Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.

Slides:



Advertisements
Similar presentations
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Advertisements

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?
Chapter 5: Asset Classification
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Guide to Computer Forensics and Investigations, Second Edition
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security Controls – What Works
Security Awareness: Applying Practical Security in Your World
Security+ Guide to Network Security Fundamentals, Fourth Edition
IS Audit Function Knowledge
Computer Security: Principles and Practice
Stephen S. Yau 1CSE Fall 2006 IA Policies.
Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Introduction to Network Defense
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Guide to Computer Forensics and Investigations, Second Edition
General Awareness Training
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Information Systems Security Computer System Life Cycle Security.
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
Recordkeeping for Good Governance Toolkit Digital Recordkeeping Guidance Funafuti, Tuvalu – June 2013.
Data Integrity Lesson 12. Skills Matrix Maintaining Data Integrity Maintaining data integrity is your most important responsibility. –Performing backups.
Information Systems Security Operational Control for Information Security.
Computer Forensics Principles and Practices
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.
Policies and Procedures Security+ Guide to Network Security Fundamentals Chapter 11.
1 Figure 10-4: Intrusion Detection Systems (IDSs) Actions  Alarms  Interactive analysis Manual event inspection of raw log file Pattern retrieval 
Security fundamentals Topic 12 Maintaining organisational security.
ISO/IEC 27001:2013 Annex A.8 Asset management
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
CIT 180 Security Fundamentals Computer Forensics.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
CompTIA Security+ Study Guide (SY0-401)
Instructor Materials Chapter 13: The IT Professional
CompTIA Security+ Study Guide (SY0-401)
Security+ All-In-One Edition Chapter 1 – General Security Concepts
Legal and Ethical Responsibilities
Chapter 3: IRS and FTC Data Security Rules
Unit 7 – Organisational Systems Security
CompTIA Security+ Study Guide (SY0-401)
Drew Hunt Network Security Analyst Valley Medical Center
IS4680 Security Auditing for Compliance
Incident response and intrusion detection
Chapter 13: The IT Professional
CIS101B Week 4 Class 1 Chapter 12 Security 12.1 through 12.6
Presentation transcript:

Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC

Security+ Chapter 10 – Implementing Organizational Policies Brian E. Brzezicki

Security Policies (468) No company can have security without strong support from management and a structured plan. Security Policies are part of a security plan, they are used to provide structure and rules to ensure that security concerns are addressed. High level, not specific Standards and Guidelines provide the strength and detail that give the policies their support MUST be enforced, otherwise they are useless

Change Management (470) All organizations need to have Change Management Policies and procedures. Without structured change management, it is too easy for issues to pop up Changes are introduced that can cause disruption or problems Changes to systems/networks grow and cause problems recreating a system if needed.

Documentation (470) Systems, processes, procedures, and changes need to be documented. Failing to document can cause failure to recreate a system to it’s running state. documentation failures can also affect HR, legal and regulatory concerns

Patch Management (471) Systems need to be updated to remain in a secure state. However the patch management must also have a process to ensure that patching does not cause services outages, introduce bugs, or cause unexpected failures.

Due Diligence and Due Care (472) Due Diligence – research that an organization does to understand the risks it faces. Due Care – steps taken to protect against the risks an organization faces

Need to Know / Least Privi Least Privilege (473) lege Fundamental security concept that states a subject should only have the minimal about of knowledge or permissions that they NEED to perform their job functions.

Service Level Agreement (474) An agreement between a service provider and vendor that state the expected level of performance. Response time expected in a failure Amount of uptime for a system or network Performance metrics Required both from an engineering standpoint to ensure that solutions are appropriate, and also from a legal standpoint.

Personnel Policies

Personnel Policies (475) Human Resource Policies that deal directly with personnel. Behavior, expectations, conflict of interests, consequences. Some important personnel policies are Acceptable Use Privacy Policy Code of Ethics Mandatory Vacations Separation of Duties Job Rotation

Acceptable Use (475) Protects an organization by stating how systems and networks are allowed to be used. Should clearly state what type of actions are forbidden. This protects an organization from potential legal issues. Can anyone think of how acceptible Use policies protect an organization from legal issues?

Privacy Policy (n/b) A policy that states the level of privacy a user should expect. Organizations CANNOT monitor employees without the employees notified that they are being monitored. Login Banners should also be used to remind users of any system monitoring

Code of Ethics (476) A guide to drive a users behavior.

Mandatory Vacations (477) Ensuring that users take their vacations. Specifically to fight potential fraud Can also be used to ensure there are no personnel central points of failure

Separation of Duties (477) Ensure that no one employee can control any process from beginning to end Fights fraud Requires multiple people work together (collude) in-order to commit fraud

Job Rotation (477) Ensure that employees rotate or perform different functionalities, or that any single position can and is carried out by multiple people. Specifically to fight potential fraud Can also be used to ensure there are no personnel central points of failure

Education and Training (480) Employees are the week point in security. You must ensure employees have enough knowledge to be able to properly protect organizational assets. Education and Training are essential in that end. Some threats such as phishing can only effectively be counter through education and training.

Computer Disposal ( ) Often after an upgrade cycle computers (or copiers etc) are thrown away or donated to charities or sold. Any equipment that has storage should have the data sanitized. Secure deletion Reinstallation Physical destruction of storage media Degaussing of storage media

Incident Response Policies (485) Very important policies that are used to guide users in the case of an incident. Policies should include Incident Response Team Response Steps

Incident Response Team (485) Group of Employees with varying areas of expertise that are called to respond to an incident Senior Management Systems/Network engineers Security Analysts Public Relations

Response Steps (486) A response to an incident should be known before hand. Even though incidents include unexpected issues and concerns, there should be a structured plan with how to deal with them. Possible Steps: Identification of an incident Containment * Evidence collection * Investigation Eradication Recovery Procedure Changes * Possibly conflicting steps

Preservation Evidence (488) Preserving Evidence and keeping it reliable and untainted is critical if you want to pursue legal action. When doing forensics on a computer you should follow these steps 1.Dump system RAM 2.Power down system 3.Make a it bit level image of your hard drive (3 copies) 4.Analyze one of the images

Preserving Evidence (n/b) In the step above we mentioned you should make at least 3 bit level images of your hard drive the reasoning is One to store with the original hard drive, in case of loss of the original One to keep to verify the integrity of the original files compared to the files after analysis One to actually analyze

Chain of Custody (489) If you choose to collect evidence to present in a legal proceeding, proper steps must be taken from beginning to end to ensure the integrity of the evidence. Labeling evidence Ensuring that everyone that handles the evidence is logged Ensuring no un-authorized access to evidence

File Deletion Terms (n/b) When a user deletes a file, it’s not actually removed (unless using a highly secure OS) Some important terms relating to this are Free space – the space a file takes up that is still available after deletion (before something else uses it) Slack space – When file space is allocated, it is done in fixed sized blocks. A file will not actually use all this space. The unused area of a file even when in use is called the slack space. Information may be hidden in this space. (see visualization)

Slack Space (n/b) Hackers can hide data in the slack space to avoid detection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.