Security Framework
7 : IISF Functional Viewpoint
Security Policies for Communications and Connectivity Protection govern the implementation of security functions on the communications .
The functions listed above are interdependent and interact with each other to deliver security capabilities . For example , to establish secure communication , the communicating endpoints themselves must be secure and apply Cryptographic Protection .
The policy for Data-In-Motion Protection across all of the functions ensures the confidentiality , integrity , and availability of all data travelling between two endpoints . In addition , the Security Policies for Communications and Connectivity Protection defines how elements in the network are allowed to communicate with each other . Both policies must be comprehensive , consistent with each other and account for other key system characteristics including safety , privacy , reliability and resilience to protect availability , integrity and confidentiality of communications .
7.5 SECURITY MONITORING AND ANALYSIS
Security monitoring and analysis is responsible for capturing data on the overall state of the system from the endpoints and connectivity traffic then analyzing it to detect possible security violations or potential system threats . Once detected , a broad range of actions derived for the system security policy should be executed . This Monitor-Analyze-Act cycle may complete in realtime or execute later to identify usage patterns and detect potential attack scenarios .
Figure 7-5 : Functional Breakdown for Security Monitoring and Analysis Security monitoring and analysis falls into three top-level functions :
Monitor . As determined by the security model and policy , monitoring captures and aggregates data from each of the sources in the system :
IIC : PUB : G4 : V1.0 : PB : 20160926 - 52 -