Flaw remediation and fault logging capabilities help to ensure an organization’s information systems, including applications, continue to function as intended.
Differing from audit logging, flaw remediation and fault logging capabilities help to ensure an organization’s information systems, including applications, continue to function as intended. Without this functionality, organizations have an increased risk of not being able to identify operational flaws that may be impacting information system operations or the delivery of products and services. These capabilities are both the focus of pitfall #53 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.
System flaws should be identified, reported, and corrected in a timely manner. Flaw remediation should be incorporated into your organization’s configuration management process. Software and firmware updates related to flaw remediation should be tested for effectiveness and potential operational side effects prior to being implemented in your organization’s production environment. Automated mechanisms should be used to determine the operational state of system components, wherever possible. Corrective measures for fault logs should be reviewed to ensure that security controls have not been compromised as a result of a system flaw or fault.
Security alerts, advisories, and directives should be received from external organizations on an ongoing basis to stay abreast of potential flaws that could potentially impact the operations of your organization. Security directives received from regulatory bodies should be implemented within the established time frames identified in the directives. Internally developed security alerts, advisories, or directives should be generated when deemed necessary, and disseminated to appropriate internal stakeholders.
Integrity verification tools should be used to detect unauthorized changes to software, firmware, and information systems. Integrity checks should be completed after configuration-controlled changes are made. The detection of any unauthorized changes to software, firmware, and information systems should be coordinated with your organization’s incident response capability.
The validity of critical system information inputs should be checked and verified. Appropriate safeguards should be implemented to protect the system memory from unauthorized code execution. Error messages should be generated that provide the information necessary for taking appropriate corrective actions without revealing sensitive information that could be exploited.
To learn more about this pitfall, and 99 more, get my book: 100 Security Program Pitfalls and Prescriptions to Avoid Them (available on Amazon here). Or register for a demo of the ASCENT Security and Compliance Portal and get a free synopsis of the 100 Security Program Pitfalls eBook today.