Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS4680 Security Auditing for Compliance

Published byGeorgiana Copeland Modified over 5 years ago

Similar presentations

Presentation on theme: "IS4680 Security Auditing for Compliance"— Presentation transcript:

1 IS4680 Security Auditing for Compliance
Unit 6 Compliance within the Workstation and LAN Domains

2 Class Agenda 7/25/16 Covers Chapter 9 and 10 Learning Objectives
Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Lab will be perform in class. Break Times as per School Regulation Discussion on Project.

3 Learning Objective Describe information security systems compliance requirements within the workstation and local area network (LAN) domains.

4 Key Concepts Compliance law requirements and business drivers for workstation and LAN domains Steps to maximize availability, integrity, and confidentiality (AIC) for workstation and LAN domains Workstation and LAN domains—policies, standards, procedures, and guidelines

5 Key Concepts (Continued)
Vulnerability management in workstation and LAN domains Best practices for workstation and LAN domain compliance requirements

6 Workstation and LAN Domain component and devices
Name some devices associated to workstation. Connection Media and devices and protocol Inter process communications

7 Compliance Law Requirements and Business Drivers
Most businesses require workstations to accomplish business tasks. Within the workstation domain, the compliance satisfies two main purposes: Increases information security—Information is a material organizational asset, and in some cases, the primary organizational asset. Thus, ensuring the security of information is equivalent to protecting the viability of the organization. Reduces liability—If one or more attacks are successful against your organization’s information, you might be liable to damages caused to third parties. If information loss or leakage causes damage to other people or organizations, and the damage is a result of noncompliance; your organization might be liable for part or all of the damages.

8 IT Security Policies Workstation domain includes following policies. These policies are associated with standards, procedures, and guidelines: policy Uninterruptible power supply (UPS) for critical workstations Information privacy policies Removable storage device policy Access rights policy

9 Devices and Access Controls
Removable storage devices include: Removable hard disk drives Universal serial bus (USB) flash drives Removable Compact Disc (CD), read-only-memory (CD-ROM) and Digital Versatile Disc (DVD) drives Removable tape drives

10 Devices and Access Controls (Continued)
Access control methods may be based on the permissions granted to a user or group, or they may be based on a user’s security clearance. Operating systems require users to follow the identification steps with authentication. Authentication is the process of providing additional credentials that match the user identification data (ID) or user name.

11 Vulnerability Management
Define policy—Organizations must start out by determining what the desired security state for their environment. Baseline the environment—Once a policy has been defined, the organization must assess the true security state of the environment and determine where instances of policy violations are occurring.

12 Vulnerability Management (Continued)
Prioritize vulnerabilities—Instances of policy violations are then prioritized by using risk and effort-based criteria. Mitigate vulnerabilities—Ultimately, the root causes of vulnerabilities must be addressed.

13 Vulnerability Management (Continued)
Maintain and monitor—Organizations' computing environments are dynamic and evolve over time, as do security-policy requirements.

14 EXPLORE: PROCESSES

15 Maximize AIC The overall purpose of compliance requirements is to enforce the basic pillars or tenets of security, the AIC properties of security, and some compliance requirements that might seem to be unnecessary. All these work together to support the AIC properties of a secure systems.

16 Maximize AIC (Continued)
AIC properties of a secure systems are: Availability—Assurance that the information is available to authorized users in an acceptable time frame when the information is requested. Integrity—Assurance that the information cannot be changed by unauthorized users. Confidentiality—Assurance that the information cannot be accessed or viewed by unauthorized users.

17 Roles Senior Managers IT Managers
Responsible for organizational governance and compliance. IT Managers Responsible for application of controls to be in compliance.

18 Roles (Continued) IT Auditors Data Owners
Responsible for auditing IT controls for compliance. Data Owners Responsible for the data and who is granted access to it.

19 Roles (Continued) System Administrators Risk Managers
Responsible to monitor the controls on systems, and follow them as well. Risk Managers Responsible for risk.

20 Workstation and LAN Domain Compliance Requirements
Protecting data privacy. Implementing proper security controls for the workstation and LAN domain. Workstation and LAN configuration and change management. Access rights and access controls to the workstation and LAN domain. Maximizing AIC.

21 Summary In this presentation, the following were covered:
Workstation and LAN domain compliance requirements IT security policies, devices and access controls, and vulnerability management Process to maximize availability, integrity, and confidentiality Roles and responsibilities related to workstation and LAN domain compliance

22 Assignment and Lab Discussion 6.1 Vulnerability Management in Workstation and LAN Domains Lab 6.2 Auditing the Workstation Domain for Compliance Assignment 6.3 Best Practices for LAN Domain Compliance

Download ppt "IS4680 Security Auditing for Compliance"

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Security Controls – What Works

Security Controls – What Works
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.

INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
Data Integrity Lesson 12. Skills Matrix Maintaining Data Integrity Maintaining data integrity is your most important responsibility. –Performing backups.

Data Integrity Lesson 12. Skills Matrix Maintaining Data Integrity Maintaining data integrity is your most important responsibility. –Performing backups.
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

Similar presentations

Ads by Google