Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISA 400 Management of Information Security Philip Robbins – October 31, 2015 Application and Operations Security Information Security & Assurance Program.

Published byCameron Caldwell Modified over 7 years ago

Similar presentations

Presentation on theme: "ISA 400 Management of Information Security Philip Robbins – October 31, 2015 Application and Operations Security Information Security & Assurance Program."— Presentation transcript:

1 ISA 400 Management of Information Security Philip Robbins – October 31, 2015 Application and Operations Security Information Security & Assurance Program University of Hawai'i West Oahu Week #10

2 Management of Information Security Week #10 Topics Domain: Application Security Domain: Operations Security Quiz Extra Credit

3 CISSP Exam Objectives for OPSEC Administrative Controls Sensitive Information (content) / Media Security Asset Management Continuity of Operations Incident Response Management Backup & Restoration

4 Operations deals with the day-to-day activities that need to take place to keep everything running and functioning correctly. Security objectives: -Fix or replace hardware. -Restore data backups. -Correct network connectivity issues. -Control changes. -Manage accounts. Operations Security

5 Unique Terms Collusion Remanence Redundant Array of Inexpensive Disks (RAID) Mirroring Striping Parity Due Care Due Diligence

6 Threats to Operations Disclosure Destruction Interruption/Non Availability Corruption/Modification Theft Espionage Hackers / Crackers Malicious Code

7 Control Methods Separation of Responsibilities Principle of Least Privilege (POLP) Need to Know Job Rotation Security Audits and Reviews Supervision

8 Background Checks Pre-employment screening Background investigations Administrative control Criminal records check Verification of employment history Credit reports Drug screening The level of background check performed has to do with the sensitivity of the position.

9 Privilege Monitoring Those with the most access require the most watching Job functions that require greater scrutiny: – Account creation/modification/deletion – System reboots – Data backup – Data restoration – Source code access – Audit log access – Security configuration capabilities

10 Privileged Entities Users that require some level of special access or special privileges in order to perform a given task Management of Privileged Entities is very important due to the fact that these entities often have the ability to bypass security controls

11 Privileged Entity Classes (ISC)2 privileged entity classes: – Ordinary Users – Operators – Security Administrators – System Administrators – System Accounts

12 Ordinary Users Only have access to applications and systems necessary for them to perform a given task Should not be able to monitor processes Must operate within security labels Should be prevented from altering the boot process

13 Operators Have elevated privileged, but less than administrators Can usually perform the following: – Start the operating system – Monitor process execution – Mount / Dismount volumes – Control jobs – Bypass / Rename labels

14 Security Administrators Provide oversight for the security operations of a system Usually have fewer rights than system administrators Ensure separation of duties is enforced Provide a check and balance of power to system administrators Ensure security policies are enforced

15 System Administrators Ensure that a system or systems functions properly for users Perform maintenance and monitoring tasks Require the ability to affect critical operations such as boot sequence, log files, and passwords Manage hardware and software for workstations and servers

16 System Accounts Dedicated to providing a system service Usually run background services/daemons Often assigned elevated privileges upon install of an operating system Many are created by database installations

17 Sensitive Information and Media Security Sensitive Information Labeling/Marking Handling Storage Retention Sanitation/Destruction Data Remnance

18 Object Reuse (Data Remenance) Degaussing: involves using a magnetic field to wipe information on storage media such as hard disks. – The coercivity level refers to the amount of energy required to wipe a disk. This energy level is often measured in Oersteds (Oe) Overwrite software: writes 0s and 1s to a disk repeatedly so as to make the original date unreadable. Examples include the DoD seven-pass wipe and the Gutmann 35-pass wipe. Media destruction: policies and procedures should be in place to handle the destruction of media after it has reached the end of its lifecycle.

19 Object Reuse (Data Remenance) Purging = making data unrecoverable Zeroization = overwriting (not good for flash) Degauzing = magnetic scrambling (not good for optical media) Destruction = burning, shredding, crushing Erasing = performing delete operation against a file (erased=sanitized) Clearing = overwriting Sanitization = purging or degaussing Data remenance = residual data that is recoverable

20 Object Reuse (Data Remenance) Data Wipes: (1 pass accepted by industry to render data unrecoverable) DoD short method – 3 passes DoD standard method – 7 passes Gutmann approach - 35 passes

21 Configuration Management Proper configuration management ensures that all hardware and software in an organization are tracked and helps to identify potential security problems. CHANGE IS CONSTANT AND MUST BE CONTROLLED Make & Model of systems MAC address, IP addresses Serial #’s OS / firmware versions Location BIOS passwords Resource requirements Patches?

22 Baselining A captured point in time where current system security configuration is understood Creates a common security configuration Helpful when responding to security incidents Makes recovery of systems easier Effective method of providing a required level of protection across a broad area

23 Avoiding System Failure Fail-Safe Failure state puts the system into a high level of security and possibly disables activities until the problem can be corrected. Fail-Secure Prevents unauthorized access to info and resources and allows troubleshooting. Fail-Open Allows users to bypass failed security controls.

24 RAID RAID: Redundant Array of Independent (or Inexpensive) Disks Data storage virtualization technology that combines multiple disk drive components into a logical unit for the purposes of data redundancy and performance improvement. Each level of redundancy provides a different balance between two key goals: reliability and availability.

25 RAID 0: writes files across multiple drives simultaneously (striping). Provides no fault tolerance (actually increases your risk – unless you’re backing up frequently), but provides increased performance for data read and writes.

26 RAID 1: mirroring – duplicates all data from one disk to another. Provides redundancy for data and, optionally, for RAID controllers. Disk reads can also be improved with RAID 1 arrays.

27 RAID 5: stripes data and parity information across multiple drives, offering both performance and redundancy. Parity computations are used in RAID drive arrays for fault tolerance by calculating the data in two drives and storing the results on a third.

28 RAID 10: a combination of RAID 0 and RAID 1, sometimes called RAID 1+0 or RAID 0+1

29 RAID 10 is not the same as RAID 01

30 RAID 10: a combination of RAID 0 and RAID 1, sometimes called RAID 1+0 or RAID 0+1 RAID 10 is not the same as RAID 01

31 Main difference between RAID 10 vs RAID 01 Performance on both RAID 10 and RAID 01 will be the same. The storage capacity on these will be the same. The main difference is the fault tolerance level. RAID 10 fault tolerance is more. RAID 01 fault tolerance is less So, given a choice between RAID 10 and RAID 01, always choose RAID 10.

32 RAID Levels RAID Level DescriptionStrengthsWeaknesses 0 StripingHighest performanceNo redundancy; 1 fail = all fail 1 MirroringDuplicates data on other disksExpensive; double cost of storage 0 + 1 Striping and Mirroring Highest performance, highest data protection (can tolerate multiple drive failures) Expensive; double cost of storage 3/4 Striped with dedicated parity Excellent performance; fault tolerance Write requests suffer from same single parity-drive 5 Block-level striping with distributed parity Best cost/performance for networks; high performance; high data protection Write performance is slower than RAID 0 or RAID 1

33 33 Review Questions Question #1 Which level of RAID does not provide additional reliability? A.RAID 1 B.RAID 5 C.RAID 0 D.RAID 3

34 34 Review Questions Question #1 Which level of RAID does not provide additional reliability? A.RAID 1 B.RAID 5 C.RAID 0 D.RAID 3

35 35 Review Questions Question #2 (last one) Which type of RAID uses block-level striping with parity information distributed across multiple disks? A.RAID 1 B.RAID 5 C.RAID 0 D.RAID 3

36 36 Review Questions Question #2 (last one) Which type of RAID uses block-level striping with parity information distributed across multiple disks? A.RAID 1 B.RAID 5 C.RAID 0 D.RAID 3

37 37 Questions? probbins@hawaii.edu www2.hawaii.edu/~probbins https://www.dorkatron.com/docs/ISA400/

Download ppt "ISA 400 Management of Information Security Philip Robbins – October 31, 2015 Application and Operations Security Information Security & Assurance Program."

Similar presentations

Storage Management Lecture 7.

Storage Management Lecture 7.
Redundant Array of Independent Disks (RAID) Striping of data across multiple media for expansion, performance and reliability.

Redundant Array of Independent Disks (RAID) Striping of data across multiple media for expansion, performance and reliability.
By Rashid Khan Lesson 6-A Place for Everything: Storage Management.

By Rashid Khan Lesson 6-A Place for Everything: Storage Management.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Enhanced Availability With RAID CC5493/7493. RAID Redundant Array of Independent Disks RAID is implemented to improve: –IO throughput (speed) and –Availability.

Enhanced Availability With RAID CC5493/7493. RAID Redundant Array of Independent Disks RAID is implemented to improve: –IO throughput (speed) and –Availability.
RAID- Redundant Array of Inexpensive Drives. Purpose Provide faster data access and larger storage Provide data redundancy.

RAID- Redundant Array of Inexpensive Drives. Purpose Provide faster data access and larger storage Provide data redundancy.
1 CSC 486/586 Network Storage. 2 Objectives Familiarization with network data storage technologies Understanding of RAID concepts and RAID levels Discuss.

1 CSC 486/586 Network Storage. 2 Objectives Familiarization with network data storage technologies Understanding of RAID concepts and RAID levels Discuss.
R.A.I.D. Copyright © 2005 by James Hug Redundant Array of Independent (or Inexpensive) Disks.

R.A.I.D. Copyright © 2005 by James Hug Redundant Array of Independent (or Inexpensive) Disks.
2P13 Week 11. A+ Guide to Managing and Maintaining your PC, 6e2 RAID Controllers Redundant Array of Independent (or Inexpensive) Disks Level 0 -- Striped.

2P13 Week 11. A+ Guide to Managing and Maintaining your PC, 6e2 RAID Controllers Redundant Array of Independent (or Inexpensive) Disks Level 0 -- Striped.
WHAT IS RAID? Christopher J Dutra Seton Hall University.

WHAT IS RAID? Christopher J Dutra Seton Hall University.
REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.

REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
1 Web Server Administration Chapter 3 Installing the Server.

1 Web Server Administration Chapter 3 Installing the Server.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Session 3 Windows Platform Dina Alkhoudari. Learning Objectives Understanding Server Storage Technologies Direct Attached Storage DAS Network-Attached.

Session 3 Windows Platform Dina Alkhoudari. Learning Objectives Understanding Server Storage Technologies Direct Attached Storage DAS Network-Attached.
Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.

Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.
By : Nabeel Ahmed Superior University Grw Campus.

By : Nabeel Ahmed Superior University Grw Campus.
RAID Redundancy is the factor for development of RAID in server environments. This allows for backup of the data in the storage in the event of failure.

RAID Redundancy is the factor for development of RAID in server environments. This allows for backup of the data in the storage in the event of failure.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.

Similar presentations

Ads by Google