Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

POSSIBLE THREATS TO DATA
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Crime and Security in the Networked Economy Part 4.
Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.
The Islamic University of Gaza
Security Controls – What Works
Security+ Guide to Network Security Fundamentals
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice
Concepts of Database Management Seventh Edition
Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
®® Microsoft Windows 7 for Power Users Tutorial 10 Backing Up and Restoring Files.
Session 3 – Information Security Policies
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices
IT Service Delivery And Support Week Five IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA CISA CISSP) 1.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
Session 16: Distribution of Geospatial Data 1 Distribution of Geospatial Data in the Public Environment Hazard Mapping and Modeling.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Disaster Recovery Strategies & criteria for evaluation of information management strategies.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.
David N. Wozei Systems Administrator, IT Auditor.
Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.
Concepts of Database Management Eighth Edition
Information Collection, Storage and Sharing. The use of computers have made it easier than before, to collect, store and share large amounts of information.
Information Systems Security Operational Control for Information Security.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Information Systems Security Operations Security Domain #9.
Chapter 8 Computers and Society, Security, Privacy, and Ethics
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
Business Data Communications, Fourth Edition Chapter 11: Network Management.
SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
Chapter 2 Securing Network Server and User Workstations.
Network Security & Accounting
Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.
Chap1: Is there a Security Problem in Computing?.
Security fundamentals Topic 12 Maintaining organisational security.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.
Network management Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance,
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
Information Security Crisis Management Daryl Goodwin.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Information Security Management Goes Global
Information Systems Security
INFORMATION SYSTEMS SECURITY AND CONTROL.
CompTIA Security+ Study Guide (SY0-401)
Working at a Small-to-Medium Business or ISP – Chapter 8
CompTIA Security+ Study Guide (SY0-501)
Network management system
INFORMATION SYSTEMS SECURITY and CONTROL
Presentation transcript:

Asset & Security Management Chapter 9

IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset life cycle, from initial ordering or purchase to retirement and disposal. Asset management provides IT department with the information to efficiently manage and leverage assets for increased productivity and reduced cost of ownership.

Assets include… Hardware Software Proprietary data Backups and archives Manuals, guides and books Printouts Audit records Distribution media for licensed software Warranties and maintenance records.

Organisational benefits… Helpdesk can view configurations, service history & track problems Facilities manager know where the assets are located Service manager has easy access to warranty and maintenance records Network manager sees network configuration in detail Accounting has value of assets & tracks technology investment

Organisational benefits… Purchasing manager views costs and orders across the organisation Financial manager can view the entire inventory and determine how to get the best return on technology investment System manager can see lease and maintenance status and can efficiently plan upgrades Software manager can view licensing information IT manager can discover ways of optimising IT resources across the organisation

Challenges… Constant change Non-standard environment Mobile devices

Collecting information… First step is to compile an inventory of all technology assets – Auto discovery tools gather data about technology assets via the network

Asset tracking information – User contact information – Hardware configuration – System software configuration – Serial number – Warranty information – Network wall jack and port numbers – Physical location – Asset identification tag umbers – Troubleshooting and service histories

Helpdesk benefit Availability of configuration Information Accuracy of information Prevention of widespread problems Remote diagnosis of problems Detection of unauthorised software Tracking of software usage Determination of Total cost of ownership Implementation of Change Requests Tracking of warranty and maintenance information

Question Is an asset management system a replacement for an existing helpdesk information system?

Computer Security

Is the process of planning, implementing and verifying the protection of an organisation's computer-related assets from internal and external threats.

Measures Passwords, locks, file protections and encryption to keep intruders out Log files and system alerts to warn of unauthorised entry Backups, uninterruptable power supplies and mirrored disk images to repair or replace items after damage Security policies to handle violations that do occur

Physical security Protection of building sites & equipment from theft, vandalism, natural disasters, manmade catastrophes and accidental damage.

Security Threats Natural disaster Utility outage Hackers Viruses Theft of assets Political terrorism Subversive employees or contractors System configuration changes Bugs in software

Security Process Stages 1.Identifying assets 2.Assessing risk 3.Preparing 4.Monitoring 5.Responding

1. Identifying Assets Before assets can be protected, they must be identified.

2. Assessing security needs & risks Determine the risk level of the organisations technology assets – Physical security – Computer/data centre – Data security – Data classification – Data access privileges – Social engineering

3. Preparing for Security Violations A well written, comprehensive security policy is the foundation for a secure computing environment. Must state – Purpose – Scope – Terms – Rights of users – Delegate responsibilities & action – Reference related documents

Example Information Security Policy guidelines/information-security-policy guidelines/information-security-policy

4. Monitoring An intrusion detection system (IDS) e.g., a sniffer, inspects all inbound & outbound network activity & identifies suspicious activity

5. Responding to Incidents Incidents will occur Incident handling demands the ability to quickly and efficiently react to disruptions There should be a written procedure to be followed in the event of a violation or attack A disaster recovery plan must be in place and practiced

Backups The activity of copying files to another medium so that they will be preserved in case the originals are no longer available.

Backup Methods Full backup – All files are backed up. Most complete and most time consuming. Incremental – Only files that have changed since the last backup are backed up. Least time consuming to backup but most time consuming to restore. Differential – Only files that have changed since the last full backup are backed up. Daily copy – Only files that were changed on that day are backed up Copy – Backing up of only selected files.