Chapter 8 – Administering Security  Security Planning  Risk Analysis  Security Policies  Physical Security.

Slides:

Advertisements

Similar presentations

Module N° 4 – ICAO SSP framework

Advertisements

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Security and Personnel

Chapter 8 – Administering Security

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

Information Security Policies and Standards

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

By: Ashwin Vignesh Madhu

Computer Security: Principles and Practice

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

1 Module 4: Designing Performance Indicators for Environmental Compliance and Enforcement Programs.

Information Systems Security Computer System Life Cycle Security.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,

IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Roles and Responsibilities

United States Department of Agriculture Food Safety and Inspection Service February William C. Smith Assistant Administrator Office of Program.

Bowel Screening Project Overview Rhys Blake Head of Business and Service Development.

Unit 6 Personnel Roles and Responsibilities & Safety Program Development and Management Chapter 9 and 10.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Engineering Essential Characteristics Security Engineering Process Overview.

Audit Planning Process

Note1 (Admi1) Overview of administering security.

Risk Assessment: Key to a successful risk management program Sixteenth National HIPAA Summit Timothy H Rearick, MBA, PMP August 22, 2008.

Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.

DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

SecSDLC Chapter 2.

Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.

About District Accreditation Mrs. Sanchez & Mrs. Bethell Rickards Middle School

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Prepared By: Razif Razali 1 TMK 264: COMPUTER SECURITY CHAPTER SIX : ADMINISTERING SECURITY.

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.

WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.

Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University

Exercising, Maintaining and Reviewing BCM Arrangements ERMAN TASKIN

Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

HARARE INSTITUTE OF TECHNOLOGY HIT is Zimbabwe’s most energetic and responsive institute offering unparalleled educational opportunities for those seeking.

Information Security tools for records managers Frank Rankin.

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part II.

Chapter 3 “A Case Study of Effectively Implemented Information Systems Security Policy[1]” John Doran, CST554, Spring 2008.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

PROJECT CYCLE MANAGEMENT Reporting. Management Management Unit Establish policy and strategy Steer project direction Minimize risks & fill gaps Coordinate.

Building an Effective Paperless Records Management Governance Structure BADM 559 Enterprise IT Governance Professor Michael Shaw By Moh’d A. Obeidat 12/15/2008.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)

TCSEC: The Orange Book.

Chapter 8 – Administering Security

Service Owner: Andrea Beesing 9 February 2016

CMGT 431 STUDY Education for Service- -cmgt431study.com.

County HIPAA Review All Rights Reserved 2002.

IS4550 Security Policies and Implementation

PLANNING A SECURE BASELINE INSTALLATION

{Project Name} Organizational Chart, Roles and Responsibilities

Presentation transcript:

Chapter 8 – Administering Security  Security Planning  Risk Analysis  Security Policies  Physical Security

Security Planning  Policy  Current state – risk analysis  Requirements  Recommended controls  Accountability  Timetable  Continuing attention

Security Planning - Policy  Who should be allowed access?  To what system and organizational resources should access be allowed?  What types of access should each user be allowed for each resource?

Security Planning - Policy  What are the organization’s goals on security?  Where does the responsibility for security lie?  What is the organization’s commitment to security?

OCTAVE Methodology  Identify enterprise knowledge.  Identify operational area knowledge.  Identify staff knowledge.  Establish security requirements.  Map high-priority information assests to information infrastructure.  Perform an infrastructure vulnerability evaluation.  Conduct a multidimensional risk analysis.  Develop a protection strategy.

Security Planning – Requirements of the TCSEC  Security Policy – must be an explicit and well- defined security policy enforced by the system.  Every subject must be uniquely and convincingly identified.  Every object must be associated with a label that indicates its security level.  The system must maintain complete, secure records of actions that affect security.  The computing system must contain mechanisms that enforce security.  The mechanisms that implement security must be protected against unauthorized change.

Security Planning Team Members  Computer hardware group  System administrators  Systems programmers  Application programmers  Data entry personnel  Physical security personnel  Representative users

Security Planning  Assuring Commitment to a Security Plan  Business Continuity Plans Assess Business ImpactAssess Business Impact Develop StrategyDevelop Strategy Develop PlanDevelop Plan  Incident Response Plans Advance PlanningAdvance Planning Response TeamResponse Team After the Incident is ResolvedAfter the Incident is Resolved