The SANS Technology Institute defines security controls as:
Security controls are technical or administrative safeguards or counter measures to avoid, counteract or minimize loss or unavailability due to threats acting on their matching vulnerability, i.e., security risk.
The article goes on, but this is good for my purposes. So get to the point, I decided to pull a portion of a security control from NIST 800-53 Rev. 4, SI-3 MALICIOUS CODE PROTECTION.
A security control in SP 800-53 has the following format:
- control section
- supplemental guidance section
- control enhancements section
- references section
- priority and baseline allocation section
Control: The organization:
a. Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code;
- 1. Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and
- 2. [Selection (one or more): block malicious code; quarantine malicious code; send alert to administrator; [Assignment: organization-defined action]] in response to malicious code detection; and
d. Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.
Anyway, I do not want to recreate or copy the entire control here. As a note, I chose this control to examine because this is a control that every user can relate. Next, week I will take SI-3 and look at the control in NIST SP 800-53A Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans.
No comments:
Post a Comment