EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.

Slides:

Advertisements

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Advertisements

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

SL21 Information Security Board Mission, Goals and Guiding Principles.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.

Security Controls – What Works

Information Security Policies and Standards

Security+ Guide to Network Security Fundamentals

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Computer Security Fundamentals

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Network security policy: best practices

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Security Guidelines and Management

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Information Security Information Technology and Computing Services Information Technology and Computing Services

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Technology Basics Fall Help Desk Method 1 Call the Help Desk at (718) When you call you will get the following menu: Help Desk Menu Touch.

1. Agenda Service Utilization Service Level Metrics Service Performance Review Incident Review Current / Future Service Plan Service Improvement Plan.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

Solutions for BDMHS  JF&C is a highly qualified company that performs a wide variety if technical services in the Chicago land area to business, government.

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 User Policy (slides from Michael Ee and Julia Gideon)

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Appendix C: Designing an Operations Framework to Manage Security.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

IMFO Annual Conference – 2015 S21: Good Governance & Oversight B2B.

Chapter 2 Securing Network Server and User Workstations.

Course ILT Troubleshooting Unit objectives Describe methods to help prioritize network problems List basic troubleshooting steps to be followed when working.

Module 11: Designing Security for Network Perimeters.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.

Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Policies and Security for Internet Access

MIS 4850 Systems Security Abdou Illia, Ph.D School of Business Eastern Illinois University (Monday 1/11/2016)

Information Security tools for records managers Frank Rankin.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?

Montgomery College Acceptable Use Policy (AUP). 2 This Acceptable Use Policy (AUP) PowerPoint presentation was developed by the Office of the Information.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Servelite - Complete IT Solutions. Servelite IT solutions specialize in providing Home solutions and Business solutions. We focus upon delivering quality.

Service Desk Good Practice Guide – Benchmarking survey results January 11 th 2012.

Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

Successfully Implementing The Information System Systems Analysis and Design Kendall and Kendall Fifth Edition.

Chapter 7. Identifying Assets and Activities to Be Protected

TECHNOLOGY GUIDE THREE

Computer Security Fundamentals

LAND RECORDS INFORMATION SYSTEMS DIVISION

Records Management New policies and procedures

Information Technology (IT) Department

IS4550 Security Policies and Implementation

IT Development Initiative: Status and Next Steps

IS4680 Security Auditing for Compliance

Security week 1 Introductions Class website Syllabus review

PLANNING A SECURE BASELINE INSTALLATION

Agenda The current Windows XP and Windows XP Desktop situation

Presentation transcript:

EECS 4482 Fall 2014 Session 8 Slides

IT Security Standards and Procedures An information security policy is at a corporate, high level and generally is not detailed enough for day to day operations and system configuration. Standards and corporate procedures should be developed to take the information security policy to a lower level as a basis for defining system requirements, guiding employee behavior, educating system users, configuring system software and writing operation procedures.

IT Security Standards and Procedures Each standard or corporate procedure should address a specific subject such as password and firewall. Organizations can refer to professional sources like Control Objectives for Business and Information Technology (COBIT) and International Standards Organization (ISO) as benchmarks to assess the comprehensiveness of their security standards. ISO provides guidelines and a framework for organizations to implement information security.

IT Security Standards and Procedures Standards should be supplemented with local procedures that fit each division and computing platform. In addition to standards, there are corporate security procedures for certain areas where there is little fluctuation among operating areas, such as procedures for reporting loss of equipment.

Standards & Procedures Topics Anti-virus. Appropriate use of information and information technology procedures. Cryptography. Data centre. Procedures for installation of hardware and software. Procedures for disposal of data, media and equipment

Standards and Procedures Topics eBusiness Firewall Incident response procedures Information classification Intrusion detection and prevention Loss reporting procedures Mobile computing

Standards and Procedures Topics Password Patching Routers Servers Software design Virtual private network Wireless Workstations

Secenario 1 A local system administrator (SA) receives a call from a law enforcement officer requesting any information that can be provided for a specific IP number. The situation sounds very serious and the officer is explaining that this information is critical to determine how to proceed. Which policy, standard or procedures will guide this? What should the SA do? Who should approve the action? Approval before or after?

Scenario 2 An administrative assistant has filed a complaint with the university legal department that her boss spends an enormous amount of time surfing the web and searching for porn. There have been no previous complaints concerning this activity and the individual being accused has a good university record. Which policy, standard or procedures will guide this? What questions need to be answered? What steps should be taken? What should be represented in policy?

Scenario 3 A small group of graduate students are not overly happy with the networking arrangements they have in their work space. They have complained to the local network administrator but the situation has still not been resolved to their satisfaction. One of the graduate students purchases a small wireless access point and installs it in the work space for others to use. Which policy, standard or procedures will guide this? What questions need to be answered? What steps should be taken? What should be represented in policy?