Security Event
An event on a system or network detected by a security device or application.
Security Attack
A security event that has been identified by correlation and analytics tools as malicious activity that is attempting to collect,disrupt,deny,degrade or destroy information system resources or the information itself.
Security Incident
An attack or security event that has been reviewed by security analyst and deemed worthy of deeper investigation.
Compliance Basics
Security
- Designed protection from theft or damage,disruption or misdirection.
- Physical controls - for the servers in the data centers
- Technical Controls
1.Features and functions of the service (e.g- encryption ).
2.What log data is collected
- Operational controls
1.How a server is configured,updated,monitored and patched.
- How stuff are trained and what activities they perform.
Privacy
- How information is used,who that information is shared with , or if that information s used to track users.
Compliance
- Tests that security measures are in place.
- Which and how many depend on the specific compliance.
- Often will cover additional non-security requirements such as business practices,vendor agreements,organizational controls etc.
Compliance
- Controls: Each compliance regime will have different controls and required proof points, 50-500 controls per compliance - focused on specific goals by the authors.
- Validate: Frequently but not always validated by an external auditor or separate assessor.
- Proven: Regarding how a system/solution is managed and that adherence to those controls can be proved.
- External: Often defined by an outside agency .
Security and compliance are deeply interlinked,but not the same.
Compliance are two main categories:
- Foundational: General specification,import but generally not legally required.Example: SOC,ISO
- Industry: Specific to an industry or dealing with a specific type of data. Often legal.Example: HIPAA,PCI DSS,FISC(JAPAN),FISMA,FedRAMP,FFIEC (US),EU/US model clauses.