|
A
policy must determine what assets need to be protected, determine what attacks
need to be mitigated, how to mitigate the attacks including technology and
procedural, and how to detect attempted attacks.
· Asset
Protection: In order to determine which assets need to be protected, all
aspects of the “value” of an asset needs to be determined. This means that
legal, community good will, asset value, and cascade effects (if an attack did
compromise a particular asset) need to be taken into account. Since it is not
possible to secure every asset in the infrastructure, it is recommended that
the high risk or high-value assets be protected first.
· Determining what
Attacks to Mitigate: The requirements process must determine what is the
cost/benefit/probability of a successful attack and what form such an attack
might take. The higher the probability of success indicates the higher need for
mitigation.
· Mitigation
Strategies: The security services, discussed in this report, provide
suggestions in regards to how to mitigate many of the threats. It is up to each
security domain (SMI) to determine the best method to mitigate the attack and
then write the appropriate policies to reflect that intent.
· Attack
Detection: Since there is no absolute security, detection of an attempted
attack is an important objective of any security policy. For each asset being
secured, a mechanism for detecting attempted/successful attacks needs to be
part of the policy and it MUST be implemented and monitored on a constant
basis.
As
part of the requirement process, ISO/IEC 15408 (e.g. the standardized version
of the NIST Common Criteria) should be used as a basis for the technological
requirements assessment and determining threats and mitigation strategies.
The
requirements phase of policy development must also take into account risk
assessment.
|
