CSC 386 – Computer Security Scott Heggen. Agenda Security Management.

Slides:

Advertisements

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Advertisements

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

© Pearson Prentice Hall 2009

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

© Prentice Hall CHAPTER 1 Managing IT in an E-World.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.

CAIRA is a quantitative vulnerability assessment tool for examining the physical security of energy systems (electrical, natural gas, steam and water)

Quality Attributes of Web Software Applications – Jeff Offutt By Julia Erdman SE 510 October 8, 2003.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Chapter 6 of the Executive Guide manual Technology.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Appendix C: Designing an Operations Framework to Manage Security.

Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

{ Cloud computing. Exciting and relatively new technologies allow computing to be a part of our everyday lives. Cloud computing allows users to save their.

Module 11: Designing Security for Network Perimeters.

HP World September 2002 Scott S. Blake, CISSP Vice President, Information Security BindView Corporation Vulnerability Assessment and Action.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.

The Company. © Zabbix 2014 | 2 Content History3 Structure & Ownership4 Mission5 Partner network6 Financial information7 Team8.

South Wales Cyber Security Cluster A networking group with a purpose Membership Open to anyone with an interest in Cyber Security.

Chapter 4 Intranets and Extranets. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Computer Security By Duncan Hall.

Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?

Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.

Safe’n’Sec IT security solutions for enterprises of any size.

IT Security CS5493(74293). IT Security Q: Why do you need security? A: To protect assets.

1 I ntegrated S ite S ecurity for G rids WP2 – Site Assessment Methodology, 20 June 2007 WP2 - Methodology ISS e G Integrated Site Security.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6 - Essentials of Design an the Design Activities.

Module 7: Designing Security for Accounts and Services.

Cloud Computing By Reedy McGeady. What is Cloud Computing? Cloud Computing is using another organisations computer, which are known as hosts.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

Developing a Network Security Policy By: Chris Catalano.

CompTIA Security+ Study Guide (SY0-401)

ISSeG Integrated Site Security for Grids WP2 - Methodology

CompTIA Security+ SY0-401 Real Exam Question Answer

Information Technology Sector

Compliance with hardening standards

CIS 333Competitive Success/tutorialrank.com

CIS 333 Education for Service-- tutorialrank.com.

IS4680 Security Auditing for Compliance

Prepared By : Binay Tiwari

Specification of Countermeasures for CYRAIL

Cybersecurity Threat Assessment

Information security planning

Revision PowerPoint By Nicole Davidson.

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

In the attack index…what number is your Company?

Presentation transcript:

CSC 386 – Computer Security Scott Heggen

Agenda Security Management

What goes in a security policy? Examples:

Security Management Scenario 1: – Company XYZ is a new company devoted to developing a social networking platform – The company will house their own servers which will provide its users with content – The company will have an in-house IT team to manage their networks, but connect their servers to the Internet through the local ISP – There will be three main teams working in the company: Administrators (CEOs, HR, Financial, etc.), Developers (software engineers, electrical engineers, graphic designers, etc.), and IT (network engineers, network operations experts, customer service) – They expect their software to serve at least one million users in the next five years

Measuring Security Once a policy is in place, how do you know if it’s working? How do you quantify “secure”?

Security Management Scenario 2: – You are a contractor for the U.S. government who develops missile control modules – You have regular communications with 3 other government contractor companies regarding the integration of your modules with their parts of the system

Risk and Threat Analysis

Identify the assets valuable to your company Identify the threats that exist to each asset Determine the impact a threat can potentially have on an asset Monitor your assets for vulnerabilities Prepare for attacks

Risk and Threat Analysis

Risk = Assets x Threats x Vulnerabilities Trivial – Important - Critical Very unlikely - Likely Fix when convenient – Fix now!

Risk Analysis Scenario 1 revisited: – Company XYZ is a new company devoted to developing a social networking platform – The company will house their own servers which will provide its users with content use cloud-based servers to host content – The company will have an in-house IT team to manage their networks, but connect their servers to the Internet through the local ISP – There will be three main teams working in the company: Administrators (CEOs, HR, Financial, etc.), Developers (software engineers, electrical engineers, graphic designers, etc.), and IT (network engineers, network operations experts, customer service) – They expect their software to serve at least one million users in the next five years

Risk Mitigation Now have a prioritized list of risks/threats Can develop countermeasures to mitigate those risks Remember, this is an on-going process; IT is constantly changing!

Next Class Due: – Have a good weekend Agenda: – Foundations of Computer Security (Chapter 3 of your text)