Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS4550 Security Policies and Implementation Unit 5 User Policies

Published byGrant Dixon Modified over 5 years ago

Similar presentations

Presentation on theme: "IS4550 Security Policies and Implementation Unit 5 User Policies"— Presentation transcript:

1 IS4550 Security Policies and Implementation Unit 5 User Policies

2 Class Agenda 7/14/16 Lesson Covers Chapter 9 Learning Objectives
11/14/2018 Class Agenda 7/14/16 Lesson Covers Chapter 9 Learning Objectives Lesson Presentation and Discussions. Practice Quiz 1 Discussion on Assignments. Discussion on Lab Activities. Break Times as per School Regulations. Try to read the text book before class. (c) ITT Educational Services, Inc.

3 Learning Objective Describe the different ISS policies associated with the user domain.

4 Key Concepts Reasons for governing users with policies
Regular and privileged users Acceptable use policy (AUP) and privileged-level access agreement (PAA) Security awareness policy (SAP) Differences between public and private user domain policies

5 EXPLORE: CONCEPTS

6 Discussion Computer Users Metcalfe law

7 AUP Protecting an organization’s computers and network
Managing passwords Managing software licenses Managing intellectual property

8 AUP (Continued) E-mail etiquette
Level of privacy an individual should expect when using an organization’s computer or network Noncompliance consequences

9 PAA The PAA generally contains the following from the administrator’s perspective: Acknowledgement of the risk associated with elevated access in the event the credentials are breached or abused Promise to only use the access granted for approved organization business Promise not to attempt to “hack” or breach security Promise to protect any output from these credentials such as reports, logs, files, and downloads

10 Different Types of Users Within an Organization
Employees System administrators Security personnel Contractors Auditors or guests and general public

11 Different User-Access Requirements
Each user requires different levels of access to applications and information within the organization Users require information from different systems across the organization to do their jobs The data coming from different systems often has different security controls The different role each user has within the organization can create security challenges

12 Who Develops User Policies
Chief financial officer (CFO) Chief operations officer (COO) Information security manager IT manager Marketing and sales manager

13 Who Develops User Policies (Continued)
Unit manager Materials manager Purchasing manager Inventory manager

14 Roles and Responsibilities
Executive Managers Responsible for governance and compliance requirements, and funding and policy support Program and Functional Managers Responsible for security management, planning, and implementation; also risk management and contingency planning IT Security Program Managers Responsible for broad training in security planning, system and application security management, risk management, and contingency planning

15 Roles and Responsibilities (Continued)
Auditors Responsible for broad training in security planning, system and application security management, risk management, and contingency planning All Users Responsible for basic security

16 Differences and Similarities in User Domain Policies
Public organizations must follow Sarbanes Oxley Compliance (SOX), Health Insurance Portability and Accountability Act (HIPPA), and other compliance laws Private organizations are often smaller and easier to control from a user standpoint Private organizations may not follow public-compliance laws Similarities: Private organizations may follow public-compliance laws depending on their governance requirements Public organizations may be small is size and thus have similar control over their user populations

17 The User as the Weakest Link in the Security Chain
People that use computers have different skill levels, thus have different perceptions on information security Social engineering can occur at any time within any organization Human mistakes often occur and can lead to security breaches One of the most significant threats come from within an organization from an “Insider” Applications have weaknesses that are not known and these weaknesses can be exploited by users either knowingly or unknowingly Security awareness training can remove this weakest link in the security chain

18 Summary In this presentation, the following were covered:
Different user type and user access requirements in an organization AUP and PAA People responsible for developing user policies Roles and responsibilities associated with user policies User policies in public and private organizations

19 Unit 5 Discussion and Assignments
Discussion 5.1 Best Practices for User Policies Assignment 5.3 Create User Policy

20 Unit 5 Lab Activities Lab is in the lab manual on line Lab 5.2 Craft an Organization-Wide Security Awareness Policy Reading assignment: Read chapter 8 and 9

21 Class Project-Draft Unit 5-U.S. compliance laws now affecting the firm, and any problems, or questions. Unit 6-DoD policy 1–5, and any problems, or questions. Deliverables or milestone drafts as specified in the project content will be submitted. Final project Due on Week 11

Download ppt "IS4550 Security Policies and Implementation Unit 5 User Policies"

Similar presentations

Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,

Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Hart District Acceptable Use Policy Acceptable Use Policy.

Hart District Acceptable Use Policy Acceptable Use Policy.
Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Security Controls – What Works

Security Controls – What Works
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Managing Risk in Information Systems Strategies for Mitigating Risk

Managing Risk in Information Systems Strategies for Mitigating Risk
Network security policy: best practices

Network security policy: best practices
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
ITEC 275 Computer Networks – Switching, Routing, and WANs Week 12 Chapter 14 Robert D’Andrea Some slides provide by Priscilla Oppenheimer and used with.

ITEC 275 Computer Networks – Switching, Routing, and WANs Week 12 Chapter 14 Robert D’Andrea Some slides provide by Priscilla Oppenheimer and used with.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.

Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.

Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

Similar presentations

Ads by Google