Presentation is loading. Please wait.

Presentation is loading. Please wait.

©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.

Published byAndrew Freeman Modified over 8 years ago

Similar presentations

Presentation on theme: "©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir."— Presentation transcript:

1 ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir

2 ©Dr. Respickius Casmir Outline Introduction to IT Security Best Practices The Security Team Security Policy Enforceability Minimum Security Requirements

3 ©Dr. Respickius Casmir Introduction to Security Best Practices Best practices in network security are more about the what and why of securing the organization's information assets than about the how. The IT Security Policy is a formal definition of an organization's stance on security, meaning what is allowed and what is not allowed.

4 ©Dr. Respickius Casmir Introduction to Security Best Practices (2) Policy statements, in particular "Acceptable Use" statements, define users' roles and responsibilities and can be stated as general high-level statements that cover all network systems and data within the organization. The statements should include acceptable use of systems and data for ALL categories of USERS including the system administrator.

5 ©Dr. Respickius Casmir Introduction to Security Best Practices (3) The intent of this policy is to clearly define the purpose, providing guidelines and responsibilities. The policy should also identify specific actions that could be taken in response to a violation of security policy, including disciplinary action. Put it in print and post it on the walls.

6 ©Dr. Respickius Casmir Introduction to Security Best Practices (4) Security awareness training is a MUST to make the policy enforceable. All employees must be aware of the security policy and if possible every employee sign on a copy of the acceptable-use statement.

7 ©Dr. Respickius Casmir The Security Team The security team needs to be a cross- functional team with participants from every operational area. The team is responsible for policy awareness and enforcement as well as being informed on the technical aspects of the security architecture. The team is also responsible for responding to security breaches and reporting to senior management..

8 ©Dr. Respickius Casmir The Security Team (2) The security team should also be responsible for approving security changes, or alternatively, a security team member should sit on the change management team. Monitoring the security of the network, creating an incident response process that includes being part of the restoration team when a loss occurs – they are all responsibilities of the security team.

9 ©Dr. Respickius Casmir Security Policy Enforceability In order for a policy to be enforceable, it needs to be Consistent with other corporate policies Accepted by the network support staff as well as the appropriate levels of management Enforceable using existing network equipment and procedures Compliant with local and national laws.

10 ©Dr. Respickius Casmir Minimum Security Requirements 1. Software patch updates 2. Anti-virus software 3. Host-based firewall software 4. Passwords 5. No unencrypted authentication 6. No unauthenticated email relays 7. No unauthenticated proxy services 8. Physical security 9. Unnecessary services

11 ©Dr. Respickius Casmir Conclusion Remember that it is impossible to completely secure distributed systems. The goal is to create security awareness and implement security mechanisms, minimize risk and maximize the use of technology.

12 ©Dr. Respickius Casmir Thank You! Dr. Respickius Casmir res@udsm.ac.tz

Download ppt "©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir."

Similar presentations

Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.

Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.
Managing Risk: A Framework and Reporting Cycle 2014.

Managing Risk: A Framework and Reporting Cycle 2014.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Computer Security Fundamentals

Computer Security Fundamentals
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Introduction to Network Defense

Introduction to Network Defense

Similar presentations

Ads by Google