Presentation is loading. Please wait.

Presentation is loading. Please wait.

Note1 (Admi1) Overview of administering security.

Published byMarcia Dawson Modified over 8 years ago

Similar presentations

Presentation on theme: "Note1 (Admi1) Overview of administering security."— Presentation transcript:

1 Note1 (Admi1) Overview of administering security

2 Overview of Administering Security 2 Outline Issues in administering security Security planning & policy Risk analysis Auditing Disaster recovery Management of resources and systems Management of Network security

3 Overview of Administering Security 3 Issues in administering security Security planning & Policy Risk analysis Auditing Disaster recovery Management of resources and systems Management of Network security

4 Overview of Administering Security 4 Security Planning A security plan is a document that describes how an organization will address its security needs. When the organization’s security needs change, its security plan needs to be periodically reviewed and updated.

5 Overview of Administering Security 5 Security Planning - Issues What the plan should contain?  content Who should write the plan?  the security planning team Support for the plan?  securing commitment to the plan Implementation of the plan?  methods, tools, resources, …

6 Overview of Administering Security 6 Security Planning - Issues What the plan should contain? –Security policy –Current security status –Requirements –Responsibility for implementation –Timetable –Reviews & updates

7 Overview of Administering Security 7 Security Planning - Issues Members of the security planning team –CIO (chief information officer) –Hardware support personnel –Systems programmers –Application programmers –Data entry personnel –Physical security personnel –Representative users

8 Overview of Administering Security 8 Security Planning - Issues Securing support for the plan 1.The plan needs to be accepted by the users and the involved personnel. –User education and publicity are needed to increase the users’ understanding of security. –Training of personnel is needed for implementing the plan. 2.The plan must be carried out. –Management commitment –Managers are concerned with ROI, vulnerability, risks, laws, etc. –Surveys and outside experts may be needed to persuade the managers to commit.

9 Overview of Administering Security 9 Security Planning - Issues Implementation of the plan –Policy versus mechanisms –A policy defines what are or are not allowed. –A policy is enforced by various mechanisms (tools, methods, procedures, etc.).

10 Overview of Administering Security 10 Risk analysis The first step in security planning is risk analysis. A process to determine the exposures and their potential harm The result of the risk analysis is important in securing management commitment to the security plan. It justifies expenditures for security.

11 Overview of Administering Security 11 Risk analysis Three steps: 1. A list of all exposures of a computing system and the expected cost of the loss 2. For each exposure, possible controls and their costs 3. A cost-benefit analysis –Does it cost less to implement a control or to accept the expected cost of the loss?

12 Overview of Administering Security 12 Auditing Administrators should use audit facilities provided in the systems or 3 rd party auditing tools to automate the audit analysis process. Auditing tools provide snapshots of a system’s status. Anomalies in the audit logs indicate potential attacks or problems.

13 Overview of Administering Security 13 Auditing Automated tools should be used to detect inconsistencies in the audit logs  Intrusion Detection Systems (IDS) The audit logs should be protected, by being sent to separate machines or written immediately to a printer.

14 Overview of Administering Security 14 Disaster recovery When attacks and/or problems cannot be prevented, how to recover from the damage and loss should be planned in advance. A contingency plan An incident response plan and team User awareness User notification mechanisms

15 Overview of Administering Security 15 Types of Disasters Natural disasters flood, falling water, fire, extreme temperature change, … Power loss Human vandals Unauthorized access and use Viruses, worms

16 Overview of Administering Security 16 Management of resources and systems Acceptable use Accounts, passwords Files and devices Access controls Network security –Perimeter protection –Connectivity –Remote access –Securing the hosts backups

17 Overview of Administering Security 17 Management of Network security Perimeter protection –Firewalls, routers, wireless access points Connectivity –The Internet –Local backbone –A map of physical connections Remote access –VPN for telecommuters ? –telnet, ftp, rlogin ? Securing the hosts in the network Insiders’ attacks vs attacks from outside

18 Overview of Administering Security 18 Summary Administering the security of an organization’s computer systems involve many issues. An up-to-date security plan is a must. Support for the plan is necessary. A disaster response/recovery plan is important. Periodic review and update is needed.

Download ppt "Note1 (Admi1) Overview of administering security."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Separate Domains of IT Infrastructure

Separate Domains of IT Infrastructure
Security Controls – What Works

Security Controls – What Works
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Network security Process in which digital information are protected.

Network security Process in which digital information are protected.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Similar presentations

Ads by Google