Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Copyright Kim.

Slides:



Advertisements
Similar presentations
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Advertisements

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D
DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
Security+ Guide to Network Security Fundamentals
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Session 3 – Information Security Policies
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Securing Information Systems
SEC835 Database and Web application security Information Security Architecture.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
N ational I NFOSEC E ducation and T raining P rogram Educational Solutions for a Safer World http//
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
NeighborhoodScore Oceanside Waterfront Fisherman’s Row Meadowglen Sunnybrook Old Town Total.
Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.
Planning for Resiliency. Primary Reference Emergency Management Principles and Practices for Healthcare Systems, The Institute for Crisis, Disaster and.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Copyright 2004 Integrity Incorporated Carolyn Burke, MA, CISSP, CISM CEO, Integrity Incorporated Mitigate Risk March 23, 2004, 2pm.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Engineering Essential Characteristics Security Engineering Process Overview.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)
Part V Electronic Commerce Security Online Security Issues Overview Managing Risk Computer Security Classifications. Security.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
INFORMATION SECURITY AWARENESS Whose Job is it Anyway? Ron Freedman Ron Freedman Vice President VCampus Corporation Scott Wright Scott WrightPresident.
Safe’n’Sec IT security solutions for enterprises of any size.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
MIS323 – Business Telecommunications Chapter 10 Security.
IS3220 Information Technology Infrastructure Security
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Welcome to the ICT Department Unit 3_5 Security Policies.
Advanced Planning Brief to Industry Jerry L. Davis DAS, Office of Information Security June 9, 2011.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Securing Information Systems
Cybersecurity: Risk Management
Information Technology Sector
Securing Information Systems
CIS 333Competitive Success/tutorialrank.com
CIS 333 Education for Service-- tutorialrank.com.
I have many checklists: how do I get started with cyber security?
8 Building Blocks of National Cyber Strategies
Security week 1 Introductions Class website Syllabus review
ITU-T Workshop on Security, Seoul (Korea), May 2002
Presentation transcript:

Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Copyright Kim Milford, 2003

Overview Background: Defining a Security Architecture Why we need A Security Architecture Models A Comprehensive Approach to Information Security

Background RFC 2401 (IPSec) Security Architecture: –Goal is to provide various security services for traffic at the IP level ISC 2 : –The totality of security design for a system or application IAA/PKI Standards –Federal Bridge PKI –Shibboleth

Background CERT: –Maintain a long-term view and invest in research toward systems and operational techniques that yield networks capable of surviving attacks while protecting sensitive data. In doing so, it is essential to seek fundamental technological solutions and to seek proactive, preventive approaches, not just reactive, curative approaches.

Why We Need A Security Architecture Mandates –FERPA –HIPAA –Gramm Leach Bliley Act – TEACH –National Strategy to Secure Cyberspace –DHHS proposed legislation to protect laboratories handling select agent (42 CFR Part 73): 73.11(a) “The security plan must be based on a systematic approach in which threats are defined, vulnerabilities are examined, and risks associated with those vulnerabilities are mitigated with a security systems approach.” 73.11(b)”The plan must: (1) describe …cyber security

Why We Need A Security Architecture To Protect: Confidentiality Integrity Availability of IT Resources From: Environmental threats Technical threats Human threats

Why We Need A Security Architecture Threats

Why We Need A Security Architecture Threats – Continued

Why We Need A Security Architecture Threats - Continued

Why We Need A Security Architecture Threats – Continued (2002 CSI/FBI Survey): 90% of respondents detected computer security incidents in the past 12 months 80% acknowledged financial losses due to computer security incidents

Why We Need A Security Architecture Threats – Continued (2002 CSI/FBI Survey):

Security Architecture: Models Historical:

Security Architecture: Models

The building blocks of security… POLICIES VIRUS PROTECTION PHYSICAL SECURITY PROTECT YOUR SERVERS PROTECT YOUR PCs DISASTER RECOVERY EDUCATION INCIDENT HANDLING FIREWALLS

Security Architecture: Models Interlocking Communities Served by Interlocking Information Infrastructures FII DII Electronic Commerce Electronic Mail Electronic Data Interchange Electronic Funds Transfer File Transfer Information Search/Retrieval NII GII Requiring PROTECTDETECTRESPONDRECONSTITUTE Private Citizen Business Sector State, Local Govt Critical Public Safety Federal Govt Natl Security Intel/DOD Internatl Basic Information Security Services * Data Integrity* Data Confidentiality* Transaction Non-Repudiation * User Identification and Authentication* System Availability Through trained system users, maintainers and developers

Security Architecture: Models

A Comprehensive Approach to Information Security From theory to practice: 1.Perform risk assessment 2.Develop a comprehensive plan to information security –Phased migration 3.Develop an architectural model –Get management's attention –Get system developer’s attention

References Security Project Cookbook, The Burton Group Nigel Willson, Dan Blum, (CSI/FBI survey)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.