Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technology to Protect Crown Jewels. Purpose This pack draws out extreme examples for protecting the Crown Jewels. The purpose of examining these extremes.

Published byNickolas Cox Modified over 7 years ago

Similar presentations

Presentation on theme: "Technology to Protect Crown Jewels. Purpose This pack draws out extreme examples for protecting the Crown Jewels. The purpose of examining these extremes."— Presentation transcript:

1 Technology to Protect Crown Jewels

2 Purpose This pack draws out extreme examples for protecting the Crown Jewels. The purpose of examining these extremes is to spark meaningful discussion to settle on an appropriate risk vs. cost vs. usable solution. Note, the extremes are not necessarily mutually exclusive. Hybrid solutions are possible.

3 Options Considered OptionDescription / Use Case Extremely Over Engineered Example (EOE 2 ) Secured nTier architecture included controls at each architecture tier and between each tier. Secure Collaboration Environment (SCE)A highly secured and tightly access controlled environment for collaboration of unstructured information. Broad Brush ApproachConfiguration of Network and Client ILP to detect movement of Crown Jewels – not specific to any single system. Identify exactly where it exists in our environment and secure it in place

4 Extremely Over Engineered Example Client Device Web Server Application Server Database ServerFile Server Firewall / Reverse Proxy Firewall Application Firewall Client NAC (ensure integrity of client) – Symantec Enterprise Protection Client ILP (monitor movement of data) Data sensitivity tags applied to unstructured documents from most sensitive file shares or applications DRM Client (create, render and access secure data) 2 factor for the client (1 factor is biometrics) Encrypt data on the client and on removable media Enable ILP to prevent DVD write and require secure USB for tagged files. 2 factor authentication SSL to both client and application server HID/HIP SIEM monitors logs Hardened configuration with patching Reverse Proxy authentication NAC Require GSK device with ILP to access data/application Control permitted traffic and content of traffic between web server and app server Generate DRM controlled documents/reports HID/HIP SIEM monitors logs Hardened configuration with patching Oracle Data Vault (type technology) Encryption HID/HIP SIEM monitors logs Additional level of enhanced database monitoring 2 factor for administrative access Encrypted File System Privileged accounts cannot decrypt HID/HIP SIEM monitors logs 2 factor for administrative access Controls placed “in” and “between” each layer Segregation of duties for management of “in” and “between” layer controls Rigorous change control procedures for each item Security intrusion test performed on a regular basis for each item Everything but Client Device is in secure data center Internal Network ILP

5 Secure Collaboration Environment A “lock box” system – Access to the system is tightly controlled (e.g. BU IT Head approves access) – Strong authentication to access the environment – All content placed in the system is encrypted at rest on the server and DRM is applied when the content is imported – Access and all file movement is logged

6 Broad Brush Approach Configure the Network and Client ILP software with patterns to detect the Crown Jewels

Download ppt "Technology to Protect Crown Jewels. Purpose This pack draws out extreme examples for protecting the Crown Jewels. The purpose of examining these extremes."

Similar presentations

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant

The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Triple-Layered Security. INHERITED SECURITY User/Group Management Single Sign On Object Level Security Row Level Security File Management ROAMBI SECURITY.

Triple-Layered Security. INHERITED SECURITY User/Group Management Single Sign On Object Level Security Row Level Security File Management ROAMBI SECURITY.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.

 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.
MITP 458 Application Layer Security By Techjocks.

MITP 458 Application Layer Security By Techjocks.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Security Guidelines and Management

Security Guidelines and Management
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

Similar presentations

Ads by Google