Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Slides:

Advertisements

Similar presentations

4.02 Compliance Training Brian A. Dahl Senior Counsel Takeda Pharmaceuticals North America, Inc. November 14, 2003.

Advertisements

HIPAA Security.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

BUSINESS B2 Ethics.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Auditing Computer Systems

Security Controls – What Works

Lecture 10 Security and Control.

Acceptable Use Policy Quiz Boston Public Schools Technology Awareness Initiative.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Disaster Prevention and Recovery. Team Members   Gwenn Cooper   Kristy Short   John knieling   Carissa Vancleave   Matthew Owens.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Computer Security: Principles and Practice

Stephen S. Yau CSE , Fall Security Strategies.

Document Control Abayomi Odeleye Nottingham University Computer Science.

INTERNET and CODE OF CONDUCT

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Network security policy: best practices

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Ensuring Information Security

New Data Regulation Law 201 CMR TJX Video.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Higher Administration

SEC835 Database and Web application security Information Security Architecture.

1 Manifestation Determination. 2 Today’s Goals and Objectives…. Define Manifestation Determination Discuss when to complete a Manifestation Determination.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

HIPAA PRIVACY AND SECURITY AWARENESS.

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Acceptable Use Policies, Online Safety, and Photo Permission Forms Elizabeth White Tara Dykes Julie Howe.

Security and Privacy Strategic Global Partners, LLC.

HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.

2010 Test Security 2011 Campus Test Coordinator Training Test Security January 26, 2011 Freeport Intermediate school.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.

North Allegheny School District Student Activity Funds June 17, 2003.

Computer Security 2 Keeping your computer safe. Computer Security 2 Computer Security 2 includes two lessons:  Lesson 3: Protecting yourself and your.

Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

1 User Policy (slides from Michael Ee and Julia Gideon)

13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

CAN I GET IN TROUBLE USING A... COMPUTER? Or do computers solve all of life’s problems?

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Our Acceptable Use Policy An Overview What is an Acceptable Use Policy (AUP)?

Acceptable Use Policy by Andrew Breen. What is an Acceptable Use Policy? According to Wikipedia: a set of rules applied by many transit networks which.

Note1 (Admi1) Overview of administering security.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

Classification of information No. 6 The purpose of categorising records is to distinguish their place and value in the business and is based on the following.

Firewall Management, Intrusion Detection, Intrusion Prevention and Security Information Management AC475 Team Project Kathleen Jackowski Elizabeth Kearney-Lang.

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics.

Supervision SICOR Securities, Inc.. Why? NASD 3110 requires the firm to “…establish and maintain a system to supervise the activities of each registered.

By: Christina Anderson EDTC 630. AUP stands for Acceptable Use Policy  The AUP is an outline of procedures/rules to inform all students and employees.

SAFEGUARDING YOUR ASSETS AND PREVENTING FRAUD

Security and Ethics Safeguards and Codes of Conduct.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Policies and Security for Internet Access

August 31, The Etowah County School District’s electronic network is available to all students and employees. The goal is to foster learning environments.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.

& UETAESIGN COMPLIANCE. CHANGING LANDSCAPE As contract management transitions into a paperless world, documents must remain compliant with government.

Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.

Chapter 3: IRS and FTC Data Security Rules

INFORMATION SYSTEMS SECURITY and CONTROL

HQ Expectations of DOE Site IRBs

Presentation transcript:

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth Kearney-Lang Daureen Lingley-Chor

Research Our research began with An Introduction to Computer Security: The NIST Handbook National Institute of Standards and Technology Special Publications: – SP Revision 1 entitled Guidelines on Firewalls and Firewall Policy, – SP Revision 1 entitled Computer Security Incident Handling Guide, – SP entitled Guide to Intrusion Detection and Prevention Systems.

Research Collaboration: wikispaces Warious vendor website White Papers

Control for Firewall Management, Intrusion Detection & Prevention Implement and enforce Back-up Procedure – Category: Procedure – Type: General, Secondary, Corrective – Control Benefit: Up-to-date back-up if needed – Adverse Impact: Unnecessary extended downtime

Control Evidence In Place: Written documentation of procedure, documentation readily available in hardcopy or online. In Effect: All data will be properly backed up, personnel responsible for back-up procedure will have knowledge of procedure and documentation of all back-ups that occur.

Audit Steps In Place: Review written documentation of procedure and search for online copy. In Effect: Test and verify the existence of back- up data stores. Interview employees to determine responsibilities and accountable party.

Control for Security Information Management Written Acceptable Use Policy with required signature of employee – Category: Legal – Type: General, Secondary, Preventative – Control Benefit: Ensures employee knowledge of and responsibility to properly safeguard the system. – Adverse Impact: Lack of knowledge and responsibility would create usage problems and security issues

Control Evidence In Place: Documented Policy, documents with employees’ signatures. In Effect: Understanding of policy by employees, file of signed policies will exist.

Audit Steps In Place: Review documentation of policy and check for signatures of all active employees. In Effect: Interview employees and review file of signed policies.

Image Polymers Company, LLC Covisia Solution, Inc. Test of controls

Best Practices for the AUP Explain employee rights and monitoring expectations Educate employees on legal issues State the consequences of noncompliance Ensure that all the employees are informed about the AUP

Acceptable Use Policy The System, including the system and Internet connections, is the property of the Company. Each employee is responsible for the use of the System and for observing all laws. In the event that any employee is found to have improperly used the System, he or she is subject to disciplinary action, up to and including immediate dismissal.

Acceptable Use Policy The company may review the following at its discretion: History of sent and received by employees Contents of sent and received by employees History of access to the WWW by employees Contents viewed by employees Time spent by employee on the www Voic messages

Challenge Audit Work Program