Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Incident Response www.bestitdocuments.com. The goals How to achieve this Policies Standards Architecture People Process & Technology What can we really.

Published byTodd Simon Modified over 8 years ago

Similar presentations

Presentation on theme: "IT Incident Response www.bestitdocuments.com. The goals How to achieve this Policies Standards Architecture People Process & Technology What can we really."— Presentation transcript:

1 IT Incident Response www.bestitdocuments.com

2 The goals How to achieve this Policies Standards Architecture People Process & Technology What can we really do Management by in Standards Guidelines & Procedures System Safeguard Security & Internet architecture What we really need

3 The goals Policies Standards Management by in Security Policies sets the stage for standards, guidelines and procedures Define what behavior is not allowed Communicates consensus amongst governance stakeholders Facilitates the “Good neighborly” philosophy for networking What we really need

4 The goals Policies Standards Management by in Security Policies must be: Implementable and enforceable Concise and ambiguous Balance protection & productivity Security Policies should: State reasons why policy is needed Describe the coverage – who, what where and how Define contacts & responsibilities Define how violations will be handled What we really need

5 Policy Definitions  Program Policy Used to create IT security program Sometime referred to as departmental or company security policy  Issue-Specific Policy Addresses issues of concern (what-ever)  System-Specific Policy Focuses on decisions to protect a particular system Procedures, standards, Guidelines are used to describe how policies are implemented

6 Tools to implement policy  Operational Standard Specify uniform use of specific technologies organization wide ID badges  Guidelines Recognize that IT systems vary and that safeguards may be implemented in many ways  Procedures Detailed steps to be followed (set-up user accounts)  Strategies Broad direction on implementation  Directions Focused implementation Instructions

7 Enforceability  Policies In some jurisdictions, adherence to “policy” may be the only legal enforceable document Guidelines, standards, procedures should probably have a very specific tractability reference to policy – check with legal department

8 IP Service Categories Business process integration Security Coordination Education & Training Prevent Assess RespondDetect IRT Securit y Cycle

9 SysAdmi n NetAdmin Policy IPC Legal/Policy Technical Collaboration Incident Handling – Forensic Analysis Criminal Investigation Incident Handling (Technical) User Incident Activity Hostile Benign Illegal Enterprise Wide Collaboration on Incidents Operation Collaboration Incident Handling (Operational) Incident Response Options

Download ppt "IT Incident Response www.bestitdocuments.com. The goals How to achieve this Policies Standards Architecture People Process & Technology What can we really."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Security and Personnel

Security and Personnel
Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Information Security Policies and Standards

Information Security Policies and Standards
CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.

CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
IT Security Requirements

IT Security Requirements
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Database Administration

Database Administration
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Chapter 10 Managing the Delivery of Information Services.

Chapter 10 Managing the Delivery of Information Services.
Computer Security: Principles and Practice

Computer Security: Principles and Practice

Similar presentations

Ads by Google