Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.

Published byMercy Shavonne Little Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment."— Presentation transcript:

1

2 1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment  Operational execution  Enforcement

3 2 Figure 1-17: Security Management Comprehensive Security  Closing all avenues of attack  Asymmetrical warfare Attacker only has to find one opening  Defense in depth Attacker must get past several defenses to succeed  Security audits Run attacks against your own network

4 3 Figure 1-17: Security Management General Security Goals (CIA)  Confidentiality Attackers cannot read messages if they intercept them  Integrity If attackers change messages, this will be detected  Availability System is able to server users

5 4 Figure 1-18: The Plan—Protect— Respond Cycle Planning  Need for comprehensive security (no gaps)  Risk analysis (see Figure 1-19) Enumerating threats Threat severity = estimated cost of attack X probability of attack Value of protection = threat severity – cost of countermeasure Prioritize countermeasures by value of prioritization

6 5 Figure 1-19: Threat Severity Analysis StepThreat 1 2 3 4 5 Cost if attack succeeds Probability of occurrence Threat severity Countermeasure cost Value of protection Apply countermeasure? Priority 6 7 A $500,000 80% $400,000 $100,000 $300,000 Yes 1 B $10,000 20% $2,000 $3,000 ($1,000) No NA C $100,000 5% $5,000 $2,000 $3,000 Yes 2 D $10,000 70% $7,000 $20,000 ($13,000) No NA

7 6 Figure 1-18: The Plan—Protect— Respond Cycle Planning  Security policies drive subsequent specific actions (see Figure 1-20) Selecting technology Procedures to make technology effective The testing of technology and procedures

8 7 Figure 1-20: Policy-Driven Technology, Procedures, and Testing Policy Technology (Firewall, Hardened Webserver) Procedures (Configuration, Passwords, Etc.) ProtectionTesting (Test Security) Attempt to Connect to Unauthorized Webserver Only allow authorized personnel to use accounting webserver

9 8 Figure 1-18: The Plan—Protect— Respond Cycle Protecting  Installing protections: firewalls, IDSs, host hardening, etc.  Updating protections as the threat environment changes  Testing protections: security audits

10 9 Figure 1-18: The Plan—Protect— Respond Cycle Responding  Planning for response (Computer Emergency Response Team)  Incident detection and determination Procedures for reporting suspicious situations Determination that an attack really is occurring Description of the attack to guide subsequent actions

11 10 Figure 1-18: The Plan—Protect— Respond Cycle Responding  Containment Recovery Containment: stop the attack Repair the damage  Punishment Forensics Prosecution Employee Punishment  Fixing the vulnerability that allowed the attack

Download ppt "1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment."

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
22 November 2010. Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.

22 November Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.
Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis.

Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Introduction & Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Revised by Huei Lee.

Introduction & Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Revised by Huei Lee.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
An Introduction to Information Assurance COEN 150 Spring 2007.

An Introduction to Information Assurance COEN 150 Spring 2007.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Introduction to Network Defense

Introduction to Network Defense

Similar presentations

Ads by Google