Network Management

Security Monitoring and correlation

• Security monitoring and correlation are critical
components of a comprehensive security strategy.

• Security monitoring involves the continuous tracking

and analysis of security-related events in order to
detect and respond to security threats.

• Correlation, on the other hand, involves the analysis

of multiple security events and the identification of
patterns and relationships between them.
• The goal of security monitoring is to identify
potential security incidents before they become
serious threats.

• This involves the use of tools and techniques such as

intrusion detection systems (IDS), security
information and event management (SIEM) systems,
and log analysis tools to detect and alert security
personnel to suspicious activity.

• Once an alert is triggered, security personnel can

investigate the event further to determine the severity
of the threat and take appropriate action.
• Correlation is an important part of the security
monitoring process because it allows security
personnel to identify patterns and relationships
between seemingly unrelated security events.

• For example, an IDS might detect an attempted login

from an unknown user account.

• This event on its own might not be cause for alarm,

but if it is correlated with other events such as failed
login attempts from other accounts, it might indicate a
more serious security threat.
Benefits to implementing security monitoring and correlation.

• First, it allows organizations to detect and respond to

security threats more quickly, reducing the potential impact
of a security incident.

• Second, it helps organizations identify and mitigate security

vulnerabilities in their systems and networks.

• Finally, it provides valuable insights into the security

posture of an organization, allowing for continuous
improvement and refinement of security policies and
procedures.
 Security Management - Security and Policy Management
and Security Framework and Regulatory Compliance
Security and Policy Management

Security and Policy Management involves the development and implementation of

policies, procedures, and guidelines to ensure the security of an organization's
assets. This includes:
• Developing policies and procedures for access control: Access control policies
and procedures are put in place to control who has access to an organization's
resources. This includes implementing user authentication mechanisms, such as
passwords or two-factor authentication, and defining access levels based on job
roles or responsibilities.
• Developing policies for data classification: Data classification policies define the
categories of data an organization collects and stores and determine how the
data should be secured. This includes identifying sensitive data and
implementing appropriate security controls to protect it.
• Developing policies for incident response: Incident response policies outline the
procedures that an organization should follow in the event of a security incident.
This includes how to detect, contain, and remediate an incident and how to
communicate with stakeholders.
• Developing policies for security awareness training: Security
awareness training policies ensure that all employees are
trained in security best practices and are aware of their role in
maintaining the organization's security posture.

• Implementing security technologies: Security technologies

such as firewalls, intrusion detection systems, and encryption
are used to protect an organization's assets and ensure that
policies and procedures are enforced.
Security Framework and Regulatory Compliance:
Security Framework and Regulatory Compliance involve the
implementation of security frameworks and adherence to
regulatory compliance requirements. This includes:

• Implementing security frameworks: Security frameworks

provide a structured approach to security management by
defining a set of security controls and best practices that
organizations can follow to improve their security posture.
Examples of security frameworks include the National
Institute of Standards and Technology (NIST) Cybersecurity
Framework, the Payment Card Industry Data Security
Standard (PCI DSS), and the International Organization for
Standardization (ISO) 27001/27002.
• Adhering to regulatory compliance requirements:
Regulatory compliance refers to the requirement for
organizations to comply with laws and regulations that are
relevant to their industry or location. Compliance
requirements may include data privacy laws, financial
regulations, or industry-specific regulations such as the Health
Insurance Portability and Accountability Act (HIPAA) in the
healthcare industry. Compliance requirements can be complex
and require ongoing efforts to ensure that an organization is
meeting the necessary standards.

Overall, Security and Policy Management and Security

Framework and Regulatory Compliance are critical components
of Security Management that help organizations safeguard their
assets and comply with relevant laws and regulations.
 Best Practices Framework, Case Studies
A best practices framework is a set of guidelines or standards that
organizations can follow to achieve a specific goal or improve their processes.
In the context of security management, best practices frameworks are
designed to help organizations develop and implement effective security
strategies. Some examples of best practices frameworks include:
• National Institute of Standards and Technology (NIST) Cybersecurity
Framework: This framework provides guidelines for organizations to
manage and reduce cyber security risks. It includes five functions: Identify,
Protect, Detect, Respond, and Recover.
• Center for Internet Security (CIS) Controls: This framework provides a
set of best practices for organizations to improve their cybersecurity
posture. It includes 20 critical security controls that organizations should
implement to protect their assets.
• ISO/IEC 27001: This is a widely recognized international standard for
information security management systems (ISMS). It provides a
framework for implementing and maintaining effective security controls to
protect an organization's information assets.
Case Studies:
Case studies provide real-world examples of how organizations have implemented
security management strategies to protect their assets. They can be useful for
understanding how security frameworks and best practices can be applied in practice.
Here are some examples of security management case studies:
• Target data breach: In 2013, Target experienced a major data breach that resulted
in the theft of millions of customers' credit and debit card information. The breach
was caused by a vulnerability in Target's payment system and a failure to respond
to alerts from its security monitoring system. The incident highlights the
importance of implementing effective security controls and incident response
procedures.
• Equifax data breach: In 2017, Equifax experienced a data breach that exposed the
personal information of millions of customers. The breach was caused by a
vulnerability in a web application that Equifax had failed to patch. The incident
highlights the importance of implementing vulnerability management processes
and ensuring that all systems are regularly patched and updated.
• WannaCry ransomware attack: In 2017, a global ransomware attack known as
WannaCry affected hundreds of thousands of computers in more than 150
countries. The attack was caused by a vulnerability in Microsoft Windows that had
been exploited by a hacking group. The incident highlights the importance of
implementing effective security controls, including patch management, and having
incident response procedures in place.