Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISS e G Integrated Site Security for.

Published byAvis McCoy Modified over 8 years ago

Similar presentations

Presentation on theme: "1 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISS e G Integrated Site Security for."— Presentation transcript:

1 1 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISS e G Integrated Site Security for Grids EU-FP6 Project 026745 ISSeG Training Session: Improving Site Security David Jackson, STFC CHEP 07, Victoria BC, 4 September 2007

2 2 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Time table  Welcome!  How to sell security – and get resources for it!  Risk assessments  16:00 - 16:30 Coffee break  Recommendations  Feedback & questions

3 3 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Welcome

4 4 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Welcome  We are improving the slides and would like your feedback.  Feedback form  Attendance form  Questions

5 5 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745  Welcome!  How to sell security – and get resources for it!  Risk assessments  16:00 - 16:30 Coffee break  Recommendations  Feedback & questions Session 1

6 6 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Session 1 How to sell security – and get resources for it  …..what,…..who,…..why, ……how

7 7 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Session 1 How to sell security – working with managers (1 of 2)  We want resources (staff time and money)  We need support  Managers want reassurance  Managers see security as a necessary evil  Management case for site security (V6) Management case for site security

8 8 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Updating management case  The example presentation needs to be adapted and updated for your site.  Try to sell the positive – do not scare everyone  Keep the presentation non technical  Do not underestimate your audience (they may not know how to configure a firewall in detail, but they do understand risk and politics)  Do not underestimate the value of telling someone something that they already know  Simple messages – repeated, repeated, repeated (Guidance notes are being developed.)

9 9 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 For Management 2 How to sell security – working with managers (2 of 2) The Joint Security Policy Group (JSPG) is an international group that coordinates policy development between Grid environments. http://cern.ch/proj-lcg-security Do not assume that senior site managers know what the JSPG is and what it does. They need to see this as an advantage and not a threat.

10 10 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 For Management 2  Joint Security Policy Group - Membership The JSPG contains representatives from the following Grid infrastructures: NDGF

11 11 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 For Management 2  Joint Security Policy Group - Mandate The JSPG mandate is to advise and make recommendations on matters relating to security. It has produced a number of policies: as well as processes, agreements and guidance.

12 12 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 For Management 2

13 13 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 For Management 2  Joint Security Policy Group – relevance to sites  Sites do not need to re-invent existing local policies  Often you will be bound by the JSPG policies by virtue of being part of a Grid infrastructure  Sites need to review existing local polices to identify if there are any major differences between local and JSPG polices.

14 14 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745  How to sell security – working with general users  Security is not a product - despite what product vendors tell you. General users Effective security can only be achieved when well trained people use well designed processes.

15 15 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 General users  Why should general users care about security? Appropriate technology should support your users. Without their support, all your technical measures may be rendered useless. A key activity is training and awareness. never underestimate users…

16 16 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 General users  Remember, when you have the support of management:  People are an essential part of any security solution.  They are also a large source of potential vulnerabilities.  Effective security requires well trained people using well trained processes that are supported by the appropriate technology, so USER TRAINING

17 17 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 General users  General advice / material for users:  Computer security advice for users (V4) Computer security advice for users Example presentation material. Local site updates:  The contact details for your “IT Support team”  To reflect your local password policy.  Local practice

18 18 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 System Administrators  How to sell security – working with Sys. Admins.  Checklist for system administrators (V4) Checklist for system administrators Details of the ISSeG recommendations will be given in session 3.

19 19 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Developers  How to sell security – working with developers  Checklist for developers (V1) Checklist for developers Details of the ISSeG recommendations will be given in session 3.

20 20 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Summary: Session 1 How to sell security – and get resources for it  Why ‘sell security’?  Effective security needs resources. It can require some cultural changes within a site. Without senior management support, you will fail.  Security is not often seen as attractive to senior management but rather as something they do not like but know must exist (a necessary evil).  Educate your users so they know what to do.

21 21 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745  Welcome!  How to sell security – and get resources for it!  Risk assessments  16:00 - 16:30 Coffee break  Recommendations  Feedback & questions Session 2

22 22 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Session 2 Security is not a “thing” you do, it is more a process of gradual improvement. You need some way of working out where to start and measure progress. A risk assessment process can help, so  What are they and why bother?  Establish a common understanding of risk  ISSeG risk assessment questionnaire

23 23 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Session 2 Risk assessments – What are they and why bother? All organizations contain assets that they wish to protect from harm. The harm may be the result of an accidental or deliberate act by an individual or the result of some external event, e.g. Accidental - A user deletes all their data files Deliberate - An external attacker tries to access finance information External event - Flooding of a data centre or loss of power

24 24 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Session 2 Risk assessments – What are they and why bother? The senior managers within organizations are often required to establish a process to manage risks within the organization as part of a corporate governance strategy. Often a risk assessment process is established to support this understanding of risk so that it can: Identify the risks and assets Analyse the existing security controls Implement any identified and resourced improvement plan Monitor the existing controls to see that they are effective

25 25 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Session 2  Common understanding of “risk” and how to understand some of the many confusing terms.  What is a “risk”? (V5) What is a “risk”? Example presentation to help set a common understanding of risk for both the “management” and “technical” people. Should help to understand advice from external sources such as auditors, security experts and web sites.

26 26 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISSeG questionnaire ISSeG risk assessment questionnaire Based on practical experience at a number of Grid sites, the ISSeG project have developed a risk assessment questionnaire that can help you assess the security of your site.

27 27 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISSeG questionnaire

28 28 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISSeG – Top 12 threats

29 29 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISSeG questionnaire ISSeG risk assessment questionnaire  This can help you start the risk assessment process and identify what assets you have and some of the risks.  You still need to develop the rest of the risk assessment and management processes for your site.  Based on ISO/IEC 17799:2005 standard (e.g. the long list of technical controls)

30 30 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Summary: Session 2 Risk assessments help you  Establish a common understanding of risk across the organisation  Identify and prioritise what security controls need to be implemented first The risk assessments process should be repeated regularly to maintain the effectiveness of your security controls.

31 31 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745  Welcome!  How to sell security – and get resources for it!  Risk assessments  16:00 - 16:30 Coffee break  Recommendations  Feedback & questions Coffee break

32 32 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745  Welcome!  How to sell security – and get resources for it!  Risk assessments  16:00 - 16:30 Coffee break  Recommendations  Feedback & questions Session 3

33 33 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Session 3 The ISSeG project has identified 69 potential recommendations for sites so far. We will  Discuss where to find the recommendations  How they were developed (in brief!)  Look at some examples in detail  Recommendations and training are linked.

34 34 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 www.isseg.eu Where to find the recommendations Based on practical experience, the ISSeG project has identified 69 potential recommendations for sites, each with implementation details. For example:  R1.2: Centrally manage patches and system configurations  Linux based method  Windows based method Visit www.isseg.eu to see the full list as it develops.www.isseg.eu

35 35 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 www.isseg.eu

36 36 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 www.isseg.eu

37 37 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 www.isseg.eu

38 38 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 www.isseg.eu

39 39 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 www.isseg.eu

40 40 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 www.isseg.eu Extracted from D3.1 and the web site S1: Broaden the use of centralised management  R1.1: Centrally manage accounts  R1.2: Centrally manage patches and system configurations  R1.3: Centrally manage Internet Services S2: Integrate identity and resource management  R2.1: Provide integrated identity management  R2.2: Ensure resources link to the people in charge of them  R2.3: Define responsibilities using roles and groups Long list ….. How were these developed?

41 41 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Development of recommendations

42 42 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Development of recommendations Scope of CERN site single discipline single administrative body sensitive industrial equipment Scope of FZK site: multi-disciplinary multiple administrative bodies commercial companies Resources

43 43 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Development of recommendations STFC Incidents virus infection web site defacement lost/stolen password compromised Server Threats

44 44 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Development of recommendations

45 45 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Development of recommendations S1: Broaden the use of centralised management  R1.1: Centrally manage accounts  R1.2: Centrally manage patches and system configurations  R1.3: Centrally manage Internet Services S2: Integrate identity and resource management  R2.1: Provide integrated identity management  R2.2: Ensure resources link to the people in charge of them  R2.3: Define responsibilities using roles and groups S3: Manage your network connectivity  R3.1: Restrict Intranet access to authorised devices  R3.2: Restrict Internet access to authorised connections  R3.3: Segregate networks dedicated to sensitive devices  R3.4: Expand the use of application gateways

46 46 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Development of recommendations S4: Use security mechanisms and tools  R4.1: Strengthen authentication and authorisation  R4.2: Increase the use of vulnerability assessment tools  R4.3: Adapt incident detection to meet evolving trends  R4.4: Strengthen and promote network monitoring tools  R4.5: Enhance span filter tools and mailing security  R4.6: Extend policy enforcement S5: Strengthen administrative procedures and training  R5.1: Adapt training to requirements of users, developers and system administrators  R5.2:Integrate security training and best practice into organisational structures  R5.3:Maintain administrative procedures in step with evolving security needs  R5.4: Extend policy regulations  R5.5: Regulate the use and coexistence of legacy Operating Systems

47 47 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Development of recommendations ISSeG risk assessment questionnaire As the questionnaire has been developed, we have identified additional recommendations.

48 48 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Development of recommendations  R51: Create an information security policy  R52: Review your information security policy  R53: Allocate information security responsibilities  R54: Establish confidentiality agreements  R55: Maintain contacts with special interest groups  R56: Maintain an inventory of assets  R57: Establish ownership of assets  R58: Define acceptable use for assets  R59: Establish information classification guidelines  R60: Develop information labeling and handling procedures  R61: Define terms and conditions of employment  R62: Encourage information security awareness, education and training  R63: Ensure access rights are up to date  R64: Establish a physical security perimeter  R65: Implement physical entry controls  R66: Provide physical protection and guidelines for working in secure areas  R67: Protect equipment from disruptions in supporting facilities  R68: Assure secure disposal or reuse of equipment  R69: Document your operating procedures  R70: Manage changes to information processing facilities and systems  R71: Separate you development, test, and operational facilities  R72: Implement capacity management  R73: Install and regularly update malicious code detection and repair software  R74: Manage the execution of mobile code  R75: Establish backup and restoration procedures  R76: Implement intrusion detection and prevention mechanisms  R77: Control access to your network  R78: Use cryptographic techniques for information confidentiality and integrity  R79: Establish agreements for exchange of information and software with external parties  R80: Enhance the security of your e-mail communications  R81: Protect the integrity of publicly available information  R82: Enable audit logging of user activities, exceptions and security events  R83: Establish procedures for monitoring system use and reviewing results  R84: Ensure protection of log information  R85: Establish an access control policy based on security requirements  R86: Establish a formal procedure to control the allocation of access rights  R87: Restrict and control the allocation of privileges  R88: Implement a formal management process for password allocation  R89: Enforce good practices in the selection and use of passwords  R90: Ensure that unattended equipment is appropriately protected  R91: Prevent unauthorized access to network services  R92: Implement strong authentication for external connections  R93: Adopt appropriate security measures for mobile computing  R94: Implement appropriate policy, procedures, and guidelines for teleworking  R95: Establish training and guidelines for secure programming  R96: Establish a formal application integration/qualification process  R97: Implement an automated patch managementS5: Strengthen administrative procedures and training (cont.)

49 49 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Example recommendations  Common structure:  What  Why  How  Links

50 50 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Example recommendations  Restrict Internet access to authorized connections  Closing firewall access impacts used applications  Update mechanism is required  Segregate networks dedicated to sensitive devices  Requires careful analysis of requirements and impact  Expand the use of application gateways  Reduces spread of incidents  Useful for untrusted devices  Restrict Intranet access to authorized devices  802.1x functionality  A mapping to the device owner is recommended Finance network Controls networks Campus network

51 51 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Example recommendations  Common policy between Grid sites  The Joint Security Policy Group (JSPG) is an international group that coordinates policy development between Grid environments. This could have an impact on local site policy http://cern.ch/proj-lcg-security

52 52 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Example recommendations

53 53 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Example recommendations  General users  Computer users just want to get on and use the systems. Security needs to invisible.  They need to know why security is relevant to them. this is not good security…

54 54 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Example recommendations  Application developers  Check lists can be useful aids to secure software. Currently under development

55 55 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Example recommendations  System Administrators  Check lists can be useful aids

56 56 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 General users  General advice & material for users  Computer security advice for users (V4) Computer security advice for users

57 57 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 System Administrators  General advice & material for Sys. Admins.  Checklist for system administrators (V4) Checklist for system administrators

58 58 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Developers  General advice & material for developers  Checklist for developers (V1) Checklist for developers Pilot material – See handout!

59 59 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Developers  General advice & material for managers

60 60 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Summary: Session 3

61 61 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745  Welcome!  How to sell security – and get resources for it!  Risk assessments  16:00 - 16:30 Coffee break  Recommendations  Feedback & questions Session 4

62 62 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Session 4 Feedback and questions  We would like to improve the training materials based on your feedback, comments and questions  Please complete the attendance form  Please return your completed feedback forms Thank you for your time and attendance!

63 63 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Whales

64 64 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 Whales

Download ppt "1 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISS e G Integrated Site Security for."

Similar presentations

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Integrated Site Security.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Integrated Site Security.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google