3 minute read
Table 1: Roles and responsibilities
2.2 Network security management
Once networks have been designed and implemented based on a clear set of security requirements, there is an ongoing responsibility to manage and control the secure networking environment to protect the organization’s information in systems and applications. This should be achieved via controls in the following areas.
2.2.1 Roles and responsibilities
Roles and responsibilities for the management and control of networks must be clearly defined. In order to provide effective segregation of duties, the operation of networks is managed separately from the operation of the rest of the infrastructure such as servers and applications. This segregation of duties is detailed in the following table:
MANAGER ROLE TEAM
Network manager Network and Communications Management
Network Operations Manager Network Operations
Computer Operations Manager Computer Operations
Information Security Manager Information Security
Table 1: Roles and responsibilities
MAIN RESPONSIBILITIES
Design and implementation of new and changed networks Installation and removal of networking equipment Configuration of networking equipment Third line incident management.
Network availability monitoring Network intrusion monitoring Second line incident management Configuration backups Patching and updates Setup and management of remote access users
Server and application backups Job scheduling Infrastructure monitoring First line incident management Configuration standard reviews Firewall and Router rule reviews
Ensure Information is classified and protected in accordance with appropriate standards e.g. PCI DSS (Cardholder Data) and GDPR (Personally Identifiable Information)
2.2.2 Logging and monitoring
Logging levels on all network devices must be configured to collect data centrally using a Security Information and Event Management (SIEM) tool, in accordance with organization policy (see Procedure for Monitoring the Use of IT Systems), and logs monitored on a regular basis. All logs will be kept for a minimum period of 1 year.
Typical attributes to be recorded within logs include but are not limited to:
• User identification • Type of event • Date and time • Success of failure indication • Origination of event • Identity or name of affected data, system component, or resource
Firewall logs must be monitored for signs of excessive port scanning which may be a precursor to a remote attack. Where installed, a Network-based Intrusion Detection System (NIDS) should be configured to alert the Network Operations team of this activity.
Network monitoring for performance and availability will be achieved using an appropriate SNMPbased network management tool (such as Nagios, Solar Winds or WhatsUp Gold) and recovery actions automated where possible.
Alerts from the Network Access Control (NAC) system must be addressed immediately to ensure that clients that do not meet minimum security requirements are only allowed access to a quarantined subset of systems on the network.
2.2.3 Network changes
All changes to network devices will be subject to the change management process (see Change Management Process) and appropriate risk assessment, planning and back-out methods put in place. Configuration records must be updated whenever such changes are carried out so that a current and accurate picture of the network is always maintained.
2.2.4 Network security incidents
Network events which are deemed to be security incidents must be recorded and managed according to the Information Security Incident Response Procedure.
2.2.5 Security testing
A fundamental part of network security and vulnerability management is the ability to test and verify the strength of the organization’s security controls against ever changing cyber threats. The results of security testing must be risk assessed and applied to the treatment process to remediate any vulnerabilities found. Please refer to the Technical Vulnerability Management Policy and Risk Assessment and Treatment Process for more information.
3 Conclusion
Network security is a cornerstone of [Organization Name]’s defences against many of the threats with which we are faced. Only by designing effective security into every new system and network from the very beginning can effective control be maintained, and risk minimised. Further to this, additional controls must be implemented which ensure that proper segregation of duties is achieved and changes to the network environment happen in a managed way.
Combined with watchful monitoring of the network itself and the tools put in place to manage it, this should ensure that the number and severity of network security incidents is minimised and our exposure from those that do occur is not as great as it otherwise might have been.
