Presentation is loading. Please wait.

Presentation is loading. Please wait.

Juan Ortega 12/15/09 NTS355. Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two.

Published byEdgar Copeland Modified over 8 years ago

Similar presentations

Presentation on theme: "Juan Ortega 12/15/09 NTS355. Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two."— Presentation transcript:

1 Juan Ortega 12/15/09 NTS355

2 Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two holes. One flaw could let hackers execute code remotely; the other could let them send a system into a crash spiral. The exploit code has been published on the Web. No fixes contained in Microsoft's latest Patch Tuesday package, which was issued less than a week ago, targeted Windows 7. (November, 2009). Microsoft Security Advisory (977544). Retrieved December 15, 2009 from Microsoft Web site: http://www.microsoft.com/technet/security/advisory/977544.mspx http://www.microsoft.com/technet/security/advisory/977544.mspx (November, 2009). E-Commerce News: Exploits & Vulnerabilities: Microsoft Addresses Prickly of Windows 7 Flaws. Retrieved December 15, 2009 from eccomercetimes Web site: http://www.ecommercetimes.com/story/68659.htmlhttp://www.ecommercetimes.com/story/68659.html

3  Zero-day exploit  The new security department will take measures to minimize the damage done to prevent downtime.  Prepare Backups  New threats will undoubtedly appear in the near future, and the security of the organization will be in jeopardy if not prepared accordantly.

4  Plan and Organize  All implementations require extensive planning.  Perform risk assessment  Obtain Approval  Implement  Security Policies, procedures, standards, baselines, and guidelines.  Risk management  Security Awareness training  Physical Security  Operate and Maintain  Audits  Procedures are followed to maintained the baseline very implementation.  Monitor and Evaluate  Logs, audit results, goals, improvement. Harris, S. (February, 2009).How should a company’s security program define roles and responsibilities? Retrieved December 15, 2009 from TechTarget Web site: http://searchmidmarketsecurity.techtarget.com/tip/0,289483,sid198_gci1347047, 00.html http://searchmidmarketsecurity.techtarget.com/tip/0,289483,sid198_gci1347047, 00.html

5  Information Assets  Databases  Data Files  Operation and support procedures  Continuity Plans  Software Assets  Application software  System software  Physical Assets  Equipment  Services  Outsourced Services  Communication services  Environmental conditions (2001). Identifying and classifying assets. Retrieved December 15, 2009 from networkmagazineindia Web site: http://www.networkmagazineindia.com/200212/security2.shtml# http://www.networkmagazineindia.com/200212/security2.shtml#

6  Information Assets  Security Devices  Access Controls  Storage and Backups  Contingency planning/testing  Encryption  Pen Testing  Software Assets  Physical and Digital storage  Manage Licenses  Compatibility  Physical Assets  Locks  Biometrics  Security Awareness  Services  QoS set up correctly  Pay bills on time Identification and Assessment of Assets and Risks. Retrieved December 15, 2009 from sinclair Web site: http://www.sinclair.edu/about/information/usepolicy/pub/infscply/Identification_and _Assessment_of_Assets_and_Risks.htm http://www.sinclair.edu/about/information/usepolicy/pub/infscply/Identification_and _Assessment_of_Assets_and_Risks.htm

7 CISSP Graduate Degree Bachelors Network+ Experience Certifications Cisco Bachelors Admin Certifications Bachelors Experience Bachelors CISM, GIAC Crts. Clearance Bachelors Web Experience Bachelors Experience Bachelors Certifications Experience Bachelors Certifications Experience CEO report. Retrieved December 15, 2009 from ufl Web site: http://www.it.ufl.edu/ciooffice/images/figure5.png http://www.it.ufl.edu/ciooffice/images/figure5.png

8 Currently with the lack of a security department, the organization is functioning in thin ice. With security included in the infrastructure, the organization:  Will not be in fear of liability issues from collecting personal information from customers.  Be able to protect the organizations assents.  Risk management will provide mitigations to prevent the likelihood of catastrophic event, and continue the consistency of the organization.  Establish proper security policies to set the overall behavior of the organization how security will be handles.

9  Where afraid the creation of a new security department will cost much more than expected, and this organization does not sure if the money is in out budget.  Having a security department will vastly expand the life span of the organization, it is not simply a nice-to-have implementation anymore. Cost is not necessarily a factor as the department will start small and expand as the budget grows.  Will security get in the way of the business? What if employees start to complain?  Security and access will balance out as security must not get in the way of business needs.  Won’t solving the recent security threat be enough?  As the business grows and becomes more well knows, the organization will endure much more frequent attacks.

Download ppt "Juan Ortega 12/15/09 NTS355. Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.

MSIA Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Information Systems Security Officer

Information Systems Security Officer
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,

Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)

Similar presentations

Ads by Google