Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Slides:

Advertisements

Similar presentations

BUSINESS B2 Ethics.

Advertisements

Computer Fraud Chapter 5.

Computer Fraud Chapter 5.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Auditing Computer Systems

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Security Controls – What Works

Lecture 10 Security and Control.

Acceptable Use Policy Quiz Boston Public Schools Technology Awareness Initiative.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Computer Security: Principles and Practice

Stephen S. Yau CSE , Fall Security Strategies.

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

INTERNET and CODE OF CONDUCT

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Network security policy: best practices

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Ensuring Information Security

New Data Regulation Law 201 CMR TJX Video.

SEC835 Database and Web application security Information Security Architecture.

BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

HIPAA PRIVACY AND SECURITY AWARENESS.

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

An Educational Computer Based Training Program CBTCBT.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security and Privacy Strategic Global Partners, LLC.

HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

2010 Test Security 2011 Campus Test Coordinator Training Test Security January 26, 2011 Freeport Intermediate school.

Charlotte Greene EDTC 630 A document of set rules by the school district that explains what you can and cannot do with district owned information systems.

Best Practices: Financial Resource Management February 2011.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

1 User Policy (slides from Michael Ee and Julia Gideon)

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Our Acceptable Use Policy An Overview What is an Acceptable Use Policy (AUP)?

Acceptable Use Policy by Andrew Breen. What is an Acceptable Use Policy? According to Wikipedia: a set of rules applied by many transit networks which.

Unit Essential Question: How does ethical behavior affect how and why I do things on the computer?

Note1 (Admi1) Overview of administering security.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

Firewall Management, Intrusion Detection, Intrusion Prevention and Security Information Management AC475 Team Project Kathleen Jackowski Elizabeth Kearney-Lang.

CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

By: Christina Anderson EDTC 630. AUP stands for Acceptable Use Policy  The AUP is an outline of procedures/rules to inform all students and employees.

Information Security IBK3IBV01 College 2 Paul J. Cornelisse.

SAFEGUARDING YOUR ASSETS AND PREVENTING FRAUD

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

Security and Ethics Safeguards and Codes of Conduct.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

August 31, The Etowah County School District’s electronic network is available to all students and employees. The goal is to foster learning environments.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.

Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.

Information Security based on International Standard ISO 27001

Chapter 3: IRS and FTC Data Security Rules

INFORMATION SYSTEMS SECURITY and CONTROL

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

HQ Expectations of DOE Site IRBs

Presentation transcript:

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth Kearney-Lang Daureen Lingley-Chor

Selected Topics: The two areas of interest our team chose are: Firewall Management and Intrusion Detection, Intrusion Prevention Security Information Management – complement each other well – focusing on the safeguarding of company assets

Control Objectives Security Information Management: To control access to the Information Systems to prevent unauthorized use and to restrict authorized use. To ensure proper controls are in place to ensure data and system availability in order for the Information Systems to fully support the organization’s objectives.

Control Objectives Firewall Management and Intrusion Detection, Intrusion Prevention To ensure preventative, detective, and corrective measures are in place and working as intended to protect the Information System from intrusion. To ensure proper controls are in place to safeguard assets and prevent, detect and mitigate fraudulent activity.

Research Our research began with An Introduction to Computer Security: The NIST Handbook National Institute of Standards and Technology Special Publications: – SP Revision 1 entitled Guidelines on Firewalls and Firewall Policy, – SP Revision 1 entitled Computer Security Incident Handling Guide, – SP entitled Guide to Intrusion Detection and Prevention Systems.

Research Collaboration: wikispaces Warious vendor website White Papers

Control for Firewall Management, Intrusion Detection & Prevention Implement and enforce Back-up Procedure – Category: Procedure – Type: General, Secondary, Corrective – Control Benefit: Up-to-date back-up if needed – Adverse Impact: Unnecessary extended downtime

Control Evidence In Place: Written documentation of procedure, documentation readily available in hardcopy or online. In Effect: All data will be properly backed up, personnel responsible for back-up procedure will have knowledge of procedure and documentation of all back-ups that occur.

Audit Steps In Place: Review written documentation of procedure and search for online copy. In Effect: Test and verify the existence of back- up data stores. Interview employees to determine responsibilities and accountable party.

Control for Security Information Management Written Acceptable Use Policy with required signature of employee – Category: Legal – Type: General, Secondary, Preventative – Control Benefit: Ensures employee knowledge of and responsibility to properly safeguard the system. – Adverse Impact: Lack of knowledge and responsibility would create usage problems and security issues

Control Evidence In Place: Documented Policy, documents with employees’ signatures. In Effect: Understanding of policy by employees, file of signed policies will exist.

Audit Steps In Place: Review documentation of policy and check for signatures of all active employees. In Effect: Interview employees and review file of signed policies.

Image Polymers Company, LLC Covisia Solution, Inc. Test of controls

Best Practices for the AUP Explain employee rights and monitoring expectations Educate employees on legal issues State the consequences of noncompliance Ensure that all the employees are informed about the AUP

Acceptable Use Policy The System, including the system and Internet connections, is the property of the Company. Each employee is responsible for the use of the System and for observing all laws. In the event that any employee is found to have improperly used the System, he or she is subject to disciplinary action, up to and including immediate dismissal.

Acceptable Use Policy The company may review the following at its discretion: History of sent and received by employees Contents of sent and received by employees History of access to the WWW by employees Contents viewed by employees Time spent by employee on the www Voic messages

Challenge Audit Work Program

Questions?