Industry Insights

Submitted by shevorne.desil… on Mon, 02/26/2024 - 20:14
Sub Topics

This topic will introduce the job roles, industry applications, terminology and definitions relevant to working with an array of networking tools to maintain high-security networks.

  • Job roles and responsibilities
  • Standards and guidelines
  • Policies, procedures and processes
  • Processes and task requirements
  • Documentation and recommendation formats

Let us begin.

Types of Job Roles

This module covers a wide range of information and communications technology (ICT) skills and knowledge that enable individual who may work in technical management support and security roles with responsibility for maintaining network security.

The skills gained from completing this module will enable you to:

  • work in technical management support and security roles
  • select, operate and test an array of networking tools to maintain high-security networks.

Security Roles and Responsibilities

The following video discusses the different types of security roles and their responsibilities.

Work Health and Safety (WHS) Standards in Australia

In Australia, work health and safety (WHS) standards play a crucial role by ensuring that workplaces adhere to regulations that promote the safety and well-being of employees involved in network security operations.

For example, in New South Wales (NSW), Australia, work health and safety (WHS) standards and legislative requirements are governed by the Work Health and Safety Act 2011 and the Work Health and Safety Regulation 2017.

These standards require organisations to implement measures such as risk assessments, employee training, and the provision of appropriate safety equipment to minimise hazards related to network security work.

WHS Procedures in an ICT Work Environment

Work health and safety procedures for tasks involving selecting, operating, and testing networking tools to maintain high-security networks should prioritise both the safety of the workers and the security of the network.

The following video provides an overview of the procedures for ensuring electrical safety when working with live electrical equipment.

Legislative Requirements Related to Work Tasks

Legislative requirements mandate that employers provide a safe workplace, including appropriate training for employees on the proper use of network tools and compliance with cybersecurity practices. Additionally, the WHS framework promotes consultation and cooperation between employers and employees to enhance safety measures collectively.

Organisational policies and procedures within IT companies typically align with these standards and address specific industry-related risks. By complying with WHS standards and legislative requirements, organisations can create a safer working environment for employees, reduce the risk of accidents or incidents that could compromise network security, and ultimately contribute to maintaining the integrity and confidentiality of sensitive information within secure networks.

The following activity to help you understand the specific legislative requirements that relate to specific work health and safety responsibilities.

Practice

Refer to the Work Health and Safety Act 2011 and find out the relevant sections of the act that outline the legislative requirements concerning:

  • Duty of care
  • Control of risks
  • Electrical Safety
  • Risk management
  • Training and instruction
  • Consultation and participation
  • Ergonomics and Safe Work Practices

Security Guidelines

Security guidelines for maintaining high-security networks typically encompass a range of functions and features aimed at safeguarding network infrastructure, data, and systems from unauthorised access, breaches, and other security threats. These guidelines serve as a framework for implementing best practices and procedures to mitigate risks effectively. Here are some of the key functions and features:

  • Establishing stringent access controls to limit network access only to authorised personnel. This involves authentication mechanisms like passwords, multi-factor authentication, and role-based access control (RBAC).
  • Implementing encryption protocols to secure data transmission and storage, preventing unauthorised interception or access to sensitive information.
  • Deploying firewalls to monitor and control incoming and outgoing network traffic, along with intrusion detection/prevention systems to detect and respond to malicious activities in real-time.
  • Regularly scanning the network for vulnerabilities and applying patches and updates promptly to address security weaknesses.
  • Employing endpoint protection solutions such as antivirus software, endpoint detection and response (EDR), and mobile device management (MDM) to secure devices connected to the network.

The Australian Signals Directorate (ASD) had developed frameworks, manuals and guidelines to help organisations enhance their network systems security. Refer to the following reading list.

a man working and lecturing his colleagues at a office

Definitions

  • Policy - A high-level statement or guideline that outlines the organisation's goals, objectives and the principles that should govern activities that relate to maintaining high-security networks.
  • Processes - A series of structured activities and tasks designed to achieve a specific business goal or outcome. Furthermore, a business process defines how to select, operate and test network tools to support the organisation's operations.
  • Procedures: - A step-by-step set of instructions or guidelines that specify how a particular task or operation should be performed. Procedures are highly detailed and provide specific guidance for carrying out activities.

Examples of Policies and Procedures

Organisations in Australia, especially those involved in maintaining high-security networks, typically implement specific policies and procedures to ensure the confidentiality, integrity, and availability of sensitive information.

While these may vary among organisations, following are some of the common policies and their relevant procedures.

Access control policy
  • Defines procedures for granting, modifying, and revoking access to network resources.
  • Enforces the principle of least privilege to limit access based on job responsibilities.
  • Requires strong authentication mechanisms, such as multi-factor authentication.
Network security policy
  • Outlines guidelines for configuring and securing network devices, including firewalls, routers, and switches.
  • Defines procedures for monitoring and logging network activities.
  • Specifies protocols for intrusion detection and prevention.

The SANS Institute provides a comprehensive list of Security Policy Templates together with the ‘NIST Cybersecurity Framework’, ‘Policy Template Guide’ compiled in collaboration with subject matter experts and leaders in information security.2

These policies and procedures collectively contribute to a comprehensive cybersecurity framework, aligning with industry best practices and regulatory requirements, to safeguard high-security networks in Australian organisations. Regular reviews and updates are essential to address emerging threats and maintain the effectiveness of security measures.

The Application of Policies and Procedures

The following video explains the importance of having policies and procedures to provide a unified approach to security with examples of their applications.

Practice

Refer to the SANS Institute's Security Policy Templates and the ‘NIST Cybersecurity Framework’, ‘Policy Template Guide’ and do the following.

  1. Make a list of the names of policy documents that apply when maintaining high-security networks using network tools.
  2. Download a copy of the template documents for each policy in your list.
  3. Read through each policy document template and identify 2-5 key procedures within each policy.
young it engeneer business man with thin modern aluminium laptop in network server room

Maintaining high-security networks requires adherence to key organisational processes and requirements to effectively carry out work tasks.

Let us now explore some of the work tasks and their associated processes and requirements.

Backing up and restoring operations

Backup and restore operations are essential for data management, ensuring the preservation and recovery of valuable information in case of loss or corruption. These tasks involve creating copies of data, storing them securely, and restoring them when needed. Effective backup strategies include regular scheduling, verification of backups, and adherence to retention policies to maintain data integrity and continuity of operations.

Generally, a backup and restore policy would:

  • define procedures for regular data backups and testing of recovery processes
  • specify storage locations, retention periods, and encryption practices for backups
  • ensure the organisation's ability to restore operations in the event of a security incident.

Additionally, refer to the resources in the following reading list to learn more about backup and restore task requirements and processes.

Backup Operations

The following video explains the importance of conducting system backups and the associated task requirements, policies and industry-standard security guidelines.

Restoring Operations

The following video explains the task requirements related to restoring backups. Pay attention to the different methods available when performing restore tasks and their importance.

Practice

Refer to the following resources that relate to the Essential Eight Maturity Model and find out the requirements for conducting regular backups for an organisation that wants to implement 'Maturity Level Two'.

Updating Settings

Updating settings is crucial for maintaining system functionality and security. It involves modifying configurations, preferences, or parameters to reflect changes in requirements or preferences. Tasks include identifying the settings to be updated, understanding their impact on the system, and implementing changes effectively. Proper documentation, testing, and user communication are essential to ensure smooth transitions and minimise disruptions to operations. It is also important to follow organisational policies and procedures when conducting this type of task.

For example, a ‘Patch management policy’ would:

  • establish procedures for the timely application of security patches
  • define the process for testing patches in a controlled environment before deployment
  • ensure coordination between IT teams to minimise downtime during patching.

Refer to the resources in the following reading list to learn more about requirements related to updating settings in organisational systems.

The following video discusses and demonstrates the process of updating settings in operating systems to maintain security. This involves tasks such as limiting administrative access, patch management, and system hardening. Pay attention to the process requirements involved in each task and the specific procedures followed.

Reporting Security and Software Updates

Maintaining high-security networks necessitates a well-defined set of organisational processes and requirements for reporting security incidents and implementing software updates.

By integrating these processes and requirements into the organisational framework, high-security networks can effectively respond to incidents, manage vulnerabilities, and ensure the prompt implementation of software updates. This proactive approach helps minimise security risks, enhance network resilience, and maintain a strong security posture over time. Regular reporting and documentation facilitate ongoing improvement and alignment with emerging security challenges.

Some of the processes and requirements for reporting security and software updates are as follows.

Incident reporting process

This involves establishing a clear procedure for reporting incidents such as designated points of contact and escalation paths. It also defined severity levels and response times, ensuring timely identification and containment of security issues.
Documentation and reporting

This involves maintaining detailed records of security incidents, including root cause analyses and remediation efforts. Regular reports should be generated that summarises security postures, incident trends and status of software updates for management review.
Communication protocols

This defines communication channels for reporting incidents and disseminating information about software updates. It is important to establish clear lines of communication between IT teams, stakeholders, and relevant authorities during security incidents.
Continuous monitoring

It is beneficial to implement continuous monitoring tools to detect anomalies and potential security threats in real-time. This involves establishing a response framework for immediate action upon identifying suspicious network behaviour.
Compliance monitoring

This involves aligning security processes with industry standards and regulatory requirements. Regular compliance checks should also be established to ensure adherence to security policies and timely implementation of updates.
Change management

This involves instituting a robust change control process to review and authorise modifications to the network infrastructure. Also includes conducting thorough impact assessments to minimise disruptions and security risks associated with changes.
Patch management

This involves the development of a patch management policy outlining the process for identifying, testing, and deploying security updates. Regular and timely application of patches is important to address software vulnerabilities and minimise the risk of exploitation.
Vulnerability management

A systematic vulnerability assessment process helps identify and prioritise potential security weaknesses in organisational systems. This involves defining procedures for reporting and addressing vulnerabilities, including timelines for patching or mitigating risks.

For example, the following video explains what is involved when reporting security incidents.

Raising Threats and Alerts to Supervisory Personnel

The next step after identifying threats and alerts, is to raise them to supervisory personnel so that the necessary IT risk decisions can be made.

Following are some of the requirements when raising threats and alerts.

  • A well-defined incident response plan that outlines the roles and responsibilities of supervisory personnel in responding to different types of threats. Regular training and drills ensure that the team is well-prepared to handle various scenarios.
  • Clear communication channels are vital for alerting supervisory personnel of any threats and alerts promptly. Implementing a centralised communication platform allows for real-time notifications and collaboration among team members. Additionally, establishing escalation procedures ensures that critical threats are escalated to higher management levels promptly.
  • Documentation and analysis of past incidents play a crucial role in refining and improving the response process. Regular reviews of the incident response plan and continuous updates to address emerging threats are essential to stay ahead of potential risks.
  • Compliance with relevant regulations and standards is also an essential requirement. Adhering to industry-specific guidelines and legal requirements ensures that the organisation maintains a secure and compliant posture. Regular audits and assessments help validate the effectiveness of the threat response processes and identify areas for improvement.

The following video explains how IT risk decisions can be communicated to supervisory personnel.

The Essential Eight Maturity Model provides guidelines on the processes how and whom to report identified cyber security threats, alerts and incidents.

Practice

Refer to the Essential Eight Maturity Model | Cyber.gov.au and identify the requirements for raising cybersecurity threats and alerts to supervisory personnel in an organisation that wants to implement ‘Maturity Level Two’ .

Casual man in eyeglasses looking through papers working in office

Documentation Formats

Organisations should adopt clear documentation formats to communicate information and recommendations regarding network tools for maintaining high-security networks. Some common characteristics of these documentation formats include the use of:

  • standardised templates for documentation to ensure consistency and facilitate ease of understanding
  • detailed sections for tool specifications, tool functionalities, deployment guidelines, installation procedures, configuration settings and security best practices
  • an executive summary highlighting the importance of the tools in enhancing network security
  • illustrative examples, diagrams, and step-by-step guides to enhance clarity
  • recommendations for periodic updates, patches, and potential issues
  • a troubleshooting section and details of contact points for further assistance.

Standardised organisational formats foster comprehensibility, aid in training, and contribute to the overall effectiveness of high-security network maintenance.

Examples of Documentation Formats

In an organisation, reporting on security and network tools typically involves several documentation formats to effectively communicate various aspects of the tools' performance, findings, and recommendations. Some commonly used documentation formats in this context include:

  • Security incident reports: These reports document any security incidents that have occurred within the organisation, including the nature of the incident, its impact, remediation steps taken, and recommendations for preventing similar incidents in the future.
  • Vulnerability assessment reports: These reports provide an overview of vulnerabilities identified within the organisation's network, systems, and applications. They typically include details on the vulnerabilities found, their severity, risk assessment, and recommendations for mitigation.
  • Penetration test reports: Penetration test reports document the findings of penetration testing activities conducted to assess the security of the organisation's infrastructure. They outline the methods used, vulnerabilities discovered, exploitation techniques, and recommendations for improving security posture.
  • Network traffic analysis reports: These reports analyse network traffic patterns and anomalies to detect potential security threats or breaches. They may include summaries of traffic volume, types of traffic, suspicious activities, and recommendations for network optimisation and security enhancements.
  • Security policy and procedure documentation: This includes documentation outlining the organisation's security policies, procedures, and guidelines for the use of security and network tools. It may cover topics such as access control, data encryption, incident response procedures, and compliance requirements.

By utilising these various documentation formats, organisations can effectively communicate security and network tool-related information to relevant stakeholders, enabling informed decision-making and proactive risk management.

Recommendation Formats

Recommendations for network security and the use of network tools can be provided in various formats to cater to different stakeholders and their needs. Some common formats include:

  • Written reports: Detailed written reports provide comprehensive network security and tool usage recommendations. These reports typically include analysis, findings, and specific action items for improving security posture. They may be formatted as formal documents or technical briefs, depending on the audience.
  • Executive summaries: Concise executive summaries distil key recommendations from detailed reports into easily digestible formats for senior management and decision-makers. They focus on high-level insights, risks, and strategic actions to enhance network security.
  • Best practice guides: Best practice guides offer standardised recommendations based on industry best practices and regulatory requirements. These guides outline recommended configurations, policies, and procedures for securing networks and utilizing network tools effectively.
  • Training materials: Recommendations for network security can be disseminated through training materials such as presentations, videos, and online courses. These materials educate employees on security best practices, tool usage guidelines, and threat awareness to promote a security-conscious culture.
  • Tool-specific documentation: Many network security tools come with user manuals, technical guides, and documentation that include recommendations for optimal configuration, usage, and maintenance. These resources provide detailed instructions for implementing security controls and leveraging tool features effectively.

By leveraging these formats, organisations can effectively communicate recommendations for network security and the use of network tools to stakeholders at all levels, empowering them to strengthen security defences and mitigate risks effectively.

How Did You Go?

Congratulations on completing the topic Industry insights.

In this topic, you learnt about:

  • Job roles and responsibilities
  • Standards and guidelines
  • Policies, procedures and processes
  • Processes and task requirements
  • Documentation and recommendation formats

Knowledge Check

Complete the following three (3) activities to check your ability understand the key concepts discussed in this topic. You may repeat this activity as often as you like. Use the arrows to move between the different activities.

Now that you have learnt the basic knowledge and skills for this module, you are ready to complete the following assessment event.

Assessment 1 (Short Answer Questions)

Module Linking
M00921A
Main Topic Image
man engineer in a server room for cybersecurity maintenance on storage hardware
Is Study Guide?
Off
Is Assessment Consultation?
Off