Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.

Published byDonald Roberts Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues."— Presentation transcript:

1 Chapter 3

2  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues

3  Protection = Prevention + (Detection + Response).  Prevention techniques are static barriers to the intruders.  Detection and Response technologies are dynamic and an ongoing process.

4  Systems, technologies and network constantly change with time, thus we have to monitor the systems regularly.  Monitoring the security infrastructure in the organization is an essential part of any organization’s security program.

5  An organization’s security framework is very important in implementing the security.  Security framework includes ◦ Policies ◦ Procedures ◦ Standards ◦ Guidelines

6  Policies are high-level, broad statements of what the organization wants to accomplish.  Policies are formulated by management when laying out organization's position on some issue.

7  Standards are mandatory elements regarding the implementation of a policy.  They are accepted specifications providing specific details on how a policy is to be enforced.  Standards can be set by the organization or by an external agency.

8  Guidelines are recommendations relating to a policy.  Guidelines are optional.

9  Procedures are the steps-by-step instructions on how to implement policies in the organization.  Procedures describe exactly how employees are expected to act in a given situation.

10  The policies, procedures, standards and guidelines are dynamic.  They must be revises periodically.  The operational security lifecycle has 4 phases ◦ Plan (adjust) ◦ Implement ◦ Monitor ◦ Evaluate

11  Planning - In this stage, all the policies, procedures, standards and guidelines for your organization’s security are developed and designed.  Implement - In this stage you implement and enforce the policies, procedures, standards and guidelines. All the employees affected by these new policies, procedures, standards and guidelines will come to know about these changes.

12  Monitoring - In this stage, all the policies, procedures, standards, guidelines, hardware and software are monitored to check the effectiveness of organization’s security.  Evaluate – In this stage, all the policies, procedures, standards and guidelines are again re-evaluated to ensure that the security is adequate.

13 PlanImplementMonitorEvaluate

14  The basic idea of a security perimeter is to provide a “complete” security to the corporate network.  Access by external entities to the corporate network (Internal) is controlled and monitored via the security perimeter.

15 Internet Telephone Company

16  The purpose of access controls is to restrict access to only those who are authorized to have it.  Common forms of physical access controls are the use of security guard and the lock (including many new variations of the combination locks)

17  Physical security consist of all the mechanisms used to ensure that physical access to the computers and the networks is restricted to only authorized users.  Physical security adds an extra layer of security and protects the sensitive data.

18  Physical barriers provide the outmost security.  These barriers are highly visible to the public.

19

20  Biometrics is a more sophisticated access control approach.  Examples – fingerprint readers, retinal & iris scan, voice samples.  Biometric solutions are very expensive to implement.

21

22  Social engineering is the process of convincing an authorized individual to provide confidential information or access to an unauthorized individual.  Social engineering exploits the weakest point in the security perimeter – humans.  The ultimate goal of social engineering is to gradually obtain the pieces of information.

23  The best way to stop social engineering is through training all the employees and instructing not to give out any piece of information.  Data Aggregation - Small and seemingly “unimportant” information may be combined with other pieces of information to potentially divulge sensitive information.

24

25  Environmental issues deals with the general operating conditions, within which an organization operates.  Environmental issues include items like heating, ventilation, air conditioning, electrical power and the “natural forces”.  Environmental factors are used to maintain the comfort of an office environment.

26  In case of electric power outage, UPS can be critical.  If natural disasters are common, having a complete backup plan is must.  In some cases, a separate off-site location can also me used.

27  Fire is one of the most common reasons for the loss of data in an organization.  Common ways of fighting the fire are: ◦ Water bases fire suppression systems ◦ Chemical based fire suppression systems ◦ Handheld fire suppression systems ◦ Fire detection systems

28  Very commonly used systems.  Can have adverse effects of computer and electrical systems.

29  Clean Agent Fire Suppression Systems. ◦ Uses CO 2 ◦ Safe for general usage  Halon Bases Fire Suppression System ◦ Not used anymore ◦ Very dangerous on human health

30 Class of FireType of FireExample of Combustible Material Examples of Suppression Methods A Common Combustibles Wood, Paper, ClothWater and dry chemicals B Combustible LiquidsPetroleum ProductsCO 2 or dry chemicals C ElectricalElectrical Wiring and equipments CO 2 or dry chemicals D Flammable MetalsMagnesium, TitaniumCopper metal or sodium chloride

31  Fire detection devices are of several types ◦ Smoke Activated ◦ Temperature Activated ◦ Flame Activated

32  Wireless environment provides portability.  Wireless networks are prone to security threats, if not properly secured.

Download ppt "Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues."

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Emergency Action Plans

Emergency Action Plans
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
The three essential ingredient for creating a fire are HEAT, AIR AND FUEL Fire triangle.

The three essential ingredient for creating a fire are HEAT, AIR AND FUEL Fire triangle.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Copyright © Center for Systems Security and Information Assurance Lesson Seven Physical Security.

Copyright © Center for Systems Security and Information Assurance Lesson Seven Physical Security.
General Security Principles and Practices Chapter 3.

General Security Principles and Practices Chapter 3.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Information Security Principles and Practices

Information Security Principles and Practices
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
Chapter 7: Assuring Safety and Security in Healthcare Institutions

Chapter 7: Assuring Safety and Security in Healthcare Institutions
Physical Security Chapter 9.

Physical Security Chapter 9.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Network security policy: best practices

Network security policy: best practices

Similar presentations

Ads by Google