Risk is an object that can be visualized and perceived, and it is one of the metrics for data security. In the previous column "Building an Adaptive Evolutionary Resilient Data Security System", the composition of the resilient data security system-adaptive dynamic risk was introduced.
In this issue, we will introduce another important component of the resilient data security system - multi-level rapid response. More content will be presented one after another, please keep locking.
Author ⎪ Liu Zunliang
▲ Composition of resilient data security system
previous content
The Origin and Three Goals of Resilient Data Security System
Principles and components of a resilient data security system
System Components: Identity and Identity Security
System Composition: Assets and Asset Security
System Composition: Operation Guarantee and Bottom Line Defense Security
System Composition: Adaptive Dynamic Risk
Multi-level quick response
When the organization defines and detects risks well, and effectively detects risks and communicates them. But if this kind of risk response needs to be handled by people, both safety and risk management will lose their meaning. Appropriate responses appropriate to the context are a core component of building a resilient system.
Protect, Detect and Respond
The data security system as a whole revolves around protection, aided by detection and response.
In daily risk operations, it is necessary to continuously migrate detection and response to the protection system. The richer the protection system, the stronger the ability of the data security system to defend against major risks to a certain extent. The richer the detection and response system, the stronger the ability to respond to complex incidents that may occur in the future.
Closed Borders and Direct Response
In terms of protection system, closed borders are the basic means of defense. Behavior on closed boundaries has unmistakable determinism and can proceed almost independently of any context.
simple response
Simple direct responses to simple explicit permission, prohibition, or disapproval. All these responses are done within a simple context space, and the responses are less complex than closed boundaries.
conditioned reflex
Conditioning is a simplification of complex responses. Conditioning forms simple feedback based on past threat analysis, based on detection and response execution, but at a speed similar to simple response. However, conditioning is a direct mapping based on past experience, and it may be wrong. There needs to be simple fallback measures for conditioning systems.
simple complex response
Complex responses involve statistics, probability, and topology, involving temporal and spatial windows. Simple-complex responses are repetitions of past experiences that are essentially similar to simple responses. Most of the simple and complex responses can be given based on the protection system.
complex response
Complex complex responses involve adaptive evolution, that is, new selection or mutation. Complex and complex responses are difficult to express through the protection system, and most of them need to be completed through the detection and response system.
Process intervention or manual intervention
Manual intervention is a response method that plays an important role in the response. When faced with a sudden change or other scenarios where the impact of fluency is controllable, it is an appropriate response method to introduce process intervention or manual intervention in response to gray-scale decision-making.
Emergency Response
When a security incident occurs, a response mechanism that requires manual intervention or manual repair. Emergency response needs good observability and analytical support, through observability and analysis to choose the correct and appropriate rapid response measures.
recovery response
When a security incident causes substantial damage, bottom-line defense measures are required to restore data or business or environment.