Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Slides:



Advertisements
Similar presentations
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
JARED BIRD Nagios: Providing Value Throughout the Organization.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.
Computer Security: Principles and Practice
Training at Ministry of Industry, Commerce and Consumer Protection Presented By: Mrs Dodah Pravina Mr Dookee Padaruth Date : 11 September 2014 Explaining.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Training at Mauritius Institute of Training and Development Presented By Mrs Dodah Pravina Mr Bhugowon Hemrajsingh Date : 04 October 2013 Overview on Data.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Storage Security and Management: Security Framework
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
HIPAA COMPLIANCE WITH DELL
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Module 14: Configuring Server Security Compliance
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Information Systems Security Operational Control for Information Security.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Information Systems Security
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Information Security What is Information Security?
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Chapter 2 Securing Network Server and User Workstations.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Module 11: Designing Security for Network Perimeters.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Module 2: Designing Network Security
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Computer Security By Duncan Hall.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Information Systems Design and Development Security Precautions Computing Science.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
Kevin Watson and Ammar Ammar IT Asset Visibility.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.
Onsite CRM Security
Security Issues in Information Technology
Securing Network Servers
Design for Security Pepper.
Secure Software Confidentiality Integrity Data Security Authentication
Security and Encryption
Security of a Local Area Network
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
12 STEPS TO A GDPR AWARE NETWORK
Network hardening Chapter 14.
Presentation transcript:

Brian Bradley

 Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect your assets from being damaged.  Detection: measures taken to allow you to detect when an asset has been damaged, how it was damaged and who damaged it.  Reaction: measures that allow you to recover your assets.

 Confidentiality ensures that that data is only read by the intended recipients.  Integrity ensures that all of the data has not been corrupted from its original source.  Availability guarantees that the data is usable upon demand.  Accountability is audit information that is kept and protected so that security actions can be traced to the responsible party.

 Data Security is subject to several types of audit standards and verification.  The most common are ISO 17799, ISO , PCI, ITIL, SAS-70, HIPPA, SOX  Security Administrators are responsible for creating and enforcing a policy that forms to the standards that apply to their organizations business.

 IT certification audits are generally carried out by 3 rd party accounting firms.  They generally can be done in a week or two, depending on the size of the organization.  Clients can also carry out audits before they begin doing business with the company to ensure that their data is secured to their standards.

 A security policy is a comprehensive document that defines a companies’ methods for prevention, detection, reaction, classification, accountability of data security practices and enforcement methods.  It generally follows industry best practices as defined by ISO 17799, , PCI, ITIL, SAS-70, HIPPA, SOX or a mix of them.

 The security policy is the key document in effective security practices.  Once it has been defined it must be implemented and modified and include any exceptions that may need to be in place for business continuity.  All users need to be trained on these best practices with continuing education at regular intervals.

 Data needs to be classified in the security policy according to its sensitivity.  Once this has taken place, the most sensitive data has extra measures in place to safeguard and ensure its integrity and availability.  All access to this sensitive data must be logged.  Secure data is usually isolated from other stored data.

 Controlling physical access to the data center or area where the data is stored.  Active or Open Directory is a centralized authentication management system that is available to companies to control and log access to any data on the system.  Encryption of the sensitive data is critical before transmission across public networks.

 The use of firewalls on all publicly facing WAN connections.  Deploying VLANs’ and ACLs’ to isolate sensitive departments from the rest of the network.  Shutting down unused switch ports.  If wireless is deployed, use authentication servers to verify and log the identity of those logging on.  Anti-Virus and malicious software protection on all systems.

 Walk around and look for passwords in the open.  Event Viewer / Log Files  Intrusion Detection/ Protection systems (IDS/IPS) such as SNORT.  These will alert Administrators of suspicious data flows.

 Set up SNMP monitoring servers to monitor and alert for everything.  This will alert Administrators to everything from unusual bandwidth usage to hardware failure.  It is key to know what's going on with your systems and network.

 Microsoft Visio is the standard for drawing network maps.  These maps allow a detailed overview of the system and how it is functions.  They also allow the spotting of weak points of security and flaws in design that can impact reliability or continuity of the data to the end user.

 Nessus is a network scanner that probes devices to ensure their secure.  It will probe and report old out of date software, open ports and the give details on potential exposure related to them.  Should be scheduled at least monthly enterprise wide.  A log needs to be kept of who was scanned so that anybody missed can be scanned either next time or individually.

 SANS Storm Center will keep you posted to the latest attack trends.  Read you log files regularly of any publicly facing server to see what types of attacks are being run against your enterprise.  Trade publications discuss the latest threats and technologies.  Understand the technology that you are protecting and the technology that is used to attack.

 All relevant security polices must be clearly explained to the end users.  A clear explanation of the consequences for violating these polices must also be explained.  The end user needs to sign a document acknowledging that they understand the policies and consequences for violating these policies.

 Must obtain executive authority to enforce policy.  Systematic approach of warnings and punishments.  Coordinate with HR to document continued issues with staff.

I very much appreciate your time and interest.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.