Computer Security Fundamentals

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Computer Security Fundamentals by Chuck Easttom Chapter 3 Cyber Stalking, Fraud, and Abuse.
An Introduction to System Administration Chapter 1.
Security Controls – What Works
CSA 223 network and web security Chapter one
Information Security Policies and Standards
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Computer Security: Principles and Practice
Computer Security Fundamentals
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
CYBER TERRORISM BY: ASHLEIGH AUSTIN AND HUNTER BURKETT.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Enterprise Network Risks Attachments -- Workers opening an attachment could unleash a worm or virus onto the corporate network, and a new evolution.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 5: Basic Security.
EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
1 © 2007 Chapter 10 Information Technology and Systems Infrastructure Assessment.
Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
MIS323 – Business Telecommunications Chapter 10 Security.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.
Developing a Network Security Policy By: Chris Catalano.
Copyright © 2016 Pearson Education, Inc Chapter 14 Improving Occupational Safety, Health, and Risk Management 14-2 Copyright © 2016 Pearson Education,
INTRODUCTION TO DESKTOP SUPPORT
Information Systems Security
CS457 Introduction to Information Security Systems
Computer Security Fundamentals
CompTIA Security+ Study Guide (SY0-401)
Working at a Small-to-Medium Business or ISP – Chapter 8
Common Methods Used to Commit Computer Crimes
Managing Secure Network Systems
IS4550 Security Policies and Implementation Unit 7 Risk Management
What is a Computer? Computer generally means a programmable machine. The two principal characteristics of a computer are: it responds to a specific set.
Chapter 17 Risks, Security and Disaster Recovery
Introduction to the Federal Defense Acquisition Regulation
What is a Computer? Computer generally means a programmable machine. The two principal characteristics of a computer are: it responds to a specific set.
Chapter 13 Security and Ethical Challenges.
CompTIA Security+ Study Guide (SY0-401)
ONE® Mail Training Presentation
How to Mitigate the Consequences What are the Countermeasures?
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Security week 1 Introductions Class website Syllabus review
Cybersecurity: Tried and True Tactics for Assessing and Managing Risks, Employee Training and Program Testing Brian Rubin, Partner, Sutherland Tee Meeks,
An Introduction to System Administration
Guidelines for building security policies. Building a successful set of security policies will ensure that your business stands the best possible chance.
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Computer Security Fundamentals by Chuck Easttom Chapter 10 Security Policies

Chapter 10 Objectives Recognize the importance of security policies Understand the various policies and the rationale for them Know what elements go into good policies Create policies for network administration Evaluate and improve existing policies Explain what cyber terrorism is and how it has been used in some actual cases. Understand the basics of information warfare. Have a working knowledge of some plausible cyber terrorism scenarios. Have an appreciation for the dangers posed by cyber terrorism. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Introduction Technology by itself cannot solve all network security problems. Cyber terrorism, according to the definition of the FBI: Premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents. Typically, loss of life in a cyber attack would be less than in a bombing attack. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Introduction (cont.) Virus software won't prevent a user from manually opening an attachment and releasing a virus. A technologically secured network is still vulnerable if former employees (perhaps some unhappy with the company) still have working passwords. Or if passwords are simply put on Post-it notes on computer monitors. A server is not secure if it is in a room that nearly everyone in the company has access to. Your network is not secure if end users are vulnerable to social engineering. All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

What Is a Policy? A security policy is a document that defines how an organization deals with some aspect of security. There can be policies regarding end-user behavior, IT response to incidents, or policies for specific issues and incidents. All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Defining User Policies Passwords Internet use E-mail attachments Installing/uninstalling software Instant messaging Desktop configuration All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

System Admin Policies New Employees Departing Employees Change Control Access Control All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Other Issues Bring Your Own Device A major concern in the modern network New Employees Departing Employees Bring your own device (BYOD) has become a significant issue for most organizations. Most, if not all, of your employees will have their own smart phones, tablets, smart watches, and Fitbits that they will carry with them into the workplace. When they connect to your wireless network, this introduces a host of new security concerns. You have no idea what networks that device previously connected to, what software was installed on them, or what data might be exfiltrated by these personal devices. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Change Management RFC CAB Follow-up © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Software Development Policies Security standards Testing © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Incident Response Policies Handling viruses Dealing with breaches All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Data Classification Public Secure © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

BCP and DRP DRP BCP BIA © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Fault Tolerance Backups RAID Full: All changes Differential: All changes since last full backup Incremental: All changes since last backup of any type RAID © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Relevant Laws & Regulations HIPAA Sarbanes-Oxley PCI © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Summary In this chapter, you learned the technology is not enough to ensure a secure network. You must have clear and specific policies detailing procedures on your network. Those policies must cover employee computer resource use, new employees, outgoing employees, access rights, how to respond to an emergency, and even how secure code in applications and websites is. User policies must cover all aspects of how the user is expected to use company technology. In some cases, such as instant messaging and web use, policies may be difficult to enforce, but that does not change that they must still be in place. If your user policies fail to cover a particular area of technology use, then you will have difficulty taking any action against any employee who performs that particular misuse. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.