Note1 (Admi1) Overview of administering security.

Slides:



Advertisements
Similar presentations
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Separate Domains of IT Infrastructure
Security Controls – What Works
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
1 An Overview of Computer Security computer security.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security: Principles and Practice
Factors to be taken into account when designing ICT Security Policies
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE , Fall Security Strategies.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Network security Process in which digital information are protected.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Introduction to Network Defense
Incident Response Updated 03/20/2015
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Security Architecture
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Auditing Information Systems (AIS)
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Information Systems Security Operations Security Domain #9.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.
Completing network setup. INTRODUCTION Course Overview Course Objectives.
Module 11: Designing Security for Network Perimeters.
Introduction to Information Security
Scott Charney Cybercrime and Risk Management PwC.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.
Chapter 8 Auditing in an E-commerce Environment
Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.
CPT 123 Internet Skills Class Notes Internet Security Session B.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
IS3220 Information Technology Infrastructure Security
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.
Chapter 8 – Administering Security  Security Planning  Risk Analysis  Security Policies  Physical Security.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Best Cyber Security Practices for Counties An introduction to cybersecurity framework.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Information Systems Security
Chapter 8 – Administering Security
Cybersecurity - What’s Next? June 2017
Working at a Small-to-Medium Business or ISP – Chapter 8
INFORMATION SYSTEMS SECURITY and CONTROL
Implementing Client Security on Windows 2000 and Windows XP Level 150
Security week 1 Introductions Class website Syllabus review
Presentation transcript:

Note1 (Admi1) Overview of administering security

Overview of Administering Security 2 Outline Issues in administering security Security planning & policy Risk analysis Auditing Disaster recovery Management of resources and systems Management of Network security

Overview of Administering Security 3 Issues in administering security Security planning & Policy Risk analysis Auditing Disaster recovery Management of resources and systems Management of Network security

Overview of Administering Security 4 Security Planning A security plan is a document that describes how an organization will address its security needs. When the organization’s security needs change, its security plan needs to be periodically reviewed and updated.

Overview of Administering Security 5 Security Planning - Issues What the plan should contain?  content Who should write the plan?  the security planning team Support for the plan?  securing commitment to the plan Implementation of the plan?  methods, tools, resources, …

Overview of Administering Security 6 Security Planning - Issues What the plan should contain? –Security policy –Current security status –Requirements –Responsibility for implementation –Timetable –Reviews & updates

Overview of Administering Security 7 Security Planning - Issues Members of the security planning team –CIO (chief information officer) –Hardware support personnel –Systems programmers –Application programmers –Data entry personnel –Physical security personnel –Representative users

Overview of Administering Security 8 Security Planning - Issues Securing support for the plan 1.The plan needs to be accepted by the users and the involved personnel. –User education and publicity are needed to increase the users’ understanding of security. –Training of personnel is needed for implementing the plan. 2.The plan must be carried out. –Management commitment –Managers are concerned with ROI, vulnerability, risks, laws, etc. –Surveys and outside experts may be needed to persuade the managers to commit.

Overview of Administering Security 9 Security Planning - Issues Implementation of the plan –Policy versus mechanisms –A policy defines what are or are not allowed. –A policy is enforced by various mechanisms (tools, methods, procedures, etc.).

Overview of Administering Security 10 Risk analysis The first step in security planning is risk analysis. A process to determine the exposures and their potential harm The result of the risk analysis is important in securing management commitment to the security plan. It justifies expenditures for security.

Overview of Administering Security 11 Risk analysis Three steps: 1. A list of all exposures of a computing system and the expected cost of the loss 2. For each exposure, possible controls and their costs 3. A cost-benefit analysis –Does it cost less to implement a control or to accept the expected cost of the loss?

Overview of Administering Security 12 Auditing Administrators should use audit facilities provided in the systems or 3 rd party auditing tools to automate the audit analysis process. Auditing tools provide snapshots of a system’s status. Anomalies in the audit logs indicate potential attacks or problems.

Overview of Administering Security 13 Auditing Automated tools should be used to detect inconsistencies in the audit logs  Intrusion Detection Systems (IDS) The audit logs should be protected, by being sent to separate machines or written immediately to a printer.

Overview of Administering Security 14 Disaster recovery When attacks and/or problems cannot be prevented, how to recover from the damage and loss should be planned in advance. A contingency plan An incident response plan and team User awareness User notification mechanisms

Overview of Administering Security 15 Types of Disasters Natural disasters flood, falling water, fire, extreme temperature change, … Power loss Human vandals Unauthorized access and use Viruses, worms

Overview of Administering Security 16 Management of resources and systems Acceptable use Accounts, passwords Files and devices Access controls Network security –Perimeter protection –Connectivity –Remote access –Securing the hosts backups

Overview of Administering Security 17 Management of Network security Perimeter protection –Firewalls, routers, wireless access points Connectivity –The Internet –Local backbone –A map of physical connections Remote access –VPN for telecommuters ? –telnet, ftp, rlogin ? Securing the hosts in the network Insiders’ attacks vs attacks from outside

Overview of Administering Security 18 Summary Administering the security of an organization’s computer systems involve many issues. An up-to-date security plan is a must. Support for the plan is necessary. A disaster response/recovery plan is important. Periodic review and update is needed.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.