Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Slides:



Advertisements
Similar presentations
Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
Advertisements

Hart District Acceptable Use Policy Acceptable Use Policy.
Operating System Security
CSC 360- Instructor: K. Wu Overview of Operating Systems.
Share Your PC Get Started. Sharing a computer used to mean that others could see your private files, install software you didn't want, or change your.
Woodland Hills School District Computer Network Acceptable Use Policy.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.
Module 4: Implementing User, Group, and Computer Accounts
Security Controls – What Works
1 An Overview of Computer Security computer security.
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
کامیار نیرومند کارشناس تیم تجهیزات مرکز تخصصی آپا دانشگاه صنعتی اصفهان پاییز
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
Storage Security and Management: Security Framework
COEN 252 Computer Forensics
HIPAA COMPLIANCE WITH DELL
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Systems Security & Audit Operating Systems security.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
15 Maintaining a Web Site Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
COEN 252 Computer Forensics Collecting Network-based Evidence.
SYSTEM SOFTWARE Prepared by: Mrs. Careene McCallum-Rodney.
EFFECT OF CORPORATE IT POLICIES ON OTHERWISE PRIVILEGED COMMUNICATIONS Prepared by Joel P. Hoxie of Snell & Wilmer November 2010 Presented by: Jon Barton.
Information Systems Security Operational Control for Information Security.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Information Assurance Policy Tim Shimeall
1 User Policy (slides from Michael Ee and Julia Gideon)
UNIT 12 P3 – SECURITY PROTECTION MECHANISMS Cambridge Technicals.
Essential Components: Acceptable Use Policy Presenter: John Mendes.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
Information Asset Classification Community of Practicerev. 10/24/2007 Information Asset Classification What it means to employees.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Information Security What is Information Security?
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Introduction to Information Security
Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)
ISO/IEC 27001:2013 Annex A.8 Asset management
1 5/18/2007ã 2007, Spencer Rugaber Architectural Styles and Non- Functional Requirements Jan Bosch. Design and Use of Software Architectures. Addison-Wesley,
Describe the potential of IT to improve internal and external communications By Jim Green.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
Woodland Hills School District Computer Network Acceptable Use Policy.
INTRODUCTION OF SYSTEM & APPLICATION SOFTWARE. OPERATING SYSTEM (OS) An operating system, or OS, is a software program that enables the computer hardware.
Module 1: Introduction to Windows 2000 and Networking.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Marion County Public Schools Acceptable Use Guidelines for Network Access.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Best Cyber Security Practices for Counties An introduction to cybersecurity framework.
Review of IT General Controls
Securing Network Servers
Cybersecurity First Principles
Providing Access to Your Data: Handling sensitive data
Chapter 1 - Introduction to Information Technology
What is an Operating System?
Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016
Unit 1: Introduction to Operating System
Operating System Introduction.
Operating Systems Tasks 04/04/2019.
Woodland Hills School District
Operating Systems Tasks 05/08/2019.
Session 1 – Introduction to Information Security
Presentation transcript:

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010

Introduction Easy to define but hard to master Covers everything that can go wrong while computers are running It mainly examines the following controls: Operators Hardware Media Who should be involved with computer operations security? Every person interact with the system internally or externally Every technology that is part of the system

How to plan? The plan should be derived by asking right questions such as: How many security events were identified? How to control access privileges? Plan should show the ROI by asking the right questions such as: What will be the losses if not implemented. How much will it cost?

Critical O. S. Controls Operation controls focus on the following aspects: Resources protection Accountability, violation processing and user access authorities Access-Privileges Hardware, storage, I/O operations and activity logs Change Management Scheduling, applying, implementing and reporting Hardware

Resource Protection Securely guard the organizations Computing resources Loss Compromise Communication Balance of the security implementation depends on: Value of information Business need for the information Benefits are: Decrease possibility of damage to data Limit disclosure and misuse of data

Resource Protection Access given to individual users At a specific time Track access log Practices to enhance accountability and authority can be via: Users understanding the importance of passwords Users understanding the privacy regulations and its importance to avoid legal issues Plans for management changes must be in place

Access Privileges Hardware access Isolation between unrelated storages Enables controlling unauthorized access I/O operations and devices Should be verified before execution of privilege program Activity logs Auditing

Change Management Managing change steps: Introduce change Change log Scheduling change Implementing change Reporting change Why following those steps? Reduce the impact of change on services

Hardware Hardware access is via operating system software. Physical security of hardware Storage Unauthorized access

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.