C HAPTER 4 A UTHENTICATION POLICY C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES © Routledge.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
C HAPTER 3 A CCEPTABLE U SE P OLICY C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES © Routledge.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 10 Privacy Policy © Routledge Richard.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 12 Electronic Bullying © Routledge.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 6 Access Policy © Routledge Richard.
Information Security Policies and Standards
Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
Lesson 19: Configuring Windows Firewall
1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >
INTERNET and CODE OF CONDUCT
Session 3 – Information Security Policies
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Network security policy: best practices
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 2 Total Cost of Ownership © Routledge.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
SEC835 Database and Web application security Information Security Architecture.
HIPAA PRIVACY AND SECURITY AWARENESS.
SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.
Joseph Kummer Terri Berry Brad White.  1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 13 Electronic Sexual Harassment.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Today’s Lecture Covers < Chapter 6 - IS Security
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 7 Auditing Policy © Routledge Richard.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Protecting Students on the School Computer Network Enfield High School.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 9 Analysis Policy © Routledge Richard.
Dimeji Ogunshola 10b  There are many threats to your computer system. The computer threats can be mainly transferred through unknown s or accidental.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 1: Introduction © Routledge Richard.
Essential Components: Acceptable Use Policy Presenter: John Mendes.
Engineering Essential Characteristics Security Engineering Process Overview.
Safeguarding your Business Assets through Understanding of the Win32 API.
Security in ERP Systems By Jason Rhodewalt & Marcel Gibson.
Chapter 3: Authentication, Authorization, and Accounting
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 8 Physical Policy © Routledge Richard.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Team 1 – Incident Response
Secure Software Confidentiality Integrity Data Security Authentication
LAND RECORDS INFORMATION SYSTEMS DIVISION
Tips to Download or Install Norton Security to Computer Device.
Security of a Local Area Network
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Enterprise Single Sign-On
Lecture 1: Foundation of Network Security
Chapter 28: User Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Test 3 review FTP & Cybersecurity
Mohammad Alauthman Computer Security Mohammad Alauthman
Preventing Privilege Escalation
Session 1 – Introduction to Information Security
Protecting Student Data
Presentation transcript:

C HAPTER 4 A UTHENTICATION POLICY C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES © Routledge Richard Phillips and Rayton R. Sianjina

A UTHENTICATION P OLICY Authorization, identification, and authentication control ensures that only known users make use of information systems. Information systems could be accessed illicitly and the security of those information systems would be compromised. © Routledge

A UTHENTICATION P OLICY Ensure that only authorized users have access to specific computers. (Authorization, Identification, and Authentication Policy Template, 2011) © Routledge

A UTHENTICATION P OLICY Organization only allows access to certain users based on privileged information Organization protected from unauthorized access by establishing requirements for the authorization and management of user accounts, providing user authentication, and implementing access controls (Kobus 2007) © Routledge

A UTHENTICATION P OLICY Information will be managed and controlled through discretion access controls, identification and authentication, and audit trails. (Kobus, 2007) © Routledge

A UTHENTICATION P OLICY Confidential information includes: a username a password an answer to a pre-arranged security question the confirmation of the owner’s address. (Authorization, Identification, and Authentication Policy Template, 2011) © Routledge

A UTHENTICATION P OLICY Employees and customers confidential information on file within their system. Every effort is made to avoid outside parties gaining access or breaching security. Otherwise any known or unknown information exploited shall be perceived as a security incident. © Routledge

A UTHENTICATION P OLICY Organizations handle the situation in accordance with established incident reporting guidelines and appropriate human resource policies and procedures. (Kobus, 2007) © Routledge

A UTHENTICATION P OLICY In some cases the authentication causes a pop-up window to appear to make sure that the end-user is legitimate. Can identify the user based on source IP (Internet protocol) address or identify the user according to credentials, by challenging the user to send the credentials. If user is already authenticated in the network, the end-user’s browser will automatically send the required credentials to the system. (Authorization, Identification, and Authentication Policy Template, 2007) © Routledge

A UTHENTICATION P OLICY The authentication is used when the user/domain information is obtained and validated. A dedicated authentication device has three main benefits: performance, security, and high availability (User Identification and Authentication, 2007). © Routledge

C ONCLUSION Policy implementation should be based upon the use of management-approved security standards, procedures, and organizational best practices. © Routledge