R. Ching, Ph.D. MIS Area California State University, Sacramento 1 Week 6 Monday, February 27 IT InfrastructureIT Infrastructure Reliability and Security.

Slides:



Advertisements
Similar presentations
IT Service Continuity Management
Advertisements

Database Administration and Security Transparencies 1.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Telstra in Confidence Managing Security for our Mobile Technology.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Chapter 12 Strategies for Managing the Technology Infrastructure.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Lecture 11 Reliability and Security in IT infrastructure.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Computer Security: Principles and Practice
The Information Systems Audit Process
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Chapter 13 Organizing Information System Resources MIS Department Centralization and Decentralization Outsourcing Computer Facilities and Services.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.
Chapter 13: Data Security & Disaster Recovery Database Management Systems.
SEC835 Database and Web application security Information Security Architecture.
© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
1 IS 8950 Managing Network Infrastructure and Operations.
Assuring Reliable and Secure IT Services Chapter 6.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
Security Architecture
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 6 of the Executive Guide manual Technology.
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
The Beneficent the MERCIFUL In the NAME of. “ASSURING RELIABLE AND SECURE IT SERVICES”
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Information Systems Security Operations Security Domain #9.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
Information Security What is Information Security?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007,
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.
Assuring Reliable and Secure IT Services Chapter 6.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
1 I ntegrated S ite S ecurity for G rids WP2 – Site Assessment Methodology, 20 June 2007 WP2 - Methodology ISS e G Integrated Site Security.
 Has computer technology knowledge and programming expertise  Understands business problems  Uses logical methods for solving problems  Has fundamental.
IS3220 Information Technology Infrastructure Security
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Security Crisis Management Daryl Goodwin.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
Information Systems Security
Risk management.
ISSeG Integrated Site Security for Grids WP2 - Methodology
Chapter 8 – Administering Security
Securing Information Systems
Database Security &Threats
Presentation transcript:

R. Ching, Ph.D. MIS Area California State University, Sacramento 1 Week 6 Monday, February 27 IT InfrastructureIT Infrastructure Reliability and Security of IT ServicesReliability and Security of IT Services SecuritySecurity

R. Ching, Ph.D. MIS Area California State University, Sacramento 2 IT Infrastructure, Another View…

R. Ching, Ph.D. MIS Area California State University, Sacramento 3 IT Architecture and Advances in IT Era I - Mainframe (1950’s s)Era I - Mainframe (1950’s s) –IT paradigm Centralized computingCentralized computing Automated functionsAutomated functions –Information management Focus on data (i.e., data processing and efficiency)Focus on data (i.e., data processing and efficiency) Fixed reportingFixed reporting File-basedFile-based

R. Ching, Ph.D. MIS Area California State University, Sacramento 4 IT Architecture and Advances in IT Era II - PC (1970’s s)Era II - PC (1970’s s) –IT paradigm MicrocomputerMicrocomputer Decentralized, end-user developed computingDecentralized, end-user developed computing –Information management Focus on information (i.e., specialized applications)Focus on information (i.e., specialized applications) Specialized and personal software (i.e., electronic spreadsheets, word processing, file management)Specialized and personal software (i.e., electronic spreadsheets, word processing, file management) Islands of informationIslands of information

R. Ching, Ph.D. MIS Area California State University, Sacramento 5 IT Architecture and Advances in IT Era III - Network (1990’s - present)Era III - Network (1990’s - present) –IT paradigm Client/server (fat and thin clients)Client/server (fat and thin clients) Internet, intranet (within the organization), extranet (between the organization and its suppliers/partners)Internet, intranet (within the organization), extranet (between the organization and its suppliers/partners) End-user computingEnd-user computing –Information management Focus on knowledge (i.e., OLAP tools, data warehousing/mining)Focus on knowledge (i.e., OLAP tools, data warehousing/mining) Relational and OO database (centralized data repository)Relational and OO database (centralized data repository)

R. Ching, Ph.D. MIS Area California State University, Sacramento 6 Infrastructure Delivering the right information to the right people at the right time Delivering IT resources to support users throughout the organizationDelivering IT resources to support users throughout the organization Four layer infrastructure (Weill and Broadbent)Four layer infrastructure (Weill and Broadbent) –IT components –Human IT infrastructure –Shared IT services – services that users can draw upon and share to conduct business –Shared and standard IT applications – stable applications that change less frequently

R. Ching, Ph.D. MIS Area California State University, Sacramento 7 Structure of the IT Infrastructure IT components Shared IT services Human IT infrastructure Shared and standard IT applications Local applications IT infrastructure

R. Ching, Ph.D. MIS Area California State University, Sacramento 8 Three Views of IT Infrastructure Economies of scale (utility) – providing IT/IS as a service to the business to facilitate operationsEconomies of scale (utility) – providing IT/IS as a service to the business to facilitate operations –Emphasis on reducing costs Support for business programs (dependent) – IT tied to business plan and value-added initiativesSupport for business programs (dependent) – IT tied to business plan and value-added initiatives Flexibility to meet changes in the marketplace (enabling) – IT planning tied to business strategic planFlexibility to meet changes in the marketplace (enabling) – IT planning tied to business strategic plan –Co-alignment between business strategy and IT strategy –Strategic IT and strategic IT planning

R. Ching, Ph.D. MIS Area California State University, Sacramento 9 Strategic Grid: Placing Infrastructure Planning and Management in Perspective High Low HighLow Impact of Existing IT applications Impact of Future IT applications Factory Operational IT Support Basic elements Turnaround Gradual adoption Strategic Strategic IT plan, initiatives Mission Critical Less critical How we view reliability and security depends on where the organization lies on the strategic grid.

R. Ching, Ph.D. MIS Area California State University, Sacramento 10 Reliability and Availability of the Infrastructure

R. Ching, Ph.D. MIS Area California State University, Sacramento 11 Infrastructure Reliability Ensuring continuous operations in support of the organizationEnsuring continuous operations in support of the organization –27 x 7 operation (if important) –Redundancy of components –Cost of maintaining continuous operations vs. cost of failure –Threats and countermeasures

R. Ching, Ph.D. MIS Area California State University, Sacramento 12 Availability Availability 100% 0% Number of components Component 1 98% availability Component 2 98% availability Component 3 98% availability Component 4 98% availability Component 5 98% availability.98 x.98 x.98 x.98 x.98 =.9039 Overall service availability Complexity of the system increases as the number of components increase

R. Ching, Ph.D. MIS Area California State University, Sacramento 13 Availability Component 1 98% availability Component 2 98% availability Component 3 98% availability Component 4 98% availability Component 5 98% availability.98 x.98 x.98 x.98 x.98 =.9039 Component 1 98% availability Component 2 98% availability Component 3 98% availability Component 4 98% availability Component 5 98% availability Redundancy: If each component has a failure rate of.02, then a complete failure of the system is.02 x.02 x.02 x.02 x.02 = Components running in parallel (i.e., each component is capable of doing all functions)

R. Ching, Ph.D. MIS Area California State University, Sacramento 14 Making a High-Availability Facility Uninterruptible electric power deliveryUninterruptible electric power delivery Physical securityPhysical security Climate control and fire suppressionClimate control and fire suppression Network connectivityNetwork connectivity N+1 and N+N redundancy of mission critical componentsN+1 and N+N redundancy of mission critical components

R. Ching, Ph.D. MIS Area California State University, Sacramento 15 Malicious Threats and Defensive Measures Types of threats:Types of threats: –External attacks – denial of service (DoS) –Intrusion – access via the IT infrastructure –Viruses and worms Defensive measuresDefensive measures –Security policies – defines security by recognizing IT as a resource –Firewalls –Authentication –Encryption –Patching and change management –Intrusion detection and network monitoring

R. Ching, Ph.D. MIS Area California State University, Sacramento 16 Risk Management Risk of failure or a breach of securityRisk of failure or a breach of security Must be classified (i.e., critical, not critical, etc.)Must be classified (i.e., critical, not critical, etc.) Addressed in proportion to their likelihood and potential consequencesAddressed in proportion to their likelihood and potential consequences Management action to mitigate risksManagement action to mitigate risks –Costs vs. potential benefits –Expected loss (probability of a threat occurring x cost)

R. Ching, Ph.D. MIS Area California State University, Sacramento 17 Prioritization of Risks Consequences High Low Probability0 1 Critical Threats Minor Threats Flooding Earthquake Lightning Construction Hacking Intrusion Fire Corporate espionage

R. Ching, Ph.D. MIS Area California State University, Sacramento 18 Managing Threats and Risks Sound infrastructure designSound infrastructure design Disciplined execution of operating proceduresDisciplined execution of operating procedures Careful documentationCareful documentation Established crisis management proceduresEstablished crisis management procedures Rehearsing incident responseRehearsing incident response –Security audit Recovery proceduresRecovery procedures

R. Ching, Ph.D. MIS Area California State University, Sacramento 19 Another View of Security and Threats…

R. Ching, Ph.D. MIS Area California State University, Sacramento 20 Countermeasures and Contingency Plans Threats Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently the organization.Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently the organization. –Tangible losses (hardware, software, data) –Intangible losses (credibility, confidentiality)

R. Ching, Ph.D. MIS Area California State University, Sacramento 21 Threats and Countermeasures Initiate countermeasures to overcome threatsInitiate countermeasures to overcome threats –Consider the types of threat and their impact on the organization Cost-effectivenessCost-effectiveness FrequencyFrequency SeveritySeverity

R. Ching, Ph.D. MIS Area California State University, Sacramento 22 Threats and Countermeasures Objective is to achieve a balance between a reasonable secure operation, which does not unduly hinder users, and the costs of maintaining it.Objective is to achieve a balance between a reasonable secure operation, which does not unduly hinder users, and the costs of maintaining it. Risks are independent of the countermeasuresRisks are independent of the countermeasures CountermeasuresCountermeasures CostsCosts SecuredOperationsSecuredOperations Risks

R. Ching, Ph.D. MIS Area California State University, Sacramento 23 Countermeasures Computer-based vs. Non-computer-basedComputer-based vs. Non-computer-based Implemented through the operating system and/or DBMS Management policies and procedures

R. Ching, Ph.D. MIS Area California State University, Sacramento 24 Computer-Based Controls AuthorizationAuthorization Backup (and recovery)Backup (and recovery) JournalingJournaling Integrity controlsIntegrity controls EncryptionEncryption Associated proceduresAssociated procedures

R. Ching, Ph.D. MIS Area California State University, Sacramento 25 Noncomputer-Based Controls Security policy and contingency plansSecurity policy and contingency plans Personnel controlsPersonnel controls Securing positioning of equipmentSecuring positioning of equipment Secure data and softwareSecure data and software Escrow agreementsEscrow agreements Maintenance agreementsMaintenance agreements Physical access controlsPhysical access controls Building controlsBuilding controls Emergency arrangementsEmergency arrangements Management-oriented

R. Ching, Ph.D. MIS Area California State University, Sacramento 26 Non-Computer-Based Controls: Countermeasures Security policy and contingency planSecurity policy and contingency plan –Security - covers the operations of the database –Contingency plan - addresses plans for catastrophic events Procedures to followProcedures to follow Line of commandLine of command Personal controlsPersonal controls –Assessing and monitoring employees –Training –Responsibilities - sharing and splitting –Job controls

R. Ching, Ph.D. MIS Area California State University, Sacramento 27 Non-Computer-Based Controls: Countermeasures Securing:Securing: –Hardware –Data and software Physical access controlsPhysical access controls –Internal and external Emergency arrangementsEmergency arrangements –Cold, warm and hot sites

R. Ching, Ph.D. MIS Area California State University, Sacramento 28 Non-Computer-Based Controls: Countermeasures Risk analysisRisk analysis –Identify assets –Identify threats and risks –Establish their costs relative to losses –Determine countermeasure Establish effectiveness of the countermeasureEstablish effectiveness of the countermeasure Establish cost of implementing the countermeasureEstablish cost of implementing the countermeasure –Examine cost/benefit of countermeasure –Make recommendation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.