Presentation is loading. Please wait.

Presentation is loading. Please wait.

EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.

Published byFelicia Gallagher Modified over 8 years ago

Similar presentations

Presentation on theme: "EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally."— Presentation transcript:

1 EECS 4482 Fall 2014 Session 8 Slides

2 IT Security Standards and Procedures An information security policy is at a corporate, high level and generally is not detailed enough for day to day operations and system configuration. Standards and corporate procedures should be developed to take the information security policy to a lower level as a basis for defining system requirements, guiding employee behavior, educating system users, configuring system software and writing operation procedures.

3 IT Security Standards and Procedures Each standard or corporate procedure should address a specific subject such as password and firewall. Organizations can refer to professional sources like Control Objectives for Business and Information Technology (COBIT) and International Standards Organization (ISO) as benchmarks to assess the comprehensiveness of their security standards. ISO 17779 provides guidelines and a framework for organizations to implement information security.

4 IT Security Standards and Procedures Standards should be supplemented with local procedures that fit each division and computing platform. In addition to standards, there are corporate security procedures for certain areas where there is little fluctuation among operating areas, such as procedures for reporting loss of equipment.

5 Standards & Procedures Topics Anti-virus. Appropriate use of information and information technology procedures. Cryptography. Data centre. Procedures for installation of hardware and software. Procedures for disposal of data, media and equipment

6 Standards and Procedures Topics eBusiness Email Firewall Incident response procedures Information classification Intrusion detection and prevention Loss reporting procedures Mobile computing

7 Standards and Procedures Topics Password Patching Routers Servers Software design Virtual private network Wireless Workstations

8 Secenario 1 A local system administrator (SA) receives a call from a law enforcement officer requesting any information that can be provided for a specific IP number. The situation sounds very serious and the officer is explaining that this information is critical to determine how to proceed. Which policy, standard or procedures will guide this? What should the SA do? Who should approve the action? Approval before or after?

9 Scenario 2 An administrative assistant has filed a complaint with the university legal department that her boss spends an enormous amount of time surfing the web and searching for porn. There have been no previous complaints concerning this activity and the individual being accused has a good university record. Which policy, standard or procedures will guide this? What questions need to be answered? What steps should be taken? What should be represented in policy?

10 Scenario 3 A small group of graduate students are not overly happy with the networking arrangements they have in their work space. They have complained to the local network administrator but the situation has still not been resolved to their satisfaction. One of the graduate students purchases a small wireless access point and installs it in the work space for others to use. Which policy, standard or procedures will guide this? What questions need to be answered? What steps should be taken? What should be represented in policy?

Download ppt "EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.

Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Computer Security Fundamentals

Computer Security Fundamentals
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Security Guidelines and Management

Security Guidelines and Management
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google