ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security...
-
Upload
barbara-paul -
Category
Documents
-
view
218 -
download
2
Transcript of ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security...
![Page 1: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/1.jpg)
ISA 400 Management of Information Security
Philip Robbins – November 14, 2015
Security Architecture and Design
Information Security & Assurance ProgramUniversity of Hawai'i West Oahu
Week #4
![Page 2: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/2.jpg)
Security Architecture & Design
Topics• Week #12, Domain: Security Architecture & Design
• Quiz #7• Assignment #7
![Page 3: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/3.jpg)
3
Security can take place in 3 main areas:
Security Architecture & Design
![Page 4: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/4.jpg)
• Reference Monitor• Trusted Computing Base• Security Control Architecture• Rings of Protection• Confidentiality Models• Integrity Models• Security Modes• Trusted Computer System Evaluation Criteria (TCSEC)• Information Technology System Evaluation Criteria (ITSEC)• Common Criteria• Certification & Accreditation
4
Domain Concepts
![Page 5: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/5.jpg)
• Abstract machine that is used to implement security.• Verifies that the subject meets the minimum
requirements for access to an object.• Enforced by the Security Kernel (aka, the heart of the
RM).
5
Reference Monitor
![Page 6: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/6.jpg)
• Central component to most Operating Systems.• Interface to system hardware.• In charge of access to computer resources.• Implements multitasking for processes continuously
competing for system resources (enforcing isolation).
6
OS Kernel
![Page 7: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/7.jpg)
Process Isolation• Ensures processes do not interfere with each other.• Each process has and runs in its own memory space.
Protection Rings• Security mechanism used along with memory protection.• Supports Confidentiality, Integrity, and Availability.• Most common architectures use 4 protection rings.• The lower the number, the greater amount of privilege (trust)
given to the process running within that ring.• The OS kernel is the most trusted component (Ring 0).
7
Security Control Architecture
![Page 8: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/8.jpg)
8
Protection “Privilege” Rings
Ring 0: Operating system kernelRing 1: Operating SystemRing 2: Drivers & UtilitiesRing 3: Applications
![Page 9: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/9.jpg)
• Two Processor Access Modes:- User Mode
Application code runs in a non-privileged mode.- Supervisor (Kernel) Mode
Processor has access to all system memory and all CPU instructions.
• Protects the processor and the activities it performs.• Prevents memory access from lower access levels.
Processor Privilege States
![Page 10: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/10.jpg)
10
Processor Privilege States
@Ring 3, User (Non-privileged) Mode: Applications@Ring 0, Kernel (Privileged) Mode: Operating system kernel@Ring 1, Kernel (Privileged) Mode: Operating System@Ring 2, Kernel (Privileged) Mode: Drivers & Utilities
![Page 11: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/11.jpg)
Layering & Data Hiding• Provided by placing unique processes in different protection
rings and controlling communication between less trusted and more trusted processes.
Abstraction• Suppress unnecessary details not needed to perform an
activity.
Data Hiding• Control lower-level processes from higher-level processes.
Encapsulation• Protect an object’s private data from outside access.
Security Control Architecture
![Page 12: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/12.jpg)
• The sum of all the protection mechanisms within a computer.
• Responsible for Confidentiality and Integrity.• TCB components enforce security policies.
Trusted Computing Base (TCB)
![Page 13: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/13.jpg)
Open System• Built upon open standards, protocols, and interfaces that have
published specifications.• Provides interoperability between components and devices.
Closed System• Uses architecture that does not follow industry standards.• Are proprietary.• Traditionally lack interoperability.• Generally considered to be more secure.
Open & Closed Systems
![Page 14: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/14.jpg)
• A flow of information not controlled by a security control.
• Attackers know that you can’t deny what you must permit.
• Only covert channels that breach security policy require action (i.e. rootkits, backdoors, Loki).
• Security steps:- Identify possible covert channels.- Analyze whether a channel actually exists.- Verify if the channel creates security concerns.
Covert Channel
![Page 15: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/15.jpg)
Server-Side Attack• A listening service is attacked directly from outside
the network.• Defenses: Firewalls, Patching, System Hardening,
Defense in Depth.
Server / Client-Side Attacks
![Page 16: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/16.jpg)
Client-Side Attack• Caused by the user download malicious content.• Reverse of server-side attack.• Attack initiated from victim.
Server / Client-Side Attacks
![Page 17: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/17.jpg)
Making a change slowly over time so an attacker remains undetected.
Data Diddling• Making small incremental changes to data or files.
Salami Attack• Making small incremental changes to financial
accounts or records.
Incremental Attacks
![Page 18: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/18.jpg)
Web Protection• If you use cookies with program, encrypt them.• Do not use sequential, calculable, or predictable
cookies, session numbers, or URL data.• Validate all input and output.• Fail secure.• Do not cache secure pages.• Do not automatically trust data, regardless of
source.• Audit.
![Page 19: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/19.jpg)
Web Input Validation
![Page 20: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/20.jpg)
Database Vulnerabilities & Threats
![Page 21: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/21.jpg)
Database Vulnerabilities & Threats• Aggregation
– Combining information from sources to acquire knowledge when there is lack of clearance.
– The process of combining several low-sensitivity items, and drawing medium or high sensitivity conclusions.
• Inference– Results of aggregation.– The process of deducing new privileged
information from available unprivileged sources.
![Page 22: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/22.jpg)
Polyinstantiation– Creating two versions of the same object.– Versions are distinguished by security levels.– Prevents Inference Attacks.– Enables a relation to contain multiple rows with
the same primary key.
![Page 23: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/23.jpg)
Polyinstantiation
![Page 24: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/24.jpg)
Bell-LaPadula Confidentiality Security Model
• Simple Security Property: no read up• * Property: no write down
![Page 25: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/25.jpg)
Bell-LaPadula Confidentiality Security Model
• Developed from DoD multilevel security policy– Security labels– Need-to-know– First mathematical model of a multilevel security policy
• Blend of general security models– Information flow and state machine– Mandatory access controls and lattice model
• Prevent information from flowing from a higher security level to a lower one.
![Page 26: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/26.jpg)
Lattice Model• Zones of security (compartmentalization)
– This structure governs information flow– One way information flow
• Model associated with MAC.• Subjects are assigned security clearances.• Objects are assigned security labels.
![Page 27: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/27.jpg)
Lattice Model
![Page 28: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/28.jpg)
Biba Integrity Security Model
• Simple Integrity Axiom: no read down• * Integrity Axiom: no write up
![Page 29: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/29.jpg)
Biba Integrity Security Model
• Simple Integrity Axiom: no read down• * Integrity Axiom: no write up
![Page 30: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/30.jpg)
Biba Integrity Security Model• Blend of general security models
– Concerned about the contamination of data– Mandatory access controls and lattice model– Information flow and state machine
• Supports integrity only– Prevents object modification by attackers– No support for confidentiality or availability
• Covert channels
• Prevents information from flowing from a low integrity level to a high integrity label.
![Page 31: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/31.jpg)
Information Flow Model• State machine models that focus on the flow of
information.• Lattice based: one way flow.• Basis of design for both Biba and Bell-LaPadula.• The goal is to prevent information from flowing froma higher-security level to a lowerone.
![Page 32: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/32.jpg)
Clark-Wilson Security Model• Focuses on integrity
• Constrained data items (CDI) • Transformation Procedures (TP)• Integrity Verification Procedures (IVP)
• Uses a subject/program/object relationship• Subjects are restricted in the way they access objects• Objects are accessed only through programs
• Dictates that Separation of duties be enforced• Critical functions are broken up among multiple subjects• Prevents authorized subjects from making improper
modifications to objects
• Requires all changes be logged.
![Page 33: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/33.jpg)
Clark-Wilson Security Model
Constrained data items (CDI) Unconstrained data items (UDI)Transformation Procedures (TP)Integrity Verification Procedures (IVP)
![Page 34: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/34.jpg)
Brewer and Nash Security Model
• “Chinese Wall” Model• Goal is to prevent conflicts of interest
– Information flow model.– Subject is prevented from access information of
two competing clients.• Subject’s access controls change dynamically.
![Page 35: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/35.jpg)
Noninterference Model
• Ensures that objects and subjects of different levels don’t interfere with objects and subjects of other levels.
• Preventing high-level actions from being examined by low-level users– Information leakage
• Inference attack (indirect covert channel)
– Requires complete separation between security levels
![Page 36: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/36.jpg)
Noninterference Model
![Page 37: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/37.jpg)
Take-Grant Model
• Confidentiality-based.• Primary focus is on how subjects pass on their
“rights”.• Supports 4 basic operations:
– Take– Grant– Create– Revoke
![Page 38: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/38.jpg)
Security Modes
• Mode of operation which the DAA/AO accredits an IS to operate; based on:– Sensitivity of the information being processed.– Clearance levels of authorized users.– 4 modes:
• Dedicated • System High• Compartmented or Partitioned• Multilevel Security
![Page 39: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/39.jpg)
Security Modes
• Dedicated– Security clearance required for all data.– Approval required to access all data.– Need-to-know for all information.
• System High– Security clearance required for all data.– Approval required to access all data.– Need-to-know for some information.– Mode must provide audit trail capability.
![Page 40: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/40.jpg)
Security Modes
• Compartmented– Security clearance required for the highest level of
data classification on the system.– Approval required to access all data.– Valid Need-to-know for some information.
![Page 41: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/41.jpg)
Security Modes
• Multilevel– Security clearance where security clearance
dominates the file’s security label (using MAC).– Approval required to access data they will have
access to.– Valid Need-to-know for data they will have access
to.
![Page 42: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/42.jpg)
Security Modes
Dedicated System High Compartmented Multimode
Nondisclosure Agreement
Yes Yes Yes Yes
Clearance All All All Some
Formal Access All All Some Some
Need To Know All Some Some Some
![Page 43: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/43.jpg)
Orange Book• Trusted Computer System Evaluation Criteria• “Orange Book”: evaluates stand-alone
system’s functionality and trustworthiness.• Developed to evaluate standalone systems.• Basis of measurement is Confidentiality.• Four categories (A, B, C, D).• For each category, a higher number indicates a
more secure system.
![Page 44: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/44.jpg)
Orange Book• The Orange Book defines four categories
(broad hierarchical divisions) of security protection. In descending order of trust, they are:
A Verified protectionB Mandatory protectionC Discretionary protectionD Minimal security
![Page 45: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/45.jpg)
Orange Book• Each division consists of one or more numbered
classes, with higher numbers indicating a higher degree of security.
• For example, division C contains two distinct classes (C2 offers more security than C1); division B contains three classes ( B3 > B2 > B1 ); division A currently contains only one class (A1).
![Page 46: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/46.jpg)
TCSEC Categories• A – Verified protection
– A1 – Verified Design & Protection• For Top-Secret data
• B – Mandatory protection: based on Bell-LaPadula model and MAC– B3 – Security Domains
• Good for up to Secret data.• Must be able to boot “securely”.• Layering, abstraction, and data hiding required.
– B2 – Structured Protection• Must prevent covert channels.• Operator and admin functions are separated.• Process isolation implemented.• Must support hierarchical device labeling.
![Page 47: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/47.jpg)
TCSEC Categories– B1 – Labeled Security
• Security labels are required.• Sufficient enough to house classified data.• Provides mandatory access control.
• C – Discretionary protection: based on DAC– C2 – Controlled Access
• Users must be identified before gaining access to any system resource.• Object reuse protection.• Full auditing of security events.• Mandatory IDs.
– C1 – Discretionary Security• UserID and groups are used.• Implement access control lists.
• D – Minimal Security
![Page 48: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/48.jpg)
TCSEC
![Page 49: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/49.jpg)
TCSEC Measurement• The evaluation criteria for the Orange Book were
developed with three basic objectives:• Measurement: To provide users with a metric with
which to assess the degree of trust & assurance that can be placed in computer systems for the secure processing of classified, or other sensitive, information.
• For example, a user can rely on a B2 system to be “more secure” than a C2 system.
![Page 50: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/50.jpg)
TCSEC Guidance• Provides guidance to manufacturers as to what to
build into their trusted commercial products to satisfy trust requirements for sensitive applications.
![Page 51: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/51.jpg)
Orange Book Complaints• Model works only in a government classified
environment, and the higher levels of security aren’t appropriate for the protection of commercial data, where data integrity is the chief concern.
• Emphasizes protection from unauthorized access, while most security attacks actually involve insiders.
• Doesn’t address networking issues. Stand-alone only.
![Page 52: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/52.jpg)
Rainbow Series• The government produced a number of other
volumes interpreting Orange Book requirements. These are known collectively as the Rainbow Series, since each has a different cover color.
• Red Book – Trusted Network Interpretation
• Lavender Book – Trusted Data Base Management System Interpretation
• Green Book– Password Management Guideline
• Tan Book– Guide to Understanding Audit in Trusted Systems
• Purple Book– Guidelines for Formal Verification Systems
• Burgundy Book– Guide to Understanding Design Documentation in Trusted Systems
![Page 53: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/53.jpg)
Information Technology Security Evaluation Criteria• ITSEC• European Standard developed in the 1980’s• Designed to more flexible than TCSEC .• Evaluates all information security services.• Does not require a TCB.• Evaluation divided into 2 parts:
– Functionality (F)• F1 – F10
– Assurance (E)• E0 – E6
![Page 54: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/54.jpg)
Information Technology Security Evaluation Criteria
![Page 55: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/55.jpg)
Common Criteria• Globalized merger of ITSEC and TCSEC.• Defacto standard for evaluating systems.• Made an official standard by ISO (ISO 15408).• Signed by France, Germany, UK, USA, Austrailia, New
Zealand, and Canada in 1998.• Assurance categorized into one of seven Evaluation
Assurance Levels (EALs).• EALs provide a specific level of confidence in the
security functions of the system being analyzed.
![Page 56: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/56.jpg)
Common Criteria EALs• EAL 0 - Inadequate Assurance• EAL 1 - Functionally Tested• EAL 2 - Structurally Tested• EAL 3 - Methodically tested and checked• EAL 4 - Methodically designed, tested, & reviewed• EAL 5 - Semiformally designed and tested• EAL 6 - Semiformally verified design and tested• EAL 7 - Formally verified design and tested
![Page 57: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/57.jpg)
Standards OverviewTCSEC ITSEC CC Designation
A1 F6+E6 EAL 7 Verified Security
B3 F5+E5 EAL 6 Security Domains
B2 F4+E4 EAL 5 Structured Security
B1 F3+E3 EAL 4 Security Labels
C2 F2+E2 EAL 3 Controlled Access
C1 F1+E1 EAL 2 Discretionary Security
D E0 EAL 1 Minimal Security
![Page 58: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/58.jpg)
Certification• Verification & validation of a system and its
controls / safeguards.• Security evaluation criteria is compared to the
testing results.– Hardware, software, and configuration– Administrative, technical, and physical controls– Recertification is conducted at expiration or if
system is changed• Results of security review is certified by a CA.
![Page 59: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/59.jpg)
Accreditation• Management or Risk Authority compares system
capabilities, worth, and merit to the needs of the organization and its resources.
• Formal declaration to accept the operation and any system risks for specified period of time.
• Changes require recertification.• Types:
– Provisional / Conditional (Interim)– Full
![Page 60: ISA 400 Management of Information Security Philip Robbins – November 14, 2015 Security Architecture and Design Information Security & Assurance Program.](https://reader035.fdocuments.net/reader035/viewer/2022062805/5697bfc11a28abf838ca44f7/html5/thumbnails/60.jpg)
60
Quiz #7• Short answer, closed book, closed notes.