Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC 386 – Computer Security Scott Heggen. Agenda Security Management.

Published byWinifred Byrd Modified over 8 years ago

Similar presentations

Presentation on theme: "CSC 386 – Computer Security Scott Heggen. Agenda Security Management."— Presentation transcript:

1 CSC 386 – Computer Security Scott Heggen

2 Agenda Security Management

3 What goes in a security policy? Examples: http://www.sans.org/security-resources/policieshttp://www.sans.org/security-resources/policies

4 Security Management Scenario 1: – Company XYZ is a new company devoted to developing a social networking platform – The company will house their own servers which will provide its users with content – The company will have an in-house IT team to manage their networks, but connect their servers to the Internet through the local ISP – There will be three main teams working in the company: Administrators (CEOs, HR, Financial, etc.), Developers (software engineers, electrical engineers, graphic designers, etc.), and IT (network engineers, network operations experts, customer service) – They expect their software to serve at least one million users in the next five years

5 Measuring Security Once a policy is in place, how do you know if it’s working? How do you quantify “secure”?

6 Security Management Scenario 2: – You are a contractor for the U.S. government who develops missile control modules – You have regular communications with 3 other government contractor companies regarding the integration of your modules with their parts of the system

7 Risk and Threat Analysis

8 Identify the assets valuable to your company Identify the threats that exist to each asset Determine the impact a threat can potentially have on an asset Monitor your assets for vulnerabilities Prepare for attacks

9 Risk and Threat Analysis

10

11 Risk = Assets x Threats x Vulnerabilities Trivial – Important - Critical Very unlikely - Likely Fix when convenient – Fix now!

12 Risk Analysis Scenario 1 revisited: – Company XYZ is a new company devoted to developing a social networking platform – The company will house their own servers which will provide its users with content use cloud-based servers to host content – The company will have an in-house IT team to manage their networks, but connect their servers to the Internet through the local ISP – There will be three main teams working in the company: Administrators (CEOs, HR, Financial, etc.), Developers (software engineers, electrical engineers, graphic designers, etc.), and IT (network engineers, network operations experts, customer service) – They expect their software to serve at least one million users in the next five years

13 Risk Mitigation Now have a prioritized list of risks/threats Can develop countermeasures to mitigate those risks Remember, this is an on-going process; IT is constantly changing!

14 Next Class Due: – Have a good weekend Agenda: – Foundations of Computer Security (Chapter 3 of your text)

Download ppt "CSC 386 – Computer Security Scott Heggen. Agenda Security Management."

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
© Pearson Prentice Hall 2009

© Pearson Prentice Hall 2009
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.

9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
© Prentice Hall 2002 1.1 CHAPTER 1 Managing IT in an E-World.

© Prentice Hall CHAPTER 1 Managing IT in an E-World.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.

1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.

Similar presentations

Ads by Google