and allows security teams to focus on more critical work.
Constantly monitoring and revising processes and procedures ensures a stronger security posture and efficient playbooks.
Emerging threats require updates to playbooks, processes, and procedures to mitigate new vulnerabilities.
Governance structures often start with a board setting broad objectives for committees of subject matter experts.
Public sector governance differs from private organizations, focusing on legal, administrative, and political issues with meetings open to the public.
Governance can be centralized, with one group making decisions, or decentralized, with decisions made by those performing specific jobs.
Transcripts
One of the most common security procedures
for almost any organization is one
related to change management.
Change management assures that we
have a set of processes and procedures each time
a change is made to any of our systems.
By putting in these checks and balances,
we can help prevent downtime, confusion,
and mistakes that come when changes are
being made in the organization.
With change management, there are a series
of steps in the entire process.
We start with the process of determining
what the scope might be for this change.
Are we modifying a single server?
Are we modifying multiple devices?
And are we updating an entire operating
system or a single file?
We also need to know how risky it will be to make this change.
Are we making a change to an entire operating system
or will this risk only affect one specific application
running on that device?
We will also need a formal plan for the change
to understand exactly what part of these systems
will be changing, and then we'll need
to get approval from the end user
that these changes can indeed be made.
Most organizations will have a change control board.
This board is responsible for analyzing all of the proposed
changes and then approving and scheduling those changes.
The change control board will also
look to see that there is a backup plan.
So if something doesn't go well during the change process,
there's always a way to get back to where we started.
And once that change is completed,
we can document those changes so that everyone knows what
was modified on those systems.
Security teams also deal with onboarding.
This is the process of bringing someone
into the organization, either a new hire or a transfer
from another department.
During this onboarding process, the security team
will provide the new hire with the employee handbook or a list
of the acceptable use policies that
will need to be signed off and approved by the new hire.
New accounts will need to be created
so the user can log in to the network,
and we'll also need to make sure that the correct rights
and permissions are associated with this particular user.
All that's left is to give the new hire their laptop,
mobile device, and any other technologies they'll
need to perform their job function,
and they are now part of the network and can log in.
Just as we have formal policies and procedures for onboarding,
we also need to create formal policies and procedures
for offboarding.
This way, we know exactly what should
happen with all of the user's assets
when they decide to leave the organization.
These procedures answer questions
such as what happens to the hardware that has been assigned
to this user and, perhaps more importantly, what
happens to the data that is saved on that hardware.
It's also a good best practice to disable
the account associated with the user in case
there are encrypted files or anything else
that may need to be retrieved later.
If we were to delete these accounts,
it's very possible that we could lose important decryption
keys or important data that may be stored on those accounts.
It's also very common for organizations
to maintain a series of playbooks.
These playbooks define a set of steps
that should be followed in the case of a particular event.
For example, if you need to investigate a data breach,
there should be a playbook that describes
exactly what should be done first, what should
be done second, and so on.
The same thing might apply to recover from ransomware.
There should be a separate playbook for that, as well.
There are obviously, then, a large number of playbooks
that would be created providing that step-by-step overview
of exactly what to do and when to do it.
Once we create this series of steps,
we can also integrate them into more of an automated process.
This is often integrated into a SOAR platform.
That stands for Security, Orchestration, Automation,
and Response.
This SOAR platform allows us to integrate
many third-party products into one single platform
and be able to automate connections between all
of those very diverse systems.
This means we can automate some of the more mundane tasks
and have the security teams concentrate on doing much more
important work.
Technology never stops integrating.
There are always new technologies and new processes
that we need to integrate into our environments.
That's why we need to constantly monitor
and in some cases revise the processes and procedures
that we use on a daily basis.
For example, we may need to update and create
a stronger security posture.
That means that we would need to tighten our change control
process.
We may need to create additional playbooks.
There may be an acquisition of additional technologies
required and anything else that can
help us make our environment even more secure.
We might also want to look through our existing playbooks
and see if there's opportunities to make those playbooks more
efficient or more secure.
We might also want to create new playbooks
if we happen to have installed new technologies
into our infrastructure.
We also have to keep an eye on any emerging threats.
Attackers are always finding new ways to get into systems
or take advantage of vulnerabilities,
and we need to make sure that our playbooks, our processes,
and all of our procedures take into account these new emerging
threats.
The governance structure for many organizations
starts with a board.
Sometimes this is a board of directors.
It's a panel of specialists that set
the tasks or the series of requirements
for a committee to follow.
These are usually very broad objectives,
and it's left up to the committee
to determine the best way to implement those objectives.
Committees usually exist of subject matter experts
and may include a member of the board as part of the committee.
The committee will take direction
from the board at what task needs to be accomplished,
and then they'll work on putting the next steps together
to meet those particular goals.
Once that task has been completed,
it can be presented to the board for approval
or to have the board provide additional feedback or changes.
If you're working in the public sector, which
would be a government organization,
then there are a different set of policies and procedures.
Many of the concerns associated with a governmental agency
would be around legal issues, administrative requirements,
and, in many cases, political issues.
The presentation and scope of this information
is also very different than a private organization.
Since a governmental agency is working for the people,
all of these meetings tend to be open to the public.
And for both public and private organizations,
there are different ways to approach governance.
One is through a centralized form,
and the other would be decentralized.
With centralized governance, there
tends to be one group that handles the decisions
for the entire organization.
With decentralized governance, those decisions
can be made by others, specifically those who may even
be doing those particular jobs.
There's no right or wrong way to present
this type of governance, but it needs
to be one that works best for that particular organization.
Browse More Related Video
5.0 / 5 (0 votes)