GOOD PRACTICE GUIDE 13 (GPG13) - Fujitsu
GOODPRACTICEGUIDE 13(GPG13)
GPG13 - AT A GLANCE Protective Monitoring (PM) is based on GoodPractice Guide 13 Comprises of 12 sections called ProactiveMonitoring Controls 1-12 Based on four Recording Profiles; Aware, Deter,Detect/Resist and Defend. Protective Monitoring and GPG 13 names aresometimes used interchangeably. GPG 13 is a framework of people, businessesand processes Designed to reduce risk Strong recommendation for all HMG ICTSystems and compulsory for systems that storehigh impact level data. Goal is provide an operational insight of IT useand abuse PM / GPG 13 is mandated by the SecurityPolicy Framework which is published by the UKCabinet OfficeBackgroundIn order to gain access and share information that resides on the Government Connect Secure Extranet(GCSX), all public sector organisations are required to comply with published standards that have existedfor many years. These organisations include both central government departments and local authorities.For example, the most well-known compliance requirement that local authorities must demonstrate isadherence to Code of Connection (CoCo) which came into effect in 2009. CESG, the Government’sNational Technical Authority for Information Assurance, added 35 guides as part of CoCo. Theseguides are widely known as Good Practice Guides and were created to help organisations manage riskeffectively in areas many areas including remote working, offshoring, virtualisation and forensics.What is GPG13?Of the 35 guides the Good Practice Guide 13 (GPG13) defines requirements for 12 ProtectiveMonitoring Controls (PMC) which comprise of tasks such as event log management and use of intrusiondetection and prevention systems. Local authorities are required to conform to GPG13 in order toprevent accidental or malicious data loss. As connection to GCSX encompasses access to sensitive andconfidential data, compliance with GPG13 is imperative for protecting privacy and preventing databreaches. GPG13 It is imperative that log is collected from systems that provide the security mechanisms.GPG13 has four Recording Profiles that roughly map to the HMG Information Assurance StandardSegmentation Model which has four hierarchical segments; Aware, Deter, Detect/Resist and Defend.The necessary controls are all related to all aspects logging, recording, reporting of network traffic flows,critical events and activities as defined below.AwareObligation to be Aware of public domain threats, common attack vectors and knownvulnerabilities.DeterObligation to Deter an attack from a skilled hacker. Appropriate controls should be in place toDeter such an attack.Detect/ResistObligation to both Detect the attack and Resist the attack from a sophisticated attacker.DefendObligation to Defend against an attack from a sophisticated attacker.
GPG13 Guidelines for Log ManagementAchieving GPG 13 Compliance with McAfeeLog management is the key and mandatory component for government departmentsto achieve GPG13 compliance. Networks nowadays produce millions of logs fromacross the entire infrastructure that are required to be captured, analysed, alertedupon and stored daily. This is an enormous task that IT staff has to endure indeveloping and managing log data efficiently to help solve complex compliancechallenges. Data required for GPG 13 is collected from systems that are in place tosecure organisations and includes firewall logs, intrusion systems and alerts fromoperating systems. As part of meeting GPG13 requirements, the guidelines belowmust be followed.To help organisations meet GPG13 compliance, the SIEM (Security Information Event Management)solution from McAfee forms the essential component that delivers data monitoring and collectionrequirements at all the 12 Protective Monitoring Control levels. McAfee SIEM is complimented byadditional McAfee technologies that is a combination of perimeter security, intrusion detection/prevention systems, end point protection and two-factor authentication all of which are integratedto form the Security Connected framework. The amalgamation of different solutions ensure systemactivity logs, real time file integrity control, privileged identity activity and critical application session dataseamlessly fall under the SIEM reporting umbrella.Segment(Risk Level)Log )Up to 3 monthsAt least oncea monthNot always but alertsform critical conditionsmust be managedDeter(Medium-High)3 to 6 monthsAt least oncea weekDetect/Resist(High)6 to 12 monthsAt least oncea dayCompliance ReviewPeriodAt leastannuallyOnly during corebusiness hoursAt least every6 monthsAlwaysmannedDefend(Very High)More than12 monthsAt least onceevery hourAt least every quarterGPG13 Guidelines for Incident ResponseAny alerts generated require a response and depending on the severity service levelagreements need to be established as outlined below:Segment(Risk Level)Preliminary ResponseAnalysis InstigatedLess than 1 dayNo GuidanceDeter(Medium-High)Less than 4 hoursWithin 2 daysDetect/Resist(High)Less than 1 hourWithin 1 dayLess than 30 minutesWithin 4 hoursAware(Medium)Defend(Very High)
The following table illustrates a direct one-one mapping of the PM Controls to the McAfee solutionswhere SIEM is the integral constituent.AwareDeterDetect/ResistDefendPMC #1 - Accurate time in logsTime stamps compared to thresholds to look for discrepanciesand compliment with external time source. SIEM ePO Policy Auditor SIEM ePO Policy Auditor SIEM ePO Policy Auditor SIEM ePO Policy AuditorPMC #2 - Recording relating to business traffic crossing aboundaryCollection and analyses of logs from perimeter security, end pointsecurity and asset database all collected centrally. SIEM Firewall Web GW ePO SIEM Firewall Web GW ePO SIEM Firewall Web GW ePO SIEM Firewall Web GW ePOPMC #3 - Recording relating to suspicious activity at aboundaryCollection and analyses of logs from firewalls. IDS/IPS,authentication controls, end point protection and other systemsused at the boundary. SIEM Firewall Web GW SIEM Firewall Web GW IDS/IPS SIEM Firewall Web GW IDS/IPS SIEM Firewall Web GW IDS/IPSPMC #4 - Recording of workstation, server or device statusCollection and analyses of logs from workstation. Servers,network devices, security devices, databases and applications. SIEM ePO Anti-Virus Database Security SIEM ePO Anti-Virus Database Security SIEM ePO Anti-Virus Database Security SIEM ePO Anti-Virus Database SecurityPMC #5 - Recording relating to suspicious internal networkCollection and analyses of logs from diverse systems such asauthentication systems, networks services (DNS, DHCP, WINS),firewalls, databases and network traffic. SIEM Firewall SIEM Firewall SIEM Firewall ePO File Integrity SIEM Firewall ePO File Integrity SIEM SIEM IDS/IPS SIEM IDS/IPSPMC #6 - Recording relating to network connectionsCollection and analyses of logs from diverse systems such asauthentication systems, networks services (DNS, DHCP, WINS),firewalls, databases and network traffic. SIEMPMC #7 - Recording of session activity by user andWorkstationImport users and workstations from provisioning systems suchas Active Directory. McAfee collects logs centrally for auditing,analyses and alerting. SIEM Database SecurityPMC #8 - Recording of data backup statusCollect logs from external backup systems. SIEM Backup SIEM Database Security SIEM Backup SIEM Database Security Change Control SIEM BackupKey benefitsOperational benefits SIEM Database Security Change Control McAfee SIEM is positioned as a Leader byGartner for completeness of vision and abilityto execute Global view of the security countermeasuresand insight into the security landscape. SIEM Backup Experienced and trained McAfee ProfessionalServices can work with organisations toachieve GPG 13 requirementsPMC #9 - Alerting critical eventsMcAfee is able send critical alerts to third party servicemanagement systems such as BMC and HP. SIEM SIEM SIEM SIEMPMC #10 - Reporting on the status of the audit systemThe system is able to alert on its health for any failures andthresholds. SIEM SIEM SIEM SIEMPMC #11 - Production of sanitised and statisticalmanagement reportsMcAfee provides high-level reports and dashboards out of thebox. Report data can be exported to PDF, XML, CSV and HTML. SIEM SIEM SIEM SIEMPMC #12 - Providing a legal framework for ProtectiveMonitoring activitiesCollected logs are normalised for management and auditingpurposes by McAfee SIEM. In addition logs are storedand retained in original/raw format for forensics and legalrequirements. SIEM SIEM SIEMMcAFEE VALUE FOR GPG 13 COMPLIANCE SIEM McAfee SIEM provides GPG 13 out of the boxand does not require additional licenses assome other vendors. Built-in capability to collect log data fromover 300 data sources with ability to createadditional as required. GPG 13 reports and dashboards are pre-builtwith options to create custom as required The Security Connected approach providesa framework for cost effective managementwhere multiple technologies are integratedseamlessly. Log management solutions are complex andcostly. McAfee SIEM can be set-up quickly andeasily with minimum effort. Minimum administration overhead as McAfeeSIEM is designed to with specifically for logmanagement. Log data views can be changed from years toseconds instantaneously Reduces overhead in identifying threats fromdays to seconds with the integration into GTI. Reduced deployment cost with “out of the box”functionality Integration into the complete McAfeemanagement platform with feeds from GTI(Global Threat Intelligence) Unparalleled performance and scalability withlog collection capability of 300,000 EPS Fully context and content awareness to ascertainrisk levels Collected log data stored in two places ; originalformat for forensics and secondly correlation
About McAfeeMcAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicatedsecurity technology company. McAfee delivers proactive and proven solutions and services that helpsecure systems, networks, and mobile devices around the world, allowing users to safely connect to theInternet, browse, and shop the web more securely. Backed by its unrivaled global threat intelligence,McAfee creates innovative products that empower home users, businesses, the public sector, and serviceproviders by enabling them to prove compliance with regulations, protect data, prevent disruptions,identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlesslyfocused on constantly finding new ways to keep our customers safe. http://www.mcafee.com2821 Mission College BoulevardSanta Clara, CA 95054888 847 8766www.mcafee.comMcAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and othercountries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein areprovided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied.Copyright 2013 McAfee, Inc.
Deter Obligation to Deter an attack from a skilled hacker. Appropriate controls should be in place to Deter such an attack. Detect/Resist Obligation to both Detect the attack and Resist the attack from a sophisticated attacker. Defend Obligation to Defend
Good morning, good morning Good afternoon Good evening, good evening Good night, good night Nice to meet you Nice to meet you, too. Goodbye, goodbye. See you. (repite x2) See you later! The Greetings Song (Saludos) Good morning, good morning Good afternoon Good evening, good evening Good night, go
Songs & Chants: Good Morning, Good Evening Speaking and Listening Good Morning, Good Evening The sun comes up, Good morning! The sun comes up, Good morning! The sun comes up, Good morning! Wake up! Get out of bed! The sun goes down, Good evening! The sun goes down, Good evening! The sun goes
AP Biology Practice Tests 2 2020 2020 Practice Tests . AP Calculus AB Practice Tests ; 2 2020 . 2020 . Practice Tests . AP Calculus BC Practice Tests 2 2020 2020 . Practice Tests . AP Chemistry Practice Tests . 2 2020 . 2020 : Practice Tests AP Computer Science 2 2019 2020 Practice Tests . AP English Language and Composition Practice Tests : 2 2020
parents with learning disabilities safe from harm, and to get fair treatment for the parents and the whole family. 6. Meeting the needs of the child: Good Practice 44 7. The rights of the parent: Good Practice 48 8. Assessments: Good Practice 52 9. Support: Good Practice 55 10. Profes
How Good Medical Practice applies to you Q F or medical students, Good Medical Practice identifies the basic duties of a good doctor and serves as a source of education and reflection. Q For doctor s, Good Medical Practice serves as a basis for you to monitor, and reflect on, your own conduct and that of your
Development of Good Practice Guidelines: "Formal Consensus" Method HAS/Department for good professional practice/December 2010/ Updated: March 2015 - 5 - the evaluation of this programme (7). A good practice programme can be part of continuing professional development. These GPG can also be used:
6 NOT PROTECTIVELY MARKED ACPO Good Practice Guide for Digital Evidence, Version 5 (October 2011) Association of Chief Police Officers of England, Wales & Northern Ireland 1. SECTION 1 – APPLICATION OF GUIDE 1.1 When reading and applying the principles of this guide, any reference made to the police service also includes the Scottish Crime .
STM32 32-bit Cortex -M MCUs Releasing your creativity . What does a developer want in an MCU? 2 Software libraries Cost sensitive Advanced peripherals Scalable device portfolio Rich choice of tools Leading edge core Ultra-low-power . STM32 platform key benefits More than 450 compatible devices Releasing your creativity 3 . STM32 a comprehensive platform Flash size (bytes) Select your fit .
