What are CESG Recording Profiles?

By

Jan 18th, 2015


Each of the Protective Monitoring Controls has an obligation to record specific information. The level of audit and accounting requirements will depend on the specific Recording Profile of the data.

Within GPG13 there are four Recording Profiles, which roughly map to the to the HMG Information Assurance Standard no.1 Segmentation Model.

The Segmentation Model has four hierarchical segments; Aware, Deter, Detect and Resist and Defend.

The lowest segmentation level is Aware. At this level the organisation has an obligation to be Aware of public domain threats, common attack vectors and known vulnerabilities.

The second segmentation level is Deter. At this level the organisation has an obligation to Deter an attack from a skilled hacker. Appropriate controls should be in place to Deter such an attack.

The third segmentation level is Detect and Resist. At this level the organisation has an obligation to both Detect the attack and Resist the attack from a sophisticated attacker.

The highest segmentation level is Defend. At this level the organisation has an obligation to Defend against an attack from a sophisticated attacker.

Highest

* Defend

* Detect and Resist

* Deter

* Aware

Lowest

The choice of which level of segmentation to apply to the organisation will depend on the impact level of the business data that is being protected.

Impact Level definition can be found in HMG Information Assurance Standard No.1 Part 1 – Appendix A. But essentially boils down to “What Impact would the loss of this data have for the UK or European government, UK citizens and UK corporations”.

Higher impact level data requires higher segmentation levels applied. While there is no fixed rules, the following is generally considered to be best practice:

Impact Level 1 Data – Aware

Impact Level 2 Data – Deter

Impact Level 3 Data – Deter

Impact Level 4 Data – Detect and Resist

Impact Level 5 Data – Defend

Impact Level 6 Data – Defend

It should be noted that a significant accumulation of a specific Impact Level data, such as a large collection of Impact Level 3 Data, would most likely push the segmentation requirements up a level, for example to the Detect and Resist segmentation.

Leave a Reply

You must be Logged in to post comment.

 






© 2006-2017 Protective Monitoring – GPG13.