Security week 1 Introductions Class website Syllabus review

Slides:



Advertisements
Similar presentations
Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
Advertisements

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
MSIA Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.
HIPAA Security Standards What’s happening in your office?
Security Controls – What Works
Information Security Policies and Standards
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Factors to be taken into account when designing ICT Security Policies
Stephen S. Yau CSE , Fall Security Strategies.
Security Certification
Network security policy: best practices
UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT Introduction to Network Security Instructor – Jan McDanolds,
The Top Ten of Security. Ten best practices for securing your network. Ten best security web sites. Eight certifications.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Concepts of Database Management Sixth Edition
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
IS Network and Telecommunications Risks Chapter Six.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Note1 (Admi1) Overview of administering security.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Chapter 2 Securing Network Server and User Workstations.
Module 11: Designing Security for Network Perimeters.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Introduction to Information Security
Security fundamentals Topic 2 Establishing and maintaining baseline security.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Security tools for records managers Frank Rankin.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Best Cyber Security Practices for Counties An introduction to cybersecurity framework.
City of Hyattsville City Council IT Briefing October 19, 2015 dataprise.com | #ITinRealLife.
Onsite CRM Security
Information and documentation media systems.
Cybersecurity - What’s Next? June 2017
Critical Security Controls
Security Standard: “reasonable security”
Introduction to the Federal Defense Acquisition Regulation
Your Computer Wants To Ruin Your Life
Cyber Protections: First Step, Risk Assessment
CompTIA Security+ Study Guide (SY0-401)
Joe, Larry, Josh, Susan, Mary, & Ken
Infrastructure, Data Center & Managed Services
I have many checklists: how do I get started with cyber security?
ISO/IEC 27001:2005 A brief introduction Kaushik Majumder
IS4680 Security Auditing for Compliance
Final HIPAA Security Rule
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
County HIPAA Review All Rights Reserved 2002.
Cybersecurity Threat Assessment
PLANNING A SECURE BASELINE INSTALLATION
Introduction to the PACS Security
Global One Communications
Presentation transcript:

Security week 1 Introductions Class website Syllabus review Course outline Homework Security overview Scenario – evaluating two attacks Packet Tracer scenario

Network Security Organizations CERT - CERT Coordination Center (CERT/CC) CERT is chartered to work with the internet community in detecting and resolving computer security incidents, as well as taking steps to prevent future incidents. Part of US-CERT. US-CERT - Computer Emergency Readiness Team. Established in 2003 to protect the nation's Internet infrastructure. Coordinates defense against and responses to cyber attacks. IETF - Internet Engineering Task Force Open international community of network designers, operators, vendors, and researchers concerned with the evolution and operation of the Internet. SANS - SysAdmin, Audit, Network, Security Source for information security, training and certification

Security Certifications International Information Systems Security Certification Consortium (ISC)2 CISSP - Certified Information System Security Professional SSCP - Systems Security Certified Practitioner CheckPoint CCSA - Check Point Certified Security Administrator CCSE - Check Point Certified Security Engineer Cisco CCNA Security  CCNP Security  CCIE Security  Comptia Security+

Security Regulations HIPAA (Health Insurance Portability & Accountability Act of 1996) Improved efficiency in healthcare delivery by standardizing electronic data interchange, and Protection of confidentiality and security of health data through setting and enforcing standards.

The Security Process Identify and assess assets Identify and assess threats and risks Create security policy Design network security implementation Test security design- modify as appropriate Implement security design Educate users Monitor per security policy Test, re-evaluate and modify periodically Handle incidents, modify security implementation/policy as appropriate, document

What are your assets/items that need to be protected? Exercise - In groups, see how many assets/items you can identify that warrant protection by IS.

Some Network Assets Cabling/wireless - bandwidth Patch panels Switches Routers Firewalls Servers and workstations- cpu, memory and hard disks Network services - WEB, FTP, email, application, database Data Personnel - time, productivity Business assets - Reputation, good will, secrets Other?

How do you assess risk? Risk= cost of loss x level of threat Example – customer data base If unavailable for a while If irretrievably lost If improperly modified If acquired by a competitor

How do you evaluate threat? By type of threat Human conduct Intentional – Damaging, stealing, exploring Negligent, inadvertent Events – disasters, etc Device failures By source of threat Internal v external

How do you invoke security? Fault tolerance/redundancy/high availability Protective procedures - testing security, backups, monitoring Protective policies (acceptable use, saving procedures) Physical security Protective software (anti-virus) Protective configurations (strong passwords) Protective implementations - using encryption, VPNs, certificates Protective devices – firewalls, routers, switches, etc User education Other?

Evaluating two attacks on the United States Russian election interference – 2016 Pearl Harbor – December 7, 1941

Exercise – List United States assets

Exercise – Evaluate damage to US assets from each attack

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.