Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Security Concepts Ali SHAYAN ZAKARIA 12.May.2010 Kish Island – CITELEX 2010 " The best way to predict the future is to invent it. Alan Kay 1General.

Published byMadisen Swallows Modified over 10 years ago

Similar presentations

Presentation on theme: "General Security Concepts Ali SHAYAN ZAKARIA 12.May.2010 Kish Island – CITELEX 2010 " The best way to predict the future is to invent it. Alan Kay 1General."— Presentation transcript:

1 General Security Concepts Ali SHAYAN ZAKARIA 12.May.2010 Kish Island – CITELEX 2010 " The best way to predict the future is to invent it. Alan Kay 1General Security Concepts12/5/2010

2 Reasonable Secure Environment 12/5/2010General Security Concepts2 Physical OperationalManagement

3 Securing the Physical Environment Physical Security: – Involves protecting your assets and information from physical access by unauthorized personnel. – Try to protect those items that can be seen, touched and stolen. Easy? How? – Controlling access to the office, – Shredding unneeded documents, – Limiting access to sensitive area, Provide perimeter and corridor security, Person present (even if it a guard who spends most of the time sleeping) Roving security patrol, Multiple lock access control methods Electronic or password access 12/5/2010General Security Concepts3

4 Physical Security Components First: Making a physical location less tempting as a target – You must prevent people from seeing your organization as a tempting target Locking doors Installing surveillance or alarm system Elevators requiring keys or badges in order to reach upper floors Second: Detecting the penetration or theft – You want to know what was broken into, what is missing, and how the loss occurred Passive videotape systems Make the video cameras as conspicuous as possible Make it well-known that youll prosecute anyone caught in the act of theft to the fullest extend of the law Third: Recovering from a theft or loss of critical information or systems – How will the organization recover from the loss and get on with normal business Planning Thought Testing 12/5/2010General Security Concepts4

5 Examining Operational Security Operational security focuses on how your organization does that which it does Everything that isnt related to design or physical security in your network Instead of physical components where the data is stored, such as server, the focus is on topology and connections Issues: – Computers – Daily operations of network – Management – Policies – Access control – Authentication – Security topologies – Connection to other networks – Backup plans – Recovery plans 12/5/2010General Security Concepts5

6 Working with Management & Policies Provide the guidance, rules, and procedures of implementing a security environment Policies, to be effective, must have the full and uncompromised support of the organizations management team Policies establish expectations about security-related issues Key policies to secure a network: – Administrative policies – Software design requirements – Disaster recovery plan – Information policies – Security policies – Usage policies – User management policies 12/5/2010General Security Concepts6

7 Working with Management & Policies Administrative Policies – Guide lines and expectations for upgrades, monitoring, backups, and audits How often and when upgrades appear When and how monitoring occurs How logs are reviewed Who is responsible for making decisions on these matters How often decisions should be reviewed – Who Administrators maintenance staff – Specifications Specific enough: to help administrative staff for running the system and network Flexible enough: to allow for emergencies and unforeseen circumstances 12/5/2010General Security Concepts7

8 Working with Management & Policies Software Design requirements – Capability of the system – Should be very specific about security – Design requirements should be viewed as a moving target Disaster Recovery Plans (DRPs) – Virtually consideration every type of occurrence of failure possible – The key to its success is its completeness – Backups and hot sites Hot site is a facility designed to provide immediate availability in the event of a system or network failure 12/5/2010General Security Concepts8

9 Working with Management & Policies Information Policies – Refer to various aspects of information security Access Classifications Marking and storage Transmission of sensitive information Destruction of sensitive information – Include data classification levels Public: for all advertisement and information posted on the web Internal: for all intranet-type information Private: personnel records, client data Confidential: Public Key Infrastructure (PKI) information and other items restricted to all but those who know them 12/5/2010General Security Concepts9

10 Working with Management & Policies Security Policies – Define the configuration of systems and networks Installation of software, hardware and network connections – Define computer room and data centre security How identification and authentication (I&A) occurs – Determine access control – Determine audit – Determine reports – Determine network connectivity – Encryption – Antivirus software – Procedures and methods used for Password selection Account expiration Failed logon attempts 12/5/2010General Security Concepts10

11 Working with Management & Policies Usage Policies – Refers how information and resources are used – Explain to users how they can use the organization resources and for what purpose – Lay down the law about computer usage – Include statement about privacy, ownership and the consequence of improper acts – Explain usage expectation about the Internet, remote access and e-mail – How users should handle incidents – State consequence of account misuse 12/5/2010General Security Concepts11

12 Working with Management & Policies User Management Policies – Should clearly outline who notifies the IT department about employee termination and how and when the notification occurs – How new employees Are added to the system Training Orientation Equipment installation and configuration – When employees leave the company account be disabled or deleted – Privilege Creep 12/5/2010General Security Concepts12

13 Understanding Components of an IT Security Audit

14 Network Security Managements Perspective Dangers: – Negligence – Dereliction of duty – Liable for damaged – Misconduct – Sabotage – Aiding and abetting crime 12/5/2010General Security Concepts14

15 Network Security Managements Perspective Issues – Training – Continuity and crisis planning – Assume information security is YOUR responsibility Lack of awareness can lead to negligence and liability! 12/5/2010General Security Concepts15

16 Modern Technology Roadmap Early 1990s: Virus scanners Mid 1990s: Firewalls Late 1990s: Over-reliance on encryption (PKI) Early 2000s: Over-reliance on intrusion detection systems (IDS) Late 2000s: Over-reliance on intrusion prevention systems/artificial intelligence 12/5/2010General Security Concepts16

17

18 Notable Trends in Cyber Criminality Motivation: Financial motives are making attackers more sophisticated. Targeted attacks: Attacks are much more targeted than before. Targets: The user and the user workstation (desktop or laptop) becomes the easiest path into the network. 12/5/2010General Security Concepts18

19 Questions ? 12/5/2010General Security Concepts19

20 Thanks 12/5/2010General Security Concepts20

Download ppt "General Security Concepts Ali SHAYAN ZAKARIA 12.May.2010 Kish Island – CITELEX 2010 " The best way to predict the future is to invent it. Alan Kay 1General."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google