©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.

Slides:



Advertisements
Similar presentations
Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.
Advertisements

Managing Risk: A Framework and Reporting Cycle 2014.
Security Controls – What Works
Information Security Policies and Standards
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice
Computer Security Fundamentals
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Session 3 – Information Security Policies
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Introduction to Network Defense
Incident Response Updated 03/20/2015
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
SEC835 Database and Web application security Information Security Architecture.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Dr E Kritzinger – UNISA SACSAW Cyber Awareness Implementation Plan (CAIP) for schools.
SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
FORESEC Academy FORESEC Academy Security Essentials (II)
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.
Information Assurance Policy Tim Shimeall
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
Developing Plans and Procedures
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Our Acceptable Use Policy An Overview What is an Acceptable Use Policy (AUP)?
EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Introduction to Information Security
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Defense in Depth. 1.A well-structured defense architecture treats security of the network like an onion. When you peel away the outermost layer, many.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
IS2210: Systems Analysis and Systems Design and Change Twitter:
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Chapter 3 “A Case Study of Effectively Implemented Information Systems Security Policy[1]” John Doran, CST554, Spring 2008.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.
Information Security Policy
Risk management.
Policy & Procedure Writing
Introduction to the Federal Defense Acquisition Regulation
I have many checklists: how do I get started with cyber security?
Red Flags Rule An Introduction County College of Morris
Cyber security Policy development and implementation
Drew Hunt Network Security Analyst Valley Medical Center
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Introduction to the PACS Security
Presentation transcript:

©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir

©Dr. Respickius Casmir Outline Introduction to IT Security Best Practices The Security Team Security Policy Enforceability Minimum Security Requirements

©Dr. Respickius Casmir Introduction to Security Best Practices Best practices in network security are more about the what and why of securing the organization's information assets than about the how. The IT Security Policy is a formal definition of an organization's stance on security, meaning what is allowed and what is not allowed.

©Dr. Respickius Casmir Introduction to Security Best Practices (2) Policy statements, in particular "Acceptable Use" statements, define users' roles and responsibilities and can be stated as general high-level statements that cover all network systems and data within the organization. The statements should include acceptable use of systems and data for ALL categories of USERS including the system administrator.

©Dr. Respickius Casmir Introduction to Security Best Practices (3) The intent of this policy is to clearly define the purpose, providing guidelines and responsibilities. The policy should also identify specific actions that could be taken in response to a violation of security policy, including disciplinary action. Put it in print and post it on the walls.

©Dr. Respickius Casmir Introduction to Security Best Practices (4) Security awareness training is a MUST to make the policy enforceable. All employees must be aware of the security policy and if possible every employee sign on a copy of the acceptable-use statement.

©Dr. Respickius Casmir The Security Team The security team needs to be a cross- functional team with participants from every operational area. The team is responsible for policy awareness and enforcement as well as being informed on the technical aspects of the security architecture. The team is also responsible for responding to security breaches and reporting to senior management..

©Dr. Respickius Casmir The Security Team (2) The security team should also be responsible for approving security changes, or alternatively, a security team member should sit on the change management team. Monitoring the security of the network, creating an incident response process that includes being part of the restoration team when a loss occurs – they are all responsibilities of the security team.

©Dr. Respickius Casmir Security Policy Enforceability In order for a policy to be enforceable, it needs to be Consistent with other corporate policies Accepted by the network support staff as well as the appropriate levels of management Enforceable using existing network equipment and procedures Compliant with local and national laws.

©Dr. Respickius Casmir Minimum Security Requirements 1. Software patch updates 2. Anti-virus software 3. Host-based firewall software 4. Passwords 5. No unencrypted authentication 6. No unauthenticated relays 7. No unauthenticated proxy services 8. Physical security 9. Unnecessary services

©Dr. Respickius Casmir Conclusion Remember that it is impossible to completely secure distributed systems. The goal is to create security awareness and implement security mechanisms, minimize risk and maximize the use of technology.

©Dr. Respickius Casmir Thank You! Dr. Respickius Casmir

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.