Presentation is loading. Please wait.

Presentation is loading. Please wait.

Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

Published byDavid Lane Modified over 8 years ago

Similar presentations

Presentation on theme: "Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only."— Presentation transcript:

1 Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

2 Protect {Company}, U.S. Government Sponsor, industry, and partner information from unauthorized disclosure Protect computer systems and networks from unauthorized access/compromise Maintain confidentiality, integrity and availability of information and systems Provide clear and concise direction to personnel regarding proper methods of protecting information and information systems Culpability for cyber security incidents now a key component of security clearance determination Information Systems Security Why do we need IT security procedures?

3 Malware/Spyware Incidents ‒Most entry points are from users unknowingly surfing compromised web sites Improper use of IT systems ‒Connecting personal media (i.e., thumb drives, cameras, cell phones, etc.) ‒Viewing/Creating Pornography ‒Visiting inappropriate web sites ‒Downloading/installing prohibited software Information Systems Security Common IT Security Incidents

4 Information Systems Security Acceptable Use of Information Systems {Company} systems are for official use in support of its mission ‒“ Occasional and limited” personal use is acceptable ‒All electronic information and communications are subject to monitoring ‒“No expectation of privacy” Personnel must – Access “authorized” systems only – Process {Company} data on {Company} systems only – Connect {Company} devices/media to {Company} systems only No connecting personal iPods, media players, cameras, disk drives or USB drives

5 Data Preservation ‒Intentional alteration or destruction of data, systems, or media is prohibited ‒System maintenance or upgrades acceptable ‒Anti-forensics software not authorized ‒Encryption keys must be made available Ethical and Professional Conduct ‒Offensive, harassing, obscene, or threatening communications ‒Violation of copyright laws ‒Visiting inappropriate Websites ‒Commercial or promotional activities prohibited ‒All software must be professional in nature and support {Company} business needs Violations will result in management review and possible disciplinary action to include termination Information Systems Security Acceptable Use of Information Systems

6 Information Systems Security Protecting Networks and Information Systems Access to {Company} networks and systems require a background investigation Direct dial-in to networked systems is not authorized (e.g., connecting a modem to your desktop) All users must Lock/Log out of system before leaving systems unattended Keep antivirus software current All external communications must go through the {Company} firewall Network bridging is prohibited ‒Network bridging can occur when a user has accessed the {Company} using one computer while still connected to another  Two network cards in use on a single machine (i.e. connections to the Local Area Network (LAN) and the External Network simultaneously)  Connecting to a wireless network while connected to the LAN via a wired connection  Using software products that enable remote access to/from {Company} computer systems and the Internet

7 Information Systems Security Classified Information Systems Classified information systems (IS) must be certified and accredited through the Security Department before use – Systems must be labeled with the highest classification level that can be processed on them All users of a classified IS must know: ‒The programs (contracts) authorized for processing ‒The highest level of classified information which can be processed ‒Users must protect their passwords for the systems at the same level as the system it is used for ‒Hard copy and media handling and marking procedures ‒The required notifications to be made prior to any hardware, software, location, or security-relevant configuration changes No classified processing on unclassified systems Timing is a critical factor if suspected or actual classified contamination occurs ‒Immediate reporting limits further distribution and costs

8 Remote access to classified systems is prohibited unless documented and approved Remote access to unclassified systems requirements (Tailor to your facility policy) ‒Department of Defense (DoD) Security clearance ‒{Company}-owned equipment only ‒Two-factor authentication ‒One-time passwords ‒Virtual Private Network ‒Personal Firewall Solution Information Systems Security Remote Access to Networks and Information Systems

9 Information Systems Security Disposition of Computers Decommissioned or unused equipment must be returned to Security Department to – Ensure system hard drives are Overwritten Degaussed Destroyed – Ensure no media is left in the systems

10 Information Systems Security Wireless Technology Wireless devices are prohibited in all areas processing classified data and must be disabled during classified discussions, briefings and presentations No wireless device usage within 10 ft “3-meters” of Secure Areas Any wireless device accessing {Company} networks or processing its information must be {Company}-owned Bluetooth may not be used at any time while at the facility ‒Exceptions: mice or pointers used to advance slides Personal cell phones are permitted in the unclassified areas of the facility with specified restrictions The introduction of wireless devices by external personnel and visitors is restricted Users should exercise professional behavior when using authorized wireless devices

11 Embedded cameras ‒Can be carried by employees and “cleared” visitors ‒Prohibited for Foreign Nationals ‒Camera functionality cannot be used on {Company} property Standalone cameras ‒{Company}-owned only ‒DoD Clearance required Personally owned ‒Prohibited from {Company} facilities Camera use within the {Company} is audited periodically by the Security Department Information Systems Security Camera Uses and Restrictions

Download ppt "Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only."

Similar presentations

Rockingham County Public Schools Technology Acceptable Use Policy

Rockingham County Public Schools Technology Acceptable Use Policy
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Hart District Acceptable Use Policy Acceptable Use Policy.

Hart District Acceptable Use Policy Acceptable Use Policy.
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.

AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.
Acceptable Use Policy (or Fair Use): For Users of Computers and other technology.

Acceptable Use Policy (or Fair Use): For Users of Computers and other technology.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.

Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.
Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.

Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.
Boyertown Area School District Acceptable Use Policy.

Boyertown Area School District Acceptable Use Policy.
Security Controls – What Works

Security Controls – What Works
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.

Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.
Information Systems Security Officer

Information Systems Security Officer
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Security Policies Group 1 - Week 8 policy for use of technology.

Security Policies Group 1 - Week 8 policy for use of technology.

Similar presentations

Ads by Google