IS4550 Security Policies and Implementation

Slides:

Advertisements

Similar presentations

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

Advertisements

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Chapter 7 Database Auditing Models

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Test Organization and Management

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Module 14: Configuring Server Security Compliance

Access Training Linux/Unix Power Broker Access Custom Schema Database Access Customer Training Date: 25-JAN-2005.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Introduction to Microsoft Windows 2000 Security Microsoft Windows 2000 Security Services Overview Security subsystem components Local security authority.

Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.

IS3220 Information Technology Infrastructure Security

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

© ITT Educational Services, Inc. All rights reserved. IS3120 Network Communications Infrastructure Unit 10 Network Management—FCAPS.

© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

Technology Requirements for Online Testing Training Module Please refer to the revision log on the last slide of this presentation, updated August.

Audit Trail LIS 4776 Advanced Health Informatics Week 14

Review of IT General Controls

Managing and Monitoring Windows 7 Performance

IS4680 Security Auditing for Compliance

Identity and Access Management

IS4550 Security Policies and Implementation

Chapter 5 : Designing Windows Server-Level Security Processes

Software Configuration Management

Cisco Data Virtualization

SECURING NETWORK TRAFFIC WITH IPSEC

IS4550 Security Policies and Implementation Unit 7 Risk Management

Relation between information modeling and network operation

IS4680 Security Auditing for Compliance

Module 8: Securing Network Traffic by Using IPSec and Certificates

IBM Software Group | Tivoli Brand Software

Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>

IS3440 Linux Security Unit 3 User Account Management

Unit 10 NT1330 Client-Server Networking II Date: 8/16/2016

IS3440 Linux Security Unit 6 Using Layered Security for Access Control

IS4680 Security Auditing for Compliance

Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016

IS4550 Security Policies and Implementation

IS4550 Security Policies and Implementation Unit 5 User Policies

Working With The EPISD Gregory McChesney.

IS3440 Linux Security Unit 9 Linux System Logging and Monitoring

IS4550 Security Policies and Implementation

IS4680 Security Auditing for Compliance

IS4550 Security Policies and Implementation

IS4550 Security Policies and Implementation

IS3440 Linux Security Unit 7 Securing the Linux Kernel

IS4680 Security Auditing for Compliance

IS4550 Security Policies and Implementation

IS4550 Security Policies and Implementation

IS4680 Security Auditing for Compliance

IS3440 Linux Security Unit 8 Software Management

Contact Center Security Strategies

Operating System Security

Securing Windows 7 Lesson 10.

Module 8: Securing Network Traffic by Using IPSec and Certificates

IS4680 Security Auditing for Compliance

IS4680 Security Auditing for Compliance

PLANNING A SECURE BASELINE INSTALLATION

Configuration Management

OU BATTLECARD: Oracle Identity Management Training

Presentation transcript:

IS4550 Security Policies and Implementation Unit 10 Automated Policy Compliance Systems

Class Agenda 8/18/16 Lesson Covers Chapter 15 Learning Objectives 9/19/2018 Class Agenda 8/18/16 Lesson Covers Chapter 15 Learning Objectives Lesson Presentation and Discussions. Assignments and Lab Activities. Break Times as per School Regulations. Exams Review. Read the text book for Exams. Exams will be held in the next class Final Group Project is due in the next class. (c) ITT Educational Services, Inc.

Learning Objective Describe the different issues related to defining, tracking, monitoring, reporting, automating, and configuring compliance systems and emerging technologies.

Key Concepts Baseline definition for information systems security Tracking, monitoring, and reporting for information technology (IT) security baseline definition and policy compliance Automate IT security policy compliance, and policy configuration management and change control management Best practices for IT security policy compliance monitoring Differences between public and private IT security policy compliance monitoring

Baseline security. Baseline is used to deploy security policy settings It ensures that all affected system have the same security settings. Is the starting point and provide the basic and the minimum security. Example: Protocols, Services must be set to what will provide the minimum security. Baseline configuration could be created by imaging operating system and application..

Monitoring for compliance. Baseline need to monitored to ensure compliance. Both authorized and unauthorized changes to the baseline should be tracked monitored. Method to verify changes include: Automated systems. Manual tracking and reporting Audit for compliance

EXPLORE: CONCEPTS

Automated Policy Compliance and Emerging Technologies Have you ever made any transaction through online banking? What do you think are the benefits of making transaction through the Internet?

Manual vs. Automatic Monitoring and Reporting Why do you think that an online banking system is better than traditional banking system?

Automated system for baseline compliance. Software tools are used to enforce policy compliance Automated tools work by taking your security policies and procedures and implementing them into control points It can regularly query systems to verify compliance. Automated tools have scheduled ability.

Public and Private IT Security Policy Compliance Monitoring Differences between Public and Private Public Regulations require reporting on a timely basis Compliance law requires specific reporting guidelines Governmental laws stipulate when reports are due Private Reporting set by owners with no set timeline Government compliance laws may not apply so reporting of that data is not required Problems often go undisclosed

Windows Automated tools Microsoft Baseline Security Analyzer (MBSA) Windows Server Update Services (WSUS) System Management Server (SMS) Microsoft System Center Configuration Manager (SCCM) (Allow student should explore theses applications)

Other Unix and Linux automated tools. Nessus Nmap Security Administrators Integrated and network Tools (SIANT) Symantec Altiris

Manual Tracking and reporting. Manual intervention to track adherence to the policies Provides procedures and guidelines necessary for day-to-day operations Typical procedures include antivirus, password aging and log monitoring. The process is extremely hands-on Example: Someone has to intervene to correlate the data between the various control points, including antivirus programs, IDSes, firewalls and authentication systems such as Active Directory.

Problems of Manual Tracking for compliance Manually monitoring for policy compliance can be quite cumbersome. Detecting this policy deviation and correcting it can be extremely time-consuming Cheaper than automated systems. Not ideal for big organization

EXPLORE: ROLES

Roles and Responsibilities Reporting IT Management Information Security Management Auditing Risk Management Monitoring Information system (IS) Management System Administrators

Roles and Responsibilities (Continued) Compliance Executive Management

EXPLORE: RATIONALE

Benefits of Automating Security Policy Compliance Cost reductions as full time employees can be re-tasked Efficiency due to computers doing the policy compliance monitoring Better reporting functions and data capture

Benefits of Automating Security Policy Compliance (Continued) Online real-time compliance reporting and monitoring Increased accuracy

Summary In this presentation, the following were covered: Automated policy compliance systems and emerging technologies Difference between manual and automatic monitoring and reporting Benefits of automating security policy compliance Differences between public and private IT security policy compliance monitoring Roles and responsibilities associated with automated policy compliance systems

Unit 10 Assignment and Lab Discussion 10.1 Tracking, Monitoring, and Reporting Lab 10.2 Align an IT Security Policy Framework to the 7Domains of a Typical IT Infrastructure Assignment 10.3 Automated Policy Compliance Systems