Presentation is loading. Please wait.

Presentation is loading. Please wait.

Charles Greene, CISSP, GSLC. Senior Information Security Architect I&AM Team Lead, DR Team Lead Virginia Commonwealth University Bachelor's Degree in.

Published byChristian Haynes Modified over 8 years ago

Similar presentations

Presentation on theme: "Charles Greene, CISSP, GSLC. Senior Information Security Architect I&AM Team Lead, DR Team Lead Virginia Commonwealth University Bachelor's Degree in."— Presentation transcript:

1 Charles Greene, CISSP, GSLC

2 Senior Information Security Architect I&AM Team Lead, DR Team Lead Virginia Commonwealth University Bachelor's Degree in Information Systems from Virginia Commonwealth University University of Richmond Master's Degree in Disaster Sciences from the University of Richmond CISSP, GIAC Security Leadership Certification SANS Mentor - MGT-512 Security Leadership Essentials and MGT-432 Information Security for Business Managers SANS Mentor - MGT-512 Security Leadership Essentials and MGT-432 Information Security for Business Managers GIAC Advisory Board

3 How many of your organizations perform annual Disaster Recovery Tests? Information Security How many of you are Information Security Professionals? active part How many Information Security Professionals play an active part in Disaster Recovery Tests? Why? Why Not?

4

5  Disaster Recovery Test Scenario  DR Test Security Vector Identification  Other Considerations Open and Interactive Dialogue Thoughts About DR Testing Ultimate Goal of Enhancing DR Test Plans

6 DR ASSIGNMENT  Operations  System Architects  Management  Security  DR Lead – RTO/RPO  Sys Admin – RECOVERY  Sec Admin - Security DR RESPONSIBILITIES In this scenario, the DR tasks were assigned to Systems/Network Management. The DR teams were comprised of Systems and Network Administrators and the Security Administrators had no role in DR planning or exercises.

7 What Happened? Planning  Focus on Recovery  Developed and Reviewed by Systems Administrators  Test Planning for RTO/RPO

8 What Happened? Test Execution  Going as Planned  Ah Ha Moment  Vendor Response

9 What Happened? Mitigation  Security Realization  Identify DR Vectors of Attack  Plan Updates

10  Local Switch Infrastructure

11  Who controls the switch configurations?  Can you verify the configs?  Who has physical access to the switches?

12  Firewall Configurations  When is the FW recovered?  What does it protect?  Is it complete?

13  System Administrator Devices  Is there corporate data on the laptop?  Will this device connect to the DR network?  Create a Device Use Policy

14  VPN Access  Does it bypass the Firewall?  Identity and Access Management?

15  Server Configurations  Timing of the build process might create opportunities  Use a protected build DMZ to lessen the risk

16  Recovering Live Data  Incident Handling at DR location  Logging?

17  Goals for DR Testing  Experience  Plan Verification

18

19 Chip Greene, CISSP, GSLC Senior Information Security Architect SANS Mentor (MGT-512, MGT-432) cgreene2@richmond.edu cgreene2@mcvh-vcu.edu

Download ppt "Charles Greene, CISSP, GSLC. Senior Information Security Architect I&AM Team Lead, DR Team Lead Virginia Commonwealth University Bachelor's Degree in."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Certification

Security Certification
AgVantage IT Services Systems Management Team Partnered with You and IBM® Agenda Disaster Recovery Service Disaster Recovery Service IT Visors IT Visors.

AgVantage IT Services Systems Management Team Partnered with You and IBM® Agenda Disaster Recovery Service Disaster Recovery Service IT Visors IT Visors.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.

SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
The Top Ten of Security. Ten best practices for securing your network. Ten best security web sites. Eight certifications.

The Top Ten of Security. Ten best practices for securing your network. Ten best security web sites. Eight certifications.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Future Jobs Denton MacDonald. Possible careers Architect Plan and design buildings and other structures Information Security Analyst Help ensure the security.

Future Jobs Denton MacDonald. Possible careers Architect Plan and design buildings and other structures Information Security Analyst Help ensure the security.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
SANS Technology Institute - Candidate for Master of Science Degree Establishing a Security Metrics Program Tiger Team Final Report Chris Cain & Erik Couture.

SANS Technology Institute - Candidate for Master of Science Degree Establishing a Security Metrics Program Tiger Team Final Report Chris Cain & Erik Couture.

Similar presentations

Ads by Google