Presentation is loading. Please wait.

Presentation is loading. Please wait.

Basic Systems Management Employing Security Policies

Published by미진 감 Modified over 4 years ago

Similar presentations

Presentation on theme: "Basic Systems Management Employing Security Policies"— Presentation transcript:

1 Basic Systems Management Employing Security Policies
Fred A DuBrock COSC 481 Dr. Oblitey

2 In the Beginning there was…
Policies

3 Security Department touches Every other Department
All employees affected by decisions Establishing ones credibility Social Engineering

4 Important That… Establish a good working relationship with all other departments. IS Manager may be new to company Other Departments will have well established missions, roles, procedures, and reporting structure.

5 The Worst… Assert authority without rapport
This will render the security effort ineffective Could render any further effort useless

6 Security Manager should
Start out by talking to each department manager and learn not to direct how security should be handled but to learn and work with the other departments.

7 Charged with a Mission Mission must be done in conjunction with and not in spite of the other departments and employees. The Key A good working relationship

8 Example Mission Statements
To appropriately manage the information security risk to the organization by working with the various internal departments To appropriately manage the information security risk to the organization by operation various network and system security mechanisms

9 Very important That the mission statement of the IS Department be correct because from the mission statement all of the work of the department is derived

10 Purpose of Policies It Establishes what is and is not allowed
Statements made broad and generic Yet be specific enough to not be ambiguous Must not leave too much room for interpretation Only well documented procedures stand the test of time

11 Target policies At users in all levels of organization
Apply to everyone from the average system user to top executives Opportunity to raise awareness in organization Give each person a connection to program

12 Breaking Rules Audience needs to know the price
Use language that everyone will understand Definitions should be accurate Concise Precise

13 Primary Goal Manage Risks to information and information systems
Develop ways to lower current risk The business owns all the data and they must establish the requirements for protecting information

14 Level of risk in your environment
Know what risks you have Risk the corporation can live with Develop a risk reduction plan Aim at lowering risks

15 Deploy Clear policies Guidelines
These are countermeasures that tell everyone what they are expected to do

16 Education Personnel Make them aware of threats Vulnerabilities
Risk and solution Security Training

17 Finally Monitor and audit Ensures it is achieving its goals.
Deploy auditing and logging tools

18 Remember Do not take for granted that the people in your organization are all technically well informed Do not assume

19 References Managements of Information Security
Security Policies and procedures: Principles and practices Security Planning & Disaster Recovery

20 Hand Out ???

21 The End

Download ppt "Basic Systems Management Employing Security Policies"

Similar presentations

EMS Checklist (ISO model)

EMS Checklist (ISO model)
Rock Paper Scissor Tournament. STRATEGIC MANAGEMENT PROCESS 1.4.

Rock Paper Scissor Tournament. STRATEGIC MANAGEMENT PROCESS 1.4.
Information Security Policies and Standards

Information Security Policies and Standards
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Information Systems Security Officer

Information Systems Security Officer
The 10 Deadly Sins of Information Security Management

The 10 Deadly Sins of Information Security Management
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Network security policy: best practices

Network security policy: best practices
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.

IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 Securing Channels of Communication Secure Sockets Layer (SSL): Most common form of securing channels.

Copyright © 2004 Pearson Education, Inc. Slide 5-1 Securing Channels of Communication Secure Sockets Layer (SSL): Most common form of securing channels.
Certification and Accreditation CS-7493-01 Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
April 14, 2003- A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Similar presentations

Ads by Google