Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS4680 Security Auditing for Compliance

Published byLauren Flynn Modified over 5 years ago

Similar presentations

Presentation on theme: "IS4680 Security Auditing for Compliance"— Presentation transcript:

1 IS4680 Security Auditing for Compliance
Unit 7 Compliance Within the LAN-to-WAN and WAN Domains

2 Class Agenda 8/1/16 Covers Chapter 11 and 12 Learning Objectives
Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Lab will be perform in class. Break Times as per School Regulation Discussion on Project.

3 Learning Objective Use an appropriate framework to implement information systems security (ISS) compliance within the local area network (LAN)-to-Wide Area Network (WAN) and WAN Domains.

4 Key Concepts Compliance law requirements and business drivers for LAN-to-WAN and WAN Domains Devices and access controls for the LAN- to-WAN and WAN Domains and steps to maximize availability, integrity, and confidentiality (A-I-C) for LAN-to-WAN and WAN Domains

5 Key Concepts (Continued)
Policies, standards, procedures, and guidelines in the LAN-to-WAN and WAN Domains Vulnerability management in the LAN-to- WAN and WAN Domains Best practices for LAN-to-WAN and WAN Domain compliance requirements

6 EXPLORE: CONCEPTS

7 Business Drivers Protecting data privacy
Implementing proper security controls for the LAN-to-WAN Domain Internet Service Provider (ISP) connection and backup connection Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) Data leakage security appliance

8 Devices and Access Controls
Router Firewall Proxy server Demilitarized Zone (DMZ) Honeypots

9 Devices and Access Controls (Continued)
Web content filtering device Traffic-monitoring device

10 IT Security Framework Preventive DMZ Firewall
11/23/2018 IT Security Framework Preventive DMZ Firewall User-based access controls Encryption Within the WAN domain certain policies are or should be required: Preventive Enforce privacy through encryption Optimize WAN throughput Assurance of WAN service provider security Assurance of WAN availability User-based access controls for WAN resources Configuration change control Detective Performance monitoring Traffic analysis Configuration settings monitoring Penetration testing (c) ITT Educational Services, Inc.

11 IT Security Framework (Continued)
Detective Performance monitoring Packet analysis Configuration settings IDS

12 EXPLORE: PROCESSES

13 Vulnerability Management
11/23/2018 Vulnerability Management Define policy Baseline the environment Prioritize vulnerabilities Mitigate vulnerabilities Maintain and monitor Implement a Change Management Control Process Implement a Configuration Management Process Define Policy - Organizations must start out by determining what the desired security state for their environment Baseline the Environment - Once a policy has been defined, the organization must assess the true security state of the environment and determine where instances of policy violations are occurring Prioritize Vulnerabilities - Instances of policy violations are then prioritized using risk and effort-based criteria Mitigate Vulnerabilities - Ultimately, the root causes of vulnerabilities must be addressed Maintain and Monitor - Organizations' computing environments are dynamic and evolve over time, as do security policy requirements (c) ITT Educational Services, Inc.

14 EXPLORE: ROLES

15 Roles Senior Managers IT Managers IT Auditors Data Owners
System Administrators Risk Managers

16 EXPLORE: CONTEXTS

17 Best Practices for LAN-to-WAN Domain Compliance
11/23/2018 Best Practices for LAN-to-WAN Domain Compliance Map your proposed LAN-to-WAN architecture before installing any hardware. Use one of the several available network-mapping software products to make the process easier. Identify all of the components’ data paths through the domain. Use the map to identify any single points of failure. Update the network map any time you make physical changes to your network. Implement a Change Management Control Process Implement a Configuration Management Process Define Policy - Organizations must start out by determining what the desired security state for their environment Baseline the Environment - Once a policy has been defined, the organization must assess the true security state of the environment and determine where instances of policy violations are occurring Prioritize Vulnerabilities - Instances of policy violations are then prioritized using risk and effort-based criteria Mitigate Vulnerabilities - Ultimately, the root causes of vulnerabilities must be addressed Maintain and Monitor - Organizations' computing environments are dynamic and evolve over time, as do security policy requirements (c) ITT Educational Services, Inc.

18 Best Practices for WAN Domain Compliance
11/23/2018 Best Practices for WAN Domain Compliance Map your proposed WAN architecture, including redundant and backup hardware and connections before establishing WAN service. Update the network map any time you make physical changes to your network. Establish multiple WAN connections to avoid any single point of failure. Use load-balancing techniques on the multiple WAN connections to utilize the bandwidth of both connections. Implement a Change Management Control Process Implement a Configuration Management Process Define Policy - Organizations must start out by determining what the desired security state for their environment Baseline the Environment - Once a policy has been defined, the organization must assess the true security state of the environment and determine where instances of policy violations are occurring Prioritize Vulnerabilities - Instances of policy violations are then prioritized using risk and effort-based criteria Mitigate Vulnerabilities - Ultimately, the root causes of vulnerabilities must be addressed Maintain and Monitor - Organizations' computing environments are dynamic and evolve over time, as do security policy requirements (c) ITT Educational Services, Inc.

19 Best Practices for WAN Domain Compliance (Continued)
11/23/2018 Best Practices for WAN Domain Compliance (Continued) Develop a backup and recovery plan for each component in the WAN Domain. Don’t forget to include configuration settings for network devices in your backup and recovery plans. Implement a Change Management Control Process Implement a Configuration Management Process Define Policy - Organizations must start out by determining what the desired security state for their environment Baseline the Environment - Once a policy has been defined, the organization must assess the true security state of the environment and determine where instances of policy violations are occurring Prioritize Vulnerabilities - Instances of policy violations are then prioritized using risk and effort-based criteria Mitigate Vulnerabilities - Ultimately, the root causes of vulnerabilities must be addressed Maintain and Monitor - Organizations' computing environments are dynamic and evolve over time, as do security policy requirements (c) ITT Educational Services, Inc.

20 Best Practices for WAN Domain Compliance (Continued)
11/23/2018 Best Practices for WAN Domain Compliance (Continued) Implement frequent update procedures for all operating systems, applications, and network-device software and firmware in the WAN Domain. Monitor WAN traffic for performance and traffic for suspicious content. Implement a Change Management Control Process Implement a Configuration Management Process Define Policy - Organizations must start out by determining what the desired security state for their environment Baseline the Environment - Once a policy has been defined, the organization must assess the true security state of the environment and determine where instances of policy violations are occurring Prioritize Vulnerabilities - Instances of policy violations are then prioritized using risk and effort-based criteria Mitigate Vulnerabilities - Ultimately, the root causes of vulnerabilities must be addressed Maintain and Monitor - Organizations' computing environments are dynamic and evolve over time, as do security policy requirements (c) ITT Educational Services, Inc.

21 Summary In this presentation, the following were covered:
Business drivers for LAN-to-WAN and WAN Domains Devices and access controls IT-security framework Vulnerability management Best practices for LAN-to-WAN and WAN Domains

22 Assignment and Lab Discussion 7.1 Vulnerability Management in LAN to-WAN and WAN Domains Lab 7.2 Auditing the LAN-to-WAN Domain for Compliance Assignment Assignment 7.3 Best Practices for LAN to-WAN and WAN Domain Compliance

Download ppt "IS4680 Security Auditing for Compliance"

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Chapter 12 Network Security.

Chapter 12 Network Security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Controls for Information Security

Controls for Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
OV 12 - 1 Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Similar presentations

Ads by Google