Presentation is loading. Please wait.

Presentation is loading. Please wait.

The State of Security Management By Jim Reavis January 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The State of Security Management By Jim Reavis January 2003."— Presentation transcript:

1 The State of Security Management By Jim Reavis jim@reavis.org January 2003

2 Agenda  What is Security Management?  What are the different components?  What do I do?

3 What is Security Management?  A comprehensive system of tools and processes used to assure company policy compliance, identify deviations and adjust network computing systems accordingly  OR  A cycle of pushing controls to the network and collecting risk and threat information from all devices

4 Breaking down Security Mgt  Configuration Management  Policy Management  Event Management Relating it to the Enterprise  Users  Computers  Network

5 Configuration Management  Maintaining consistent security profiles for networked devices, accounts, applications and data –Centralized vs decentralized –Hierarchical –Transparent

6 Configuration Management  Users: Identity Management, Authentication, Tokens  Computers: Installation and Patch Management  Network: Network Management

7 Configuration Management Issues  Identity Mgt, PKI, etc., are expensive and difficult to implement  Corporations have difficulty keeping up with vendor patches and advisories  Corporations like “stable” networks with infrequent changes to standards  Many administrators “push back” against automation of configuration (e.g. Cisco IOS gurus)

8 Configuration Management Trends  Self service password resetting is a “killer app” for enterprise identity management  Patch management will improve capabilities to automate PC updates  Business Security Intelligence will grow in popularity to improve configuration decisions  Combination of vulnerability assessment/quick remediation will be seen as superior to traditional technologies such as AntiVirus

9 Policy Management  Translating corporate security policies into a computer friendly format, identifying systems that are out of compliance, bringing them back into compliance –Proactive – Force users to be created, systems to be built with secure, i.e. non-default setups –Vulnerability assessment – use network and host scanning to identify policy violations, enabled guest accounts, poor passwords, etc. –Create a “Closed Loop” system forcing non-compliant systems discovered by VA to be brought into compliance

10 Policy Management  Users: Creating corporate policies, Building policy awareness  Computers: Synchronizing computer settings with corporate policies  Network: Monitoring network traffic for out of compliance activity and anomalous behaviors, Synchronizing network devices with policies

11 Policy Management Issues  Many corporate policies are difficult to enforce with technology  Tight corporate policies create unintended side effects, e.g. forwarding sensitive messages to Internet accounts  Low end user awareness of corporate policies  Low mgt awareness of how their networks are really being used

12 Policy Management Trends  Enterprise “Carnivore” – big brother applications that track all network activity and identify policy violations  Policy education programs integrated with Human Resources  Automated policy mgt gets integrated with configuration mgt

13 Event Management  Collect real time information from Firewalls, IDS, Syslogs, Network probes and other devices –Data reduction, normalization & correlation –Comprehensive device support –Visualization & situational analysis

14 Event Management  Users: Intruder lockouts, abnormal user behavior  Computers: Identify attacks and mitigate them  Network: Identify attacks and filter anomalous traffic

15 Event Management Issues  Accuracy - we still see too many false alarms when managing  Manual - people still need to make most of the decisions to counter an attack  No standards for risk ratings, reporting formats  Difficult for management consoles to keep up with device version changes

16 Event Management Trends  In line – identify threats AND coordinate prevention  Quality of results depends on improving underlying technologies, notably IDS  Convergence with systems mgt vendors

17 What do I do?  Use a Risk Management approach to determine the level of security management required for your enterprise  Risk = Asset Value * Severity of Vulnerability * Likelihood of successful attack  Allocate security mgt resources to reduce your levels of vulnerability and attack likelihood in order to bring risk to an acceptable level

18 Baseline Management Approach  Identify your existing Baselines/Benchmarks  Set goals for new baselines  Set milestones for new goals  Measure progress

19 Outsourcing/MSSP Approach  You must have an internal Risk Management program before you can outsource anything  Create SLAs  Measure performance

20 Summary Security Management is about taking a …  Comprehensive  Integrated  Proactive …Approach  Reference listing of companies –http://csoinformer.com/research/sec-mgt.shtml

21 Questions  How do I cost justify investments in security management?  Will we see large systems management vendors such as IBM and CA dominate the Security management space?  What impact do industry regulations such as HIPAA and GLB have on Security management?  What role does Microsoft play is Security management?  Can I trust product vendors to provide management capabilities for third party products?  What standards can I look to for guidance in Security management?  What is an ISAC?  Is there specific training and certifications I should have for Security management?

Download ppt "The State of Security Management By Jim Reavis January 2003."

Similar presentations

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Chapter 12 Network Security.

Chapter 12 Network Security.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Patch Management Strategy

Patch Management Strategy

Similar presentations

Ads by Google