Lecture 29 Information Security

Slides:

Advertisements

Similar presentations

Information Technology – Guidelines for the Management of IT Security

Advertisements

FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009.

Deploying GMP Applications Scott Fry, Director of Professional Services.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

Security Controls – What Works

Information Security Policies and Standards

Security Management Practices Keith A. Watson, CISSP CERIAS.

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.

Stephen S. Yau CSE , Fall Security Strategies.

Chapter 7 Database Auditing Models

Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.

Module 8: Implementing Administrative Templates and Audit Policy.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Chapter 7 WORKING WITH GROUPS.

Module 16: Software Maintenance Using Windows Server Update Services.

Release & Deployment ITIL Version 3

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Automatically control.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Audit – Proof Information System Security Controls Wednesday, August 18, 2010 John R. Robles Tel:

SecureAware Building an Information Security Management System.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

The Basics  Operating systems (OS) can help computer users do many things, like managing and manipulating files and folders.  Operating systems also.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Module 6: Designing Active Directory Security in Windows Server 2008.

COBIT - IT Governance.

POSITIONING STATEMENT For people who operate shared computers with Genuine Windows XP, the Shared Computer Toolkit is an affordable, integrated, and easy-to-use.

Module 14: Configuring Server Security Compliance

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.

Module 4: Planning, Optimizing, and Troubleshooting DHCP

1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Support for Vista Unity 5.0(1)

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Security Management Chao-Hsien Chu, Ph.D.

Information Systems Security

Definitions of Business, E- Business, and Risk  Business: An organization involved in trade of goods and/or services to the consumers  E-Business: Application.

Module 6: Designing Security for Network Hosts

© ITT Educational Services, Inc. All rights reserved.Page 1 IS3230 Access Security © ITT Educational Services, Inc. All rights reserved. IS3230 Access.

Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Operating Systems Security Engr. Wajahat Abbas. Overview Layers of Security 10 Immutable Laws of Security Malware Defenses Passwords Application Security:

Principles of Information Systems, Sixth Edition Software: Systems and Application Software Chapter 4.

Module 10: Implementing Administrative Templates and Audit Policy.

Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Chapter 1: Security Governance Through Principles and Policies

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Lesson 4 Software: Systems and Applicatio n Software CREATED BY MOBIN 2016.

Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

Developing a Network Security Policy By: Chris Catalano.

Information Security Policy

Critical Security Controls

Module 8: Securing Network Traffic by Using IPSec and Certificates

LAND RECORDS INFORMATION SYSTEMS DIVISION

Understand Core Security Principles

IS4550 Security Policies and Implementation

2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.

CYB 110 Education Begins / Snaptutorial.com. CYB 110 All Assignments For more classes visit CYB 110 Week 1 Individual Protecting.

CYB 110 Education Begins / tutorialrank.com. CYB 110 All Assignments For more course tutorials visit CYB 110 Week 1 Individual Protecting.

DHCP, DNS, Client Connection, Assignment 1 1.3

Module 8: Securing Network Traffic by Using IPSec and Certificates

Configuration Management

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

Presentation transcript:

Lecture 29 Information Security

Overview The CIA Security Governance Information Classification Policies, Procedures, etc. Organizational Structures Roles and Responsibilities Information Classification Risk Management

The CIA: Information Security Principles Confidentiality Allowing only authorized subjects access to information Integrity Allowing only authorized subjects to modify information Availability Ensuring that information and resources are accessible when needed

Reverse CIA Confidentiality Integrity Availability Preventing unauthorized subjects from accessing information Integrity Preventing unauthorized subjects from modifying information Availability Preventing information and resources from being inaccessible when needed

Using the CIA Think in terms of the core information security principles How does this threat impact the CIA? What controls can be used to reduce the risk to CIA? If we increase confidentiality, will we decrease availability?

Security Governance Security Governance is the organizational processes and relationships for managing risk Policies, Procedures, Standards, Guidelines, Baselines Organizational Structures Roles and Responsibilities

Policy Mapping Laws, Regulations, Requirements, Organizational Goals, Objectives General Organizational Policies Functional Policies Procedures Standards Guidelines Baselines

Policies Policies are statements of management intentions and goals Senior Management support and approval is vital to success General, high-level objectives Acceptable use, internet access, logging, information security, etc

Procedures Procedures are detailed steps to perform a specific task Usually required by policy Decommissioning resources, adding user accounts, deleting user accounts, change management, etc

Standards Standards specify the use of specific technologies in a uniform manner Requires uniformity throughout the organization Operating systems, applications, server tools, router configurations, etc

Guidelines Guidelines are recommended methods for performing a task Recommended, but not required Malware cleanup, spyware removal, data conversion, sanitization, etc

Baselines Baselines are similar to standards but account for differences in technologies and versions from different vendors Operating system security baselines FreeBSD 6.2, Mac OS X Panther, Solaris 10, Red Hat Enterprise Linux 5, Windows 2000, Windows XP, Windows Vista, etc