CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 2 Tom Olzak, MBA, CISSP.

Slides:

Advertisements

Similar presentations

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Advertisements

Managed Premises Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

JARED BIRD Nagios: Providing Value Throughout the Organization.

Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.

Access Control Chapter 3 Part 5 Pages 248 to 252.

Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003.

Security Controls – What Works

The State of Security Management By Jim Reavis January 2003.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

LittleOrange Internet Security an Endpoint Security Appliance.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Security Guidelines and Management

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP.

Protecting Your Computer & Your Information

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 3 Tom Olzak, MBA, CISSP.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 5 Tom Olzak, MBA, CISSP.

Enterprise Risk Management & IT Compliance March 30, 2010 Presented by: Ken Rowe, Director Enterprise Systems Assurance & Chief Security Officer University.

Honeypot and Intrusion Detection System

Configuring Electronic Health Records Privacy and Security in the US Lecture f This material (Comp11_Unit7f) was developed by Oregon Health & Science University,

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

Auditing IT Vulnerabilities IT vulnerabilities are weaknesses or exposures in IT assets or processes that may lead to a business risk or security risk.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Wireless Intrusion Prevention System

Small Business Security Keith Slagle April 24, 2007.

Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Frontline Enterprise Security

NetTech Solutions Protecting the Computer Lesson 10.

CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Security Issues and Ethics in Education Chapter 8 Brooke Blanscet, Morgan Chatman, Lynsey Turner, Bryan Howerton.

Global Mobile Anti-malware Market WEBSITE Single User License: US$ 2500 No of Pages: 55 Corporate User License: US$

© 2011 IBM Corporation IBM Security Services Smarter Security Enabling Growth and Innovation Obbe Knoop – Security Services Leader Pacific.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Information Security in Laurier Grant Li Wilfrid Laurier University.

Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)

Common System Exploits Tom Chothia Computer Security, Lecture 17.

WannaCry/WannaCrypt Ransomware

CISOs Guide To Communicating WNCRY.

WannaCry/WannaCrypt Ransomware

Managing Windows Security

Information Security Program

Cybersecurity - What’s Next? June 2017

Security Risk Profiles – Tips and Tricks

Joe, Larry, Josh, Susan, Mary, & Ken

A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.

Virtualization & Security real solutions

National Cyber Security

Contact Center Security Strategies

A 5-minute overview of ADAudit Plus

Security week 1 Introductions Class website Syllabus review

Information Services Security Management

Using Software Restriction Policies

Presentation transcript:

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 2 Tom Olzak, MBA, CISSP

Malware  Virus – First malware. Requires user action.  Worms – Most common in large-scale attacks. Moves on its own  Trojans – Often coupled with a rootkit. Users install them thinking they are valid programs. Collect user information  Rootkits – Difficult to detect and almost impossible to completely remove. Embed themselves deep in the operating system, often replacing one or more device drivers.

Network Segmentation  Divides internal network into smaller networks  Creates many smaller attack surfaces  Groups data and systems according to classification and risk  Allows security teams to apply scarce budget dollars where they are needed most  More information: chapter-5/ chapter-5/

Vulnerability Detection  Scans – Regularly perform vulnerability scans. Tools include these top- rated solutions vulnerability-scanners.htmlhttp:// vulnerability-scanners.html  Vendors  Security organizations  US-CERT (  SANS Institute Internet Storm Center (  Good for emerging threat information

Web Filtering  Block all websites except those needed for business  Whitelisting v. Blacklisting  Web filter solutions  OpenDNS  WebSense For more information about OpenDNS and how Web filtering works, see

Filtering  Stop malware before it gets to the servers  Use two filters from different vendors  Block all high-risk attachments  For one administrator’s list of denied extensions, see

SIEM  Security Information and Event Management  Required for comprehensive monitoring and detection  Individual device/system log reviews largely ineffective  Too much to view  No big picture perspective

Controls

Cost/Benefit Analysis  Based on risk, especially business impact  Process based on business impact  Calculate the business impact  Calculate the cost of mitigating controls  If the cost of controls is lower than business impact, implement the controls  If the cost of controls is higher than business impact, spend your budget dollars elsewhere

Regulations (U.S.)  Sarbanes-Oxley Act (SOX) -  Gramm-Leach-Bliley Act (GLBA) - and-security/gramm-leach-bliley-acthttp://business.ftc.gov/privacy- and-security/gramm-leach-bliley-act  FISMA -  HIPAA -  Privacy  Security  PCI DSS (industry standard, but non-compliance comes with a high price…)

And again…  Be sure to read ALL assigned reading. Your success in this class depends on it.