Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.

Slides:

Advertisements

Similar presentations

Program Management Office (PMO) Design

Advertisements

The Value of a Project Management Office Copyright: Kathy J. Lang, 2004.

Roadmap for Sourcing Decision Review Board (DRB)

Ahsan Kabir Project Manager Ahsan Kabir Project Manager ………………………….

1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.

Security Controls – What Works

Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 

APPLICATION DEVELOPMENT BY SYED ADNAN ALI.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

The Analyst as a Project Manager

ECM Project Roles and Responsibilities

CHAPTER 9 DEVELOPING BUSINESS/IT STRATEGIES. IT Planning Planning an information system doesn’t start with bits, and bytes, or a Web site. It starts with.

COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.

Mitun PatelMXP07U. Organisational structure Top management; this includes the organisation’s general manager and its executives Department managers; this.

Software Asset Management

Network security policy: best practices

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Chapter 7 Database Auditing Models

Emerging Latino Communities Initiative Webinar Series 2011 June 22, 2011 Presenter: Janet Hernandez, Capacity-Building Coordinator.

Charting a course PROCESS.

Release & Deployment ITIL Version 3

Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],

Documenting Network Design

Electronic Records Management Repository Irma Trottier – Manager, Records and Electronic Information Management Mark Southron – Team Lead, Information.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

FORESEC Academy FORESEC Academy Security Essentials (II)

OHT 25.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 The quality assurance organizational framework Top management’s quality.

Business Systems Development SDLC and introduction to the Microsoft Solutions Framework Team and Process Models.

Roles and Responsibilities

MSF Overview (Microsoft Solutions Framework) Eran Kolber Vice President – LIH Ltd Regional Director – Microsoft Product Management Advisor – MSF Development.

Basic of Project and Project Management Presentation.

1 מודל ניהול הצוותים של MSF. 2 Causes of failure  Poorly-defined objectives  Insufficient planning  Lack of executive support  Organizational barriers.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Chapter 7 Applying UML and Patterns Craig Larman

Holistic Approach to Security

Managing the Information Systems Project © Abdou Illia MIS Spring /26/2015.

NETE Computer Network Analysis and DesignSlide 1 Documenting Network Design NETE-4635 Computer Network Analysis and Design.

Microsoft Office Project 2003: Selling EPM in your Organization Matt Wilson Business Solutions Specialist LMR Solutions.

Harmonization Project FAS Meeting Harmonization project and ISSAI 200 Purpose and scope of the project The purpose is to provide a conceptual basis.

Chapter 3 Strategic Information Systems Planning.

Module 1: Introducing Windows Server 2003 Network Infrastructure Planning, Tools, and Documentation.

DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.

POLICIES = CONTROL Simply stated, a policy lays out what management wants employees to do and a procedure describes how it should be done.

PUBLIC–PRIVATE PARTNERSHIP (PPP) FRAMEWORK AND GUIDELINES Syed M. Ali Zaidi, P.Eng. PM(Stanford), Ph.D. Director, Strategic Partnerships Alberta Infrastructure.

Module 2: Designing Network Security

Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.

William Kolasky September 26, 2007 IMPLEMENTING AN EFFECTIVE ANTITRUST COMPLIANCE PROGRAM.

Module 7: Designing Security for Accounts and Services.

Chapter 3 : Designing a Consolidation Strategy MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443)

Patricia Alafaireet Patricia E. Alafaireet, PhD Director of Applied Health Informatics University of Missouri-School of Medicine Department of Health.

Module 2: IT Professionals in an Enterprise. IT Professional Roles IT Management and Processes Professional Development for IT Professionals.

Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.

© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

On completion of the scenario, students will be able to: Learning Outcomes 1 Critically analyse and prioritise information security risks. 2 Systematically.

Information Security Policy

IFS 231 Business Analysis LECTURE 2 The Business Case.

Office 365 Security Assessment Workshop

Identity and Access Management

Systems Analysis and Design in a Changing World, 4th Edition

IS4680 Security Auditing for Compliance

Module 1: Introduction to Designing Security

Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>

The ePhyto Solution A Guide to implement the ePhyto System

Project & Program Governance

IS4550 Security Policies and Implementation

Human Resource Management Functions Explained Here

IS4550 Security Policies and Implementation

IS4550 Security Policies and Implementation

Cyber security Policy development and implementation

Presentation transcript:

Module 2: Creating a Plan for Network Security

Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security Design Team

Lesson 1: Introduction to Security Policies What Are Security Policies? The Relationship Between Policies and Procedures Typical Reasons Why Security Policies Fail? Guidelines for Creating Policies and Procedures

What Are Security Policies? Security policies: Are documents Explain how an organization implements security Are documents Explain how an organization implements security Administrative Policies Technical Policies Physical Policies

The Relationship Between Policies and Procedures Policies describe what must be implemented to secure a network Procedures describe how to implement policies

Security policies often fail because they are: Typical Reasons Why Security Policies Fail Not enforced Difficult to read Difficult to find Outdated Too vague Too strict Not supported by management Not enforced Difficult to read Difficult to find Outdated Too vague Too strict Not supported by management

Guidelines for creating a security plan include: Write clear and concise policies Write simple procedures Obtain management support Ensure employees can find and refer to them easily Ensure no disruption to business processes Use technology to enforce Ensure consequence of violating policy is consistent Create incentives for following security policies Write clear and concise policies Write simple procedures Obtain management support Ensure employees can find and refer to them easily Ensure no disruption to business processes Use technology to enforce Ensure consequence of violating policy is consistent Create incentives for following security policies Guidelines for Creating Policies and Procedures

Lesson 2: Designing Security by Using a Framework What Are the Benefits of MSF When Designing a Security Plan? The Envisioning Phase for Network Security The Planning Phase for Network Security The Developing Phase for Network Security The Stabilizing Phase for Network Security The Deploying Phase for Network Security

What Are the Benefits of MSF When Designing a Security Plan? The Envisioning Phase The Planning Phase The Developing Phase The Stabilizing Phase The Deploying Phase Vision/Scope ApprovedScope CompletePlans ApprovedRelease ReadinessDeployment Complete Microsoft Solutions Framework

The Envisioning Phase for Network Security Tasks when envisioning a network security plan: Assign team members Draft and circulate a vision/scope document Assign team members Draft and circulate a vision/scope document Envision

The Planning Phase for Network Security Tasks when planning a network security plan: Create a functional specification Model threats Create a risk management plan Create a development and test environment Create a functional specification Model threats Create a risk management plan Create a development and test environment Plan Envision

The Developing Phase for Network Security Tasks when developing a network security plan: Complete a proof of concept Create internal drafts of the network security plan Complete a draft network security plan Complete a proof of concept Create internal drafts of the network security plan Complete a draft network security plan Develop Plan Envision

The Stabilizing Phase for Network Security 5 5 Tasks when stabilizing a network security plan: Complete all pre-production tests Create a release candidate network security plan Complete all pre-production tests Create a release candidate network security plan Stabilize Develop Plan Envision

The Deploying Phase for Network Security Tasks when deploying a network security plan: Train the operations team Implement the network security plan Train the operations team Implement the network security plan Envision Plan Develop Stabilize Deploy

Lesson 3: Creating a Security Design Team Core Team Members Extended Team Members Guidelines for Creating a Security Design Team

Core Team Members RoleResponsible For Product Management Developing and executing the business case Ensuring that the security design aligns with business requirements Identifying and prioritizing risks Aiding communication Program Management Driving the overall project Managing the strategic goals, budget, schedules, and resources Development Designing, building, and testing security measures Testing Piloting testing Setting metrics to ensure quality control User Experience Driving the usability requirements Designing and developing training

Extended Team Members RoleResponsible For Executive Sponsor Approving recommendations by the security design team Advocating with upper management Legal Advising the team about local, national, and international laws and liabilities Human Resources Ensuring that security policies do not conflict with employment laws Managers Enforcing security policies End Users Providing feedback about the security policies Auditors Ensuring compliance with government or industry regulations

Guidelines for creating a security design team include: Have a single executive sponsor Use an experienced program manager Involve teams that deploy and manage security Involve legal and human resources Involve managers and end users Provide clear roles and responsibilities for all members Communicate regularly and clearly Have a single executive sponsor Use an experienced program manager Involve teams that deploy and manage security Involve legal and human resources Involve managers and end users Provide clear roles and responsibilities for all members Communicate regularly and clearly Guidelines for Creating a Security Design Team

Lab: Creating a Plan for Network Security Exercise 1 Identifying Reasons Why Security Policies Fail Exercise 2 Determining the Members of a Security Design Team