CRISC Domain 4 Data Collection and Extraction Tools and Techniques.pdf
0 likes19 views
The document outlines key concepts related to risk management in cybersecurity, emphasizing the importance of data sources for effective risk assessments and incident monitoring. It discusses various methods such as vulnerability assessments, penetration testing, and the alignment of risk management with audit programs to enhance security controls. Additionally, the document highlights the use of external sources, control monitoring, and maturity models to ensure continuous improvement and compliance in risk management processes.
CRISC Domain 4 Data Collection and Extraction Tools and Techniques.pdf
- 2. www.infosectrain.com INTERNAL DATA SOURCES CRISC DOMAIN 4 Prior risk assessments Project documents (risk logs, lessons learned) Tickets from change, problem, release, con๏ฌguration, asset, and incident management systems Audit and incident reports User feedback and observation Interviews with management Security and test reports Event and activity logs
- 3. www.infosectrain.com CRISC DOMAIN 4 LOGS Identify security violations and assist in forensics Capture and store data for analysis Alert to malicious activity Trade-off between speed, detail, and utility Examples: Time synchronization of log entries IDS/IPS logging
- 4. www.infosectrain.com SMART CRITERIA SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) Analyze system, application, and network activity Capture data from multiple sources Detect attacks in progress Highlight relationships among activities Examples: Correlation based on type, timing, sequence
- 5. www.infosectrain.com CRISC DOMAIN 4 INTEGRATED TEST FACILITIES (ITF) Test data through production systems Examples: Observe the operation of production systems Fictitious customers or transactions
- 6. www.infosectrain.com CRISC DOMAIN 4 EXTERNAL SOURCES OF INFORMATION CERT/CIRT advisories Security company reports Examples Regulatory bodies Peer organizations Media reports Verizon Data Breach Investigations report Government cybersecurity monitoring services
- 7. www.infosectrain.com EFFECTIVE CONTROL MONITORING CONTROL ASSESSMENT TYPES Ensure data accuracy and completeness Encourage local ownership of risk and control monitoring Prefer data retrieved directly by risk practitioner
- 8. www.infosectrain.com CRISC DOMAIN 4 Align risk management program with audit program Independent and objective review of control environment Update risk action plans and risk register Enhance controls Examples: Review of access control policies Examination of incident response plans IS AUDIT
- 9. www.infosectrain.com CRISC DOMAIN 4 VULNERABILITY ASSESSMENT Methodical review of security Scope ranges from single system to entire business process Inform management of risk management effectiveness Recommend new controls Understand existing security controls Use tools for automation or supplementation Regular and rigorous assessment Examples Scanning for open ports Checking for outdated software
- 10. www.infosectrain.com CRISC DOMAIN 4 PENETRATION TESTING Validate vulnerability assessment (white hat) Test systems believed to be secure (black hat) Examples Use same tools as malicious hackers Management approval and oversight required Targeted attempt to break into an environment Attempting to exploit a known vulnerability Social engineering attacks
- 11. www.infosectrain.com CRISC DOMAIN 4 THIRD-PARTY ASSURANCE External IS audit or compliance certi๏ฌcation Earn customer and shareholder con๏ฌdence Evaluate processes and validate compliance SSAE 16 for third-party service suppliers Examples: ISO/IEC 27001 certi๏ฌcation PCI DSS compliance audit
- 12. www.infosectrain.com CRISC DOMAIN 4 MATURITY MODEL ASSESSMENT AND IMPROVEMENT TECHNIQUES Commitment to continuous improvement Capability Maturity Model (CMM) Mature risk management program Prevent, detect, and respond to security events and risk scenarios Learning from past events Develop skills, tools, and team Consistency in risk identi๏ฌcation, assessment, mitigation, and monitoring Level 1: Performed - Process achieves its purpose Level 0: Unde๏ฌned and ad hoc activities Level 2: Managed - Process is planned, monitored, and adjusted Level 3: Established - Process is de๏ฌned and capable of achieving outcomes Level 4: Predictable - Process operates within de๏ฌned limits Level 5: Optimized - Process is continuously improved
- 13. To Get More Insights Through Our FREE FOUND THIS USEFUL? Courses | Workshops | eBooks | Checklists | Mock Tests LIKE FOLLOW SHARE