GOOD PRACTICE GUIDE 13 (GPG13)



Similar documents
McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

McAfee Security Architectures for the Public Sector

Database Security in Virtualization and Cloud Computing Environments

Solutions Brochure. Security that. Security Connected for Financial Services

How To Buy Nitro Security

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Total Protection for Compliance: Unified IT Policy Auditing

White Paper. Emergency Incident Response: 10 Common Mistakes of Incident Responders

White Paper. Network Management and Operational Efficiency

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements

How To Protect Your Data From Attack

McAfee Web Reporter Turning volumes of data into actionable intelligence

Caretower s SIEM Managed Security Services

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

Encryption Made Simple

IBM QRadar Security Intelligence April 2013

Clavister InSight TM. Protecting Values

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

GPG13 Protective Monitoring. Service Definition

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

Assuria from ZeroDayLab

QRadar SIEM 6.3 Datasheet

Bypassing CAPTCHAs by Impersonating CAPTCHA Providers

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements with Enterasys SIEM

White Paper. PCI Guidance: Microsoft Windows Logging

McAfee Network Security Platform Administration Course

McAfee Network Security Platform Services solutions for Managed Service Providers (MSPs)

PSN Protective Monitoring. Service Definition

McAfee Server Security

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

White Paper. Scalable Network Security for the Virtualized Data Center

Automation Suite for. GPG 13 Compliance

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

SANS Top 20 Critical Controls for Effective Cyber Defense

Overcoming PCI Compliance Challenges

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Technology Blueprint. Protect Your VoIP/SIP Servers. Insulating your voice network and its servers from attacks and disruption

Software that provides secure access to technology, everywhere.

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

FISMA / NIST REVISION 3 COMPLIANCE

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

End-user Security Analytics Strengthens Protection with ArcSight

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

McAfee Next Generation Firewall

McAfee Enterprise Mobility Management

PCI v2.0 Compliance for Wireless LAN

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents

Service Definition Document

Intel Security Certified Product Specialist McAfee Network Security Platform (NSP)

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Compliance Guide: PCI DSS

North American Electric Reliability Corporation (NERC) Cyber Security Standard

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

Data Loss Prevention Best Practices for Healthcare

Protect Your Universe with ArcSight

Identity in the Cloud

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

CyberArk Privileged Threat Analytics. Solution Brief

Feature. Log Management: A Pragmatic Approach to PCI DSS

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

10 Quick Tips to Mobile Security

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

How To Secure Your System From Cyber Attacks

The webinar will begin shortly

Q1 Labs Corporate Overview

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Guideline on Auditing and Log Management

developing your potential Cyber Security Training

Trend Micro. Advanced Security Built for the Cloud

End-to-End Application Security from the Cloud

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

McAfee epolicy Orchestrator

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Recent Advances in Web Application Security

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Is your SIEM ready.???

The Benefits of an Integrated Approach to Security in the Cloud

Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs

Transcription:

GOOD PRACTICE GUIDE 13 (GPG13)

GPG13 - AT A GLANCE Protective Monitoring (PM) is based on Good Practice Guide 13 Comprises of 12 sections called Proactive Monitoring Controls 1-12 Based on four Recording Profiles;,, and. Protective Monitoring and GPG 13 names are sometimes used interchangeably. GPG 13 is a framework of people, businesses and processes Designed to reduce risk Strong recommendation for all HMG ICT Systems and compulsory for systems that store high impact level data. Goal is provide an operational insight of IT use and abuse Background In order to gain access and share information that resides on the Government Connect Secure Extranet (GCSX), all public sector organisations are required to comply with published standards that have existed for many years. These organisations include both central government departments and local authorities. For example, the most well-known compliance requirement that local authorities must demonstrate is adherence to Code of Connection (CoCo) which came into effect in 2009. CESG, the Government s National Technical Authority for Information Assurance, added 35 guides as part of CoCo. These guides are widely known as Good Practice Guides and were created to help organisations manage risk effectively in areas many areas including remote working, offshoring, virtualisation and forensics. What is GPG13? Of the 35 guides the Good Practice Guide 13 (GPG13) defines requirements for 12 Protective Monitoring Controls (PMC) which comprise of tasks such as event log management and use of intrusion detection and prevention systems. Local authorities are required to conform to GPG13 in order to prevent accidental or malicious data loss. As connection to GCSX encompasses access to sensitive and confidential data, compliance with GPG13 is imperative for protecting privacy and preventing data breaches. GPG13 It is imperative that log is collected from systems that provide the security mechanisms. GPG13 has four Recording Profiles that roughly map to the HMG Information Assurance Standard Segmentation Model which has four hierarchical segments;,, and. The necessary controls are all related to all aspects logging, recording, reporting of network traffic flows, critical events and activities as defined below. PM / GPG 13 is mandated by the Security Policy Framework which is published by the UK Cabinet Office Obligation to be of public domain threats, common attack vectors and known vulnerabilities. Obligation to an attack from a skilled hacker. Appropriate controls should be in place to such an attack. Obligation to both Detect the attack and Resist the attack from a sophisticated attacker. Obligation to against an attack from a sophisticated attacker.

GPG13 Guidelines for Log Management Log management is the key and mandatory component for government departments to achieve GPG13 compliance. Networks nowadays produce millions of logs from across the entire infrastructure that are required to be captured, analysed, alerted upon and stored daily. This is an enormous task that IT staff has to endure in developing and managing log data efficiently to help solve complex compliance challenges. Data required for GPG 13 is collected from systems that are in place to secure organisations and includes firewall logs, intrusion systems and alerts from operating systems. As part of meeting GPG13 requirements, the guidelines below must be followed. Achieving GPG 13 Compliance with McAfee To help organisations meet GPG13 compliance, the SIEM (Security Information Event Management) solution from McAfee forms the essential component that delivers data monitoring and collection requirements at all the 12 Protective Monitoring Control levels. McAfee SIEM is complimented by additional McAfee technologies that is a combination of perimeter security, intrusion detection/ prevention systems, end point protection and two-factor authentication all of which are integrated to form the Security Connected framework. The amalgamation of different solutions ensure system activity logs, real time file integrity control, privileged identity activity and critical application session data seamlessly fall under the SIEM reporting umbrella. Segment (Risk Level) Log Retention Period Log Checks Console Manning Compliance Review Period (Medium) (Medium-High) Up to 3 months 3 to 6 months a month a week Not always but alerts form critical conditions must be managed Only during core business hours At least annually (High) (Very High) 6 to 12 months More than 12 months a day every hour Always manned At least every 6 months At least every quarter GPG13 Guidelines for Incident Response Any alerts generated require a response and depending on the severity service level agreements need to be established as outlined below: Segment (Risk Level) Preliminary Response Analysis Instigated (Medium) Less than 1 day No Guidance (Medium-High) Less than 4 hours Within 2 days (High) Less than 1 hour Within 1 day (Very High) Less than 30 minutes Within 4 hours

The following table illustrates a direct one-one mapping of the PM Controls to the McAfee solutions where SIEM is the integral constituent. PMC #1 - Accurate time in logs Time stamps compared to thresholds to look for discrepancies and compliment with external time source. PMC #2 - Recording relating to business traffic crossing a boundary Collection and analyses of logs from perimeter security, end point security and asset database all collected centrally. PMC #3 - Recording relating to suspicious activity at a boundary Collection and analyses of logs from firewalls. IDS/IPS, authentication controls, end point protection and other systems used at the boundary. PMC #4 - Recording of workstation, server or device status Collection and analyses of logs from workstation. Servers, network devices, security devices, databases and applications. PMC #5 - Recording relating to suspicious internal network Collection and analyses of logs from diverse systems such as authentication systems, networks services (DNS, DHCP, WINS), firewalls, databases and network traffic. PMC #6 - Recording relating to network connections Collection and analyses of logs from diverse systems such as authentication systems, networks services (DNS, DHCP, WINS), firewalls, databases and network traffic. PMC #7 - Recording of session activity by user and Workstation Import users and workstations from provisioning systems such as Active Directory. McAfee collects logs centrally for auditing, analyses and alerting. PMC #8 - Recording of data backup status Collect logs from external backup systems. PMC #9 - Alerting critical events McAfee is able send critical alerts to third party service management systems such as BMC and HP. PMC #10 - Reporting on the status of the audit system The system is able to alert on its health for any failures and thresholds. PMC #11 - Production of sanitised and statistical management reports McAfee provides high-level reports and dashboards out of the box. Report data can be exported to PDF, XML, CSV and HTML. PMC #12 - Providing a legal framework for Protective Monitoring activities Collected logs are normalised for management and auditing purposes by McAfee SIEM. In addition logs are stored and retained in original/raw format for forensics and legal requirements. File Integrity Change Control File Integrity Change Control McAFEE VALUE FOR GPG 13 COMPLIANCE Key benefits McAfee SIEM is positioned as a Leader by Gartner for completeness of vision and ability to execute Experienced and trained McAfee Professional Services can work with organisations to achieve GPG 13 requirements McAfee SIEM provides GPG 13 out of the box and does not require additional licenses as some other vendors. Built-in capability to collect log data from over 300 data sources with ability to create additional as required. GPG 13 reports and dashboards are pre-built with options to create custom as required The Security Connected approach provides a framework for cost effective management where multiple technologies are integrated seamlessly. Log management solutions are complex and costly. McAfee SIEM can be set-up quickly and easily with minimum effort. Operational benefits Global view of the security countermeasures and insight into the security landscape. Minimum administration overhead as McAfee SIEM is designed to with specifically for log management. Log data views can be changed from years to seconds instantaneously Reduces overhead in identifying threats from days to seconds with the integration into GTI. Reduced deployment cost with out of the box functionality Integration into the complete McAfee management platform with feeds from GTI (Global Threat Intelligence) Unparalleled performance and scalability with log collection capability of 300,000 EPS Fully context and content awareness to ascertain risk levels Collected log data stored in two places ; original format for forensics and secondly correlation

About McAfee McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world s largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse, and shop the web more securely. Backed by its unrivaled global threat intelligence, McAfee creates innovative products that empower home users, businesses, the public sector, and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. http://www.mcafee.com 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2013 McAfee, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information