Randy Beavers CS 585 – Computer Security February 19, 2009.

Slides:



Advertisements
Similar presentations
Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Advertisements

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
© QinetiQ North America, Inc QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.
1 Telstra in Confidence Managing Security for our Mobile Technology.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Norman SecureSurf Protect your users when surfing the Internet.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
SEC835 Database and Web application security Information Security Architecture.
Computer Crime and Information Technology Security
Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,
PART THREE E-commerce in Action Norton University E-commerce in Action.
Management Information Systems
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
The Climate Prediction Project Global Climate Information for Regional Adaptation and Decision-Making in the 21 st Century.
1 Chapter 2 The Process. 2 Process  What is it?  Who does it?  Why is it important?  What are the steps?  What is the work product?  How to ensure.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
Business Systems Development SDLC and introduction to the Microsoft Solutions Framework Team and Process Models.
Introduction to Computer Ethics
Information Ethics Prof. Madya Dr. Rozinah Jamaludin 11 March 2010.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Engineering Essential Characteristics Security Engineering Process Overview.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Presentation Title Sub-Title Partner Name/ Logo.
ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
Hurdles in implementation of cyber security in India.
Welsh Government and Cyber Security. Information and communications technology (ICT) ICT Sector Panel Vision “Our vision is to establish Wales as a ‘connected’
Enterprise Cybersecurity Strategy
1 Introduction SEARCH-LAB Ltd.. 2 Introduction of SEARCH-LAB SEARCH Laboratory established at the Budapest University of Technology in 1999 SEARCH-LAB.
© 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Cyber Security and the National.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.
Regional Telecommunications Workshop on FMRANS 2015 Presentation.
The NIST Special Publications for Security Management By: Waylon Coulter.
Overview July 2011 INMM Nuclear Security and Physical Protection Technical Division.
UNCLASSIFIED The Open Group 01/07/10 Page-1 Kick-off Meeting for The Open Group Acquisition Cyber Security Initiative Ms. Kristen Baldwin Director, Systems.
Servers in the Wild… …and the threats that lurk about. DePaul University Information Security Team TLT Presentation 08 May 2002.
Surveillance and Security Systems Cyber Security Integration.
Society for Maintenance and Reliability Professionals (SMRP)
CS457 Introduction to Information Security Systems
and Security Management: ISO 28000
Information Technology Sector
ASSET - Automotive Software cyber SEcuriTy
Introduction to the Federal Defense Acquisition Regulation
(1888 PressRelease) Staying Ahead of Today’s Rapidly Evolving Security Landscape
Understand Core Security Principles
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Endpoint Security Market to grow at 7% CAGR from 2017 to 2024: Global Market.
Governance, Risk Management & Compliance (GRC) Market Share, Segmentation, Report 2024
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Dynamic Application Security.
IT Security Services Unapproved information leakage is a risk to associations. Steppa Cyber Security Services enable associations to apply data safety.
Cyber Security and the National Broadband Strategy
Securing the Threats of Tomorrow, Today.
INFORMATION SYSTEMS SECURITY and CONTROL
Matteo Merialdo RHEA Group Innovative aspects in cyber range solutions.
Agenda The current Windows XP and Windows XP Desktop situation
IT Management Services Infrastructure Services
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Low Power Wide Area Network.
Presentation transcript:

Randy Beavers CS 585 – Computer Security February 19, 2009

 Software underpins information infrastructure.  Organizations widely and increasingly use COTS software.  Cyber attacks are becoming more stealthy and sophisticated, creating a complex environment. Software Assurance: An Overview of Current Industry Best Practices

 Vendors have undertaken significant efforts to improve and protect software integrity.  Software Assurance critical to public safety and economic and national security.  Shows how SAFECode members approach software assurance, and how to use best practices for software development. Software Assurance: An Overview of Current Industry Best Practices

 Software Assurance Forum for Excellence in Code.  A non-profit organization exclusively dedicate to increasing trust in information and communications technology products and services through the advancement of proven software assurance methods. Software Assurance: An Overview of Current Industry Best Practices

 EMC Corporation  Juniper Networks, Inc.  Microsoft Corporation  SAP AG  Symantec Corporation  Website: Founded by: Software Assurance: An Overview of Current Industry Best Practices

The Challenge of Software Assurance and Security Software Assurance encompasses the development and implementation of methods and processes for ensuring that software functions as intended while mitigating the risks of vulnerabilities, malicious code or defects that could bring harm to the end user. Software Assurance: An Overview of Current Industry Best Practices

 Vital to ensuring the security of critical information.  Information and communications technology vendors have responsibility to address assurance in every stage of application development.  Integrators, operators, and end users share responsibility for ensuring security of critical information systems. Software Assurance: Software Assurance: An Overview of Current Industry Best Practices

 Software assurance risks faced by users today can be categorized in three areas:  1. Accidental design or implementation errors.  2. The changing technological environment.  3. Malicious insiders. Software Assurance: An Overview of Current Industry Best Practices

 Inadvertently create faulty software design or implementation highlights risk area for: ◦ Hackers ◦ Viruses ◦ Worms ◦ Other malicious attacks Software Assurance: An Overview of Current Industry Best Practices  Developers address risks through: o Training. o Use of secure development practices and tools.

 Rapid change and innovation are characteristics of the IT industry.  Criminals can and do innovate also. They have created a complex and lucrative criminal economy.  The process is one of on-going improvement as new threats are created, and new countermeasures developed and implemented. Software Assurance: An Overview of Current Industry Best Practices

 Growing concern that global software development processes could be exploited by a rogue programmer or organized group of programmers.  There are proven best practices that companies use to manage their unique development infrastructure and business models. Software Assurance: An Overview of Current Industry Best Practices

 Vendors have responsibility and business incentive to ensure product assurance and security.  Customers demand software be secure and reliable.  Vendors must protect brand names and company reputations. Software Assurance: An Overview of Current Industry Best Practices

 Software development varies by vendor and unique products, organizational structure, and customer requirements.  No single method that yields software assurance and security.  Regardless, there is a core of best practices for software assurance and security. Software Assurance: An Overview of Current Industry Best Practices

 Several different development methodologies, but they all share the following common elements:  Concept.  Requirements.  Design and Documentation.  Programming.  Testing, Integration, and Internal Evaluation.  Release.  Maintenance, Sustaining Engineering, and Incident Response. Software Assurance: An Overview of Current Industry Best Practices

Across SAFECode’s membership, security best practices and controls are well established: Software Assurance: An Overview of Current Industry Best Practices Security TrainingSecurity Documentation Defining Security RequirementsSecurity Readiness Secure DesignSecurity Response Secure CodingIntegrity Verification Secure Source Code HandlingSecurity Research Security TestingSecurity Evangelism

 INTEGRATORS.  Work in partnership with vendors to mitigate vulnerabilities.  OPERATORS.  Must deploy standard layered defense security measures.  END USERS.  Responsible software use a requirement for software assurance and security. Software Assurance: An Overview of Current Industry Best Practices

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.