Читать книгу (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple - Страница 98

Selecting a countermeasure, safeguard, or control (short for security control) within the realm of risk management relies heavily on the cost/benefit analysis results. However, you should consider several other factors when assessing the value or pertinence of a security control:

 The cost of the countermeasure should be less than the value of the asset.

 The cost of the countermeasure should be less than the benefit of the countermeasure.

 The result of the applied countermeasure should make the cost of an attack greater for the perpetrator than the derived benefit from an attack.

 The countermeasure should provide a solution to a real and identified problem. (Don't install countermeasures just because they are available, are advertised, or sound appealing.)

 The benefit of the countermeasure should not be dependent on its secrecy. Any viable countermeasure can withstand public disclosure and scrutiny and thus maintain protection even when known.

 The benefit of the countermeasure should be testable and verifiable.

 The countermeasure should provide consistent and uniform protection across all users, systems, protocols, and so on.

 The countermeasure should have few or no dependencies to reduce cascade failures.

 The countermeasure should require minimal human intervention after initial deployment and configuration.

 The countermeasure should be tamperproof.

 The countermeasure should have overrides accessible to privileged operators only.

 The countermeasure should provide fail-safe and/or fail-secure options.

Keep in mind that security should be designed to support and enable business tasks and functions. Thus, countermeasures and safeguards need to be evaluated in the context of a business process. If there is no clear business case for a safeguard, it is probably not an effective security option.

Security controls, countermeasures, and safeguards can be implemented administratively, logically/technically, or physically. These three categories of security mechanisms should be implemented in a conceptual layered defense-in-depth manner in order to provide maximum benefit (Figure 2.4). This idea is based on the concept that policies (part of administrative controls) drive all aspects of security and thus form the initial protection layer around assets. Next, logical and technical controls provide protection against logical attacks and exploits. Then, the physical controls provide protection against real-world physical attacks against the facility and devices.

FIGURE 2.4 The categories of security controls in a defense-in-depth implementation