Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Published bySamantha Maxwell Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 2 Information Security Overview The Executive Guide to Information Security manual."— Presentation transcript:

1 Chapter 2 Information Security Overview The Executive Guide to Information Security manual

2 Introduction Infor Security Programs requires solutions from: People Process Technology People administers security programs & processes to ensure info are protected Using Technology, Layered Security (defense in depth) can be develop to protect information assets.

3 Overview Information Security Principles & components of Info Sec program for Enterprises Review of major security technologies & best practices Foundation for more in-depth security review in subsequent classes. Information Security Principles & components of Info Sec program for Enterprises Review of major security technologies & best practices Foundation for more in-depth security review in subsequent classes.

4 3 Major components of Info. Sec. Program People play a critical role in Information Security. Processes provides guidelines for securing information assets Technology enables security programs to be executed. What is the weakest link in Info Sec.?

5 People Having the right people in Key positions is paramount to a successful Security Program. WHY??? Skills Change management SOD Many other reasons

6 Process Provides a framework/standards for People to execute security operations What are some of the processes? – Policies – Procedures – Guidelines – Work Aids – Training – Risks & Security Assessments Access on the Principle of Lease Privilege (Need-to-Know) – Others Process serves as the “glue” bwt PEOPLE & TECH to ensure Security Programs are operating effectively

7 The most vast and complicated component of the Security Program. Why is Technology the most complicated components? Variety of products currently in market Products don’t all work in sync together Need special knowledge to run different security applications. Constant upgrades/maintenance to ensure product operates in an optimal manner

8 Defense – in – Depth Layer security for – Gateway – entryway btw 1 part of the environment to another (internet to network) – Server – PCs that performs shared functions (ERP, SAP, PeopleSoft) – Client – desktops, laptops, PDAs, others that employees used daily 4 Major zones for defense 1.External (internet) 2.Extranet 3.Intranet 4.Missions Critical systems

9 Example of Layering Security

10 Today’s Security Technology Authentication, Authorization & Accounting (AAA) Firewalls/Virtual Private Network (VPN) Anti-Virus software Intrusion Detection/Intrusion Prevention (IDS/IPS) Content filtering Encryption

11 Authentication, Authorization & Accounting (AAA) What are some examples of Security tools? Access Control List (ACL) RSA tokens Smart cards Biometric What is a 2 factor authentication? Something you know Something you have

12 Privilege Access What is privilege access? – Admin, Super user, sys admin, utility, etc. How should privilege access be controlled? – Limit access, daily/wkly/monthly monitoring, mandatory access change control, etc. What is Single Sign on (SSO) & how should this be controlled? – Access on the concept of Lease privilege – Monitor & timely removal of access when not in use for 30 days. – Periodic password change

13 Firewalls What is a firewall? – Filters electronic traffics to allow only certain types of information to flow to the CO’s network What are the 3 type of firewalls? – Packet Filtering – reviews the header/address – Statefull Inspection- verify the inbound packet matches the outbound request (identifies legitimacy of source ie addresses on a letter) – Proxy firewall-read & rewrite ea. packet to only allow valid messages to pass to the network. More secure at a slower speed.

14 Virtual Private Networks (VPN) What is VPN? – Tool that enables secure connection the network when using public network (internet) – Use encryption to protect data (tunnel) – Uses hardware & software combo to secure access

15 Anti-Virus Software Why should you install updated anti-virus? – Prevent pc infection from virus, worms, Trojan horse, malware in general – Virus vs Worms- what is the difference? Signature vs Heuristic virus – Signature relays on know pattern – Heuristic looks for pattern of potential virus (lots of false positives)

16 Vulnerability Management Network based & Host based – Network base identify know vulnerabilities on the network – Host based scan physical devices ( servers) Patch management Intrusion Detection System (IDS) Intrusion Prevention System (IPS) Content Filtering Encryption (symmetric & asymetric)

17 Summary Key Points Effective info sec program use a combination of People, Process & Technology People are the weakest link, therefore, it is the most important aspect of the program Process is the gel that binds People & Technology to effectively protect information assets Technology can be use to layer security for Defense –in-Depth approach to protect information asset.

18

19

Download ppt "Chapter 2 Information Security Overview The Executive Guide to Information Security manual."

Similar presentations

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.

Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.
Chapter 12 Network Security.

Chapter 12 Network Security.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Similar presentations

Ads by Google