Detective vs Preventative controls
There are several different types of controls that can be used to provide a level of Information Security.
Two of these are Detective and Preventative.
Detective controls may involve monitoring, administrative event justification, log parsing and intrusion detection systems.
Preventative controls would include access control based on least privilege, restricted group enforcement, Group policy system configuration, disabling of various features of portable media connection such as USB and serial ports.
Really both of these methods should be employed. There are examples of company's that rely heavily on technical controls, locking down almost everything that appears to have a security element to it.
Other firms allow users with high level privileges to log onto their workstations with Domain Administrator rights, and conduct all their information worker tasks (email, word processing etc)
The problem with relying on detective controls only, is that you are only dealing with the issue after the event, sop if a contractor on a weeks contract performs some justifiable action, he may have long gone when the damage is noticed. It is a 'after the horse has bolted approach'.
Conversely, if preventative controls are all that are used, then the gaps in the controls (yes there are certain to be things that get missed or misconfigured), or ingenious developers find ways around the controls, then this can pass unnoticed.
It is important therefore to have the right mix of preventative and detective controls for your environment. What is the right mix? This will depend on the threats that your organisation faces, the vulnerabilities in the systems you use and the overall risk sensitivity of the organization.
Two of these are Detective and Preventative.
Detective controls may involve monitoring, administrative event justification, log parsing and intrusion detection systems.
Preventative controls would include access control based on least privilege, restricted group enforcement, Group policy system configuration, disabling of various features of portable media connection such as USB and serial ports.
Really both of these methods should be employed. There are examples of company's that rely heavily on technical controls, locking down almost everything that appears to have a security element to it.
Other firms allow users with high level privileges to log onto their workstations with Domain Administrator rights, and conduct all their information worker tasks (email, word processing etc)
The problem with relying on detective controls only, is that you are only dealing with the issue after the event, sop if a contractor on a weeks contract performs some justifiable action, he may have long gone when the damage is noticed. It is a 'after the horse has bolted approach'.
Conversely, if preventative controls are all that are used, then the gaps in the controls (yes there are certain to be things that get missed or misconfigured), or ingenious developers find ways around the controls, then this can pass unnoticed.
It is important therefore to have the right mix of preventative and detective controls for your environment. What is the right mix? This will depend on the threats that your organisation faces, the vulnerabilities in the systems you use and the overall risk sensitivity of the organization.
posted by Paul Vincent at 7:45 AM
-730534.jpg)
0 Comments:
Post a Comment
<< Home