Security Guide for Interconnecting Information Technology Systems

Slides:

Advertisements

Similar presentations

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Advertisements

Security Controls – What Works

Information Security Policies and Standards

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)

Controls for Information Security

Concepts of Database Management Seventh Edition

Factors to be taken into account when designing ICT Security Policies

Stephen S. Yau CSE , Fall Security Strategies.

Payment Card Industry (PCI) Data Security Standard

Session 3 – Information Security Policies

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Concepts of Database Management Sixth Edition

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

ISA 562 Internet Security Theory & Practice

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Concepts of Database Management Eighth Edition

ITSC Writing an Operational Security Plan E. Jane Powanda FISSEA 2005 Conference March 22,

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Module 14: Configuring Server Security Compliance

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Information Systems Security Operational Control for Information Security.

Auditing Information Systems (AIS)

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Information Systems Security

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Change and Patch Management Controls

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Working with HIT Systems

Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.

Chapter 2 Securing Network Server and User Workstations.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

PCI Training for PointOS Resellers PointOS Updated September 28, 2010.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

CPT 123 Internet Skills Class Notes Internet Security Session B.

IS3220 Information Technology Infrastructure Security

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Business Continuity Planning 101

 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”

«My future profession»

Blackboard Security System

Working at a Small-to-Medium Business or ISP – Chapter 8

Critical Security Controls

IS4550 Security Policies and Implementation

Computer-Based Processing: Developing an Audit Assessment Approach

CompTIA Security+ Study Guide (SY0-501)

ISMS Information Security Management System

Final HIPAA Security Rule

PLANNING A SECURE BASELINE INSTALLATION

IT Management Services Infrastructure Services

Presentation transcript:

Security Guide for Interconnecting Information Technology Systems ANUSHA KAMINENI SECURITY MANAGEMENT

AGENDA Introduction Background Lifecycle of System Interconnection

EXECUTIVE SUMMARY Security guide for Interconnecting systems Life-Cycle Management Planning a system interconnection Establishing a system interconnection Maintaining a system interconnection Disconnecting a system interconnection ISA and MOU/A System Interconnection Implementation plan

INTRODUCTION Authority Purpose Scope Audience Document Structure

Figure 1: Interconnection Components BACKGROUND Figure 1: Interconnection Components

Why to interconnect IT systems? Exchange data & information Provide customized levels Collaborate on Joint projects Provide full time communications Provide online training Provide secure storage of data

PLANNING A SYSTEM INTERCONNECTION Figure 2. Steps to plan a system interconnection

PLANNING A SYSTEM INTERCONNECTION Establish a Joint planning team Define the Business case Perform C & A Determine Interconnection Requirements Document Interconnection Agreement Approve or Reject Interconnection

Determine Interconnection Requirements Level and method of interconnection Impact on existing Infrastructure and Operations Hardware Requirements Software Requirements Data Sensitivity User Community Services and Applications Security controls Segregation of Duties Incident Reporting and Response Contingency Planning

…..continued Determine Interconnection Requirements Data element naming and ownership Data Backup Change Management Rules of Behavior Security Training and Awareness Roles and Responsibilities Scheduling Costs and Budgeting

Document Interconnection Agreement Develop an interconnection security agreement Establish a memorandum of Understanding

Approve or Reject Interconnection Approve the interconnection Grant interim approval Reject the interconnection

ESTABLISHING A SYSTEM INTERCONNECTION Fig 3. Steps to Establish a system Interconnection

ESTABLISHING A SYSTEM INTERCONNECTION Develop Implementation Plan Execute Implementation Plan Activate Interconnection

Execute Implementation Plan Implement or configure security controls Firewalls Intrusion Detection Auditing Identification and Authentication Logical Access controls Virus scanning Encryption Physical and Environmental security

…. continued Execute Implementation Plan Install or configure hardware and software Communications line VPN Routers and switches Hubs Servers Computer Workstations Integrate Applications Conduct operational and security testing Conduct security Training and awareness Update systems security plans Perform Recertification and Reaccreditation

MAINTAINING A SYSTEM INTERCONNECTION Maintain clear lines of communication Maintain equipment Manage user Profiles Conduct security reviews Analyze audit logs Report & respond to security incidents Coordinate contingency planning activities Perform Change management Maintain system security plans

DISCONNECTING A SYSTEM INTERCONNECTION Planned disconnection Emergency disconnection Restoration of interconnection

EXECUTIVE SUMMARY Security guide for Interconnecting systems Life-Cycle Management Planning a system interconnection Establishing a system interconnection Maintaining a system interconnection Disconnecting a system interconnection ISA and MOU/A System Interconnection Implementation plan

IMPORTANT TERMS Audit Trail Integrated Services Digital Network(ISDN) Interconnection Security Agreement(ISA) Intrusion Detection System (IDS) Memorandum of Understanding/Agreement(MOU/A) RADIUS (Remote Authentication Dial-In User Service) Security Controls System interconnection Virtual Private Network(VPN)

QUESTIONS?