Chapter 11: Security Maintenance

Digital forensics helps an organization understand what happened, and how, after an incident.

An effective information security governance program requires no ongoing review one it is well-established.

External monitoring entails collecting intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers within the organization.

US-CERT is generally viewed as the definitive authority for computer emergency response teams.

Intelligence for external monitoring can come from a number of sources: vendors, CERT organizations, public network sources, and membership sites.

The internal monitoring domain is the component of the maintenance model that focuses on identifying, assessing, and managing the physical security of assets in an organization.

Inventory characteristics for hardware and software assets that record the manufacturer and versions are related to technical functionality and should be highly accurate and updated each time there is a change.

An intranet vulnerability scan starts with the scan of the organization's default Internet search engine.

Wireless vulnerability assessment begins with the planning, scheduling, and notification of all Internet connections, using software such as Wireshark.

Remediation of vulnerabilities can be accomplished by accepting or transferring the risk, removing the threat, or repairing the vulnerability.