Developing a Network Security Policy By: Chris Catalano.

Slides:

Advertisements

Similar presentations

/0403 © 2004 Business & Legal Reports, Inc. BLRs Training Presentations Privacy Issues in the Workplace.

Advertisements

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Security+ Guide to Network Security Fundamentals

Introducing Computer and Network Security

Computer Security: Principles and Practice

Computer Security Fundamentals

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Stephen S. Yau CSE , Fall Security Strategies.

Network security policy: best practices

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

SEC835 Database and Web application security Information Security Architecture.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

Cryptography and Network Security

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Auditing Information Systems (AIS)

Monitoring Employees on Networks: Unethical or Good Business?

Information Assurance Policy Tim Shimeall

Information Systems Security

Copyright 2014 Open Networking User Group. All Rights Reserved Confidential Not For Distribution Six Steps To A Common Open Networking Ecosystem Common.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Information Security Training for People who Supervise Computer Users.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

CONTROLLING INFORMATION SYSTEMS

Computer Security By Duncan Hall.

James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

CPT 123 Internet Skills Class Notes Internet Security Session B.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

1.  1. Introduction  2. Policy  3. Why Policy should be developed.  4. www policies 2.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Welcome to the ICT Department Unit 3_5 Security Policies.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Primary Steps for Achieving ISO Certification.

Database Security Carl J. Hoppe 20 November 2013.

Security Issues in Information Technology

CS457 Introduction to Information Security Systems

Blackboard Security System

Information Security Policy

Design for Security Pepper.

Network Security Analysis Name : Waleed Al-Rumaih ID :

Computer Security Fundamentals

Chapter 17 Risks, Security and Disaster Recovery

LAND RECORDS INFORMATION SYSTEMS DIVISION

Managing the IT Function

Security of a Local Area Network

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Cloud Testing Shilpi Chugh.

LM 8 Data Administration & Database Administration

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

IS4680 Security Auditing for Compliance

INFORMATION SYSTEMS SECURITY and CONTROL

How to Mitigate the Consequences What are the Countermeasures?

Business Ethics.

IS4680 Security Auditing for Compliance

Security week 1 Introductions Class website Syllabus review

Establishing a Security Program When None Exists

Basic Systems Management Employing Security Policies

Presentation transcript:

Developing a Network Security Policy By: Chris Catalano

Security Policy? Definition: – A security policy is a formal statement of the rules through which people are given access to an organization’s technology, system, and information assets. The Need for Security Policy:

Purpose The primary purpose of a security policy is to inform users and staff the requirements for protecting various assets Another purpose is to provide a baseline from which to acquire, configure, and audit computer systems.

Key Principles Ensure the confidentiality of the customer’s and your processed data, and prevent unauthorized disclosure or use. Ensure the integrity of data processing operations and protect them from unauthorized use.

Designing Your Policy

Things to Consider In the designing of a policy you need to figure out what you’re actually protecting All data should be considered confidential The cost of keeping things secure shouldn’t be greater than the data/objects value.

Who to Consider Depending on what you or your company does is going to determine who your threat is Design your security and policy around that threat Most corrupt activity involves someone inside the company or organization these people are classified as insiders Threat also could come from outsiders

Protecting Against Insiders Spread who has access throughout different people Layer the employees roles Monitor activity

The Outsiders Realizing what they’re after Protecting against Social Engineering

Digital Security Layered security Security requests Limiting access

Physical Security ID cards Personalized Access to rooms Security Cameras Centralized Data Centers

Acceptable Use Policy This tells the users what they can access on the internet What the can and can not do at work Can vary depending on the workplace

Backup and Recovery What is backed up and how frequent? Is it backed up onsite, offsite, or both? Managing the backups

Enforcing Your Policy Copies and documentation Followed strictly What are the punishments for not following the policy

Policy Management Revaluate your policy Ask the company for concerns regarding the current policy

Incident Response Plan This is crucial to the “What If” of a security policy This involves who gets called for what, who is authorized to shut things down, and who represents this for the company

Summary Every company or organization needs to have a network security policy. This keeps the company organized, focused, and ready for the worst case scenario. Key things to remember are people. Those people are the threat as well as the people with authority. Also you want to keep you policy flexible to strict of a policy it won’t be followed and not strict enough it won’t serve its purpose