Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Published byAlvin Merritt Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth."— Presentation transcript:

1 Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth Kearney-Lang Daureen Lingley-Chor

2 Research Our research began with An Introduction to Computer Security: The NIST Handbook National Institute of Standards and Technology Special Publications: – SP 800-41 Revision 1 entitled Guidelines on Firewalls and Firewall Policy, – SP 800-61 Revision 1 entitled Computer Security Incident Handling Guide, – SP 800-94 entitled Guide to Intrusion Detection and Prevention Systems.

3 Research Collaboration: wikispaces Warious vendor website White Papers

4 Control for Firewall Management, Intrusion Detection & Prevention Implement and enforce Back-up Procedure – Category: Procedure – Type: General, Secondary, Corrective – Control Benefit: Up-to-date back-up if needed – Adverse Impact: Unnecessary extended downtime

5 Control Evidence In Place: Written documentation of procedure, documentation readily available in hardcopy or online. In Effect: All data will be properly backed up, personnel responsible for back-up procedure will have knowledge of procedure and documentation of all back-ups that occur.

6 Audit Steps In Place: Review written documentation of procedure and search for online copy. In Effect: Test and verify the existence of back- up data stores. Interview employees to determine responsibilities and accountable party.

7 Control for Security Information Management Written Acceptable Use Policy with required signature of employee – Category: Legal – Type: General, Secondary, Preventative – Control Benefit: Ensures employee knowledge of and responsibility to properly safeguard the system. – Adverse Impact: Lack of knowledge and responsibility would create usage problems and security issues

8 Control Evidence In Place: Documented Policy, documents with employees’ signatures. In Effect: Understanding of policy by employees, file of signed policies will exist.

9 Audit Steps In Place: Review documentation of policy and check for signatures of all active employees. In Effect: Interview employees and review file of signed policies.

10 Image Polymers Company, LLC Covisia Solution, Inc. Test of controls

11 Best Practices for the AUP Explain employee rights and monitoring expectations Educate employees on legal issues State the consequences of noncompliance Ensure that all the employees are informed about the AUP

12 Acceptable Use Policy The System, including the email system and Internet connections, is the property of the Company. Each employee is responsible for the use of the System and for observing all laws. In the event that any employee is found to have improperly used the System, he or she is subject to disciplinary action, up to and including immediate dismissal.

13 Acceptable Use Policy The company may review the following at its discretion: History of sent and received email by employees Contents of sent and received email by employees History of access to the WWW by employees Contents viewed by employees Time spent by employee on the www Voicemail messages

14 Challenge Audit Work Program

Download ppt "Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth."

Similar presentations

4.02 Compliance Training Brian A. Dahl Senior Counsel Takeda Pharmaceuticals North America, Inc. November 14, 2003.

4.02 Compliance Training Brian A. Dahl Senior Counsel Takeda Pharmaceuticals North America, Inc. November 14, 2003.
HIPAA Security.

HIPAA Security.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
BUSINESS B2 Ethics.

BUSINESS B2 Ethics.
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Auditing Computer Systems

Auditing Computer Systems
Security Controls – What Works

Security Controls – What Works
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Acceptable Use Policy Quiz Boston Public Schools Technology Awareness Initiative.

Acceptable Use Policy Quiz Boston Public Schools Technology Awareness Initiative.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Disaster Prevention and Recovery. Team Members   Gwenn Cooper   Kristy Short   John knieling   Carissa Vancleave   Matthew Owens.

Disaster Prevention and Recovery. Team Members   Gwenn Cooper   Kristy Short   John knieling   Carissa Vancleave   Matthew Owens.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Document Control Abayomi Odeleye Nottingham University Computer Science.

Document Control Abayomi Odeleye Nottingham University Computer Science.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Similar presentations

Ads by Google