IT Incident Response www.bestitdocuments.com. The goals How to achieve this Policies Standards Architecture People Process & Technology What can we really.

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Security and Personnel
Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Information Security Policies and Standards
CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.
OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
IT Security Requirements
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Database Administration
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Chapter 10 Managing the Delivery of Information Services.
Computer Security: Principles and Practice
Stephen S. Yau CSE , Fall Security Strategies.
Certified Business Process Professional (CBPP®)
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Session 3 – Information Security Policies
Complying With The Federal Information Security Act (FISMA)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.
FORESEC Academy FORESEC Academy Security Essentials (II)
Integrity & Professional Ethics in a Climate of Change Debra J. Williams Higher Ground International 29th Annual Training Conference Equality and Diversity:
Risk Management, Assessment and Planning Committee III-4.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
OBJECT ORIENTED SYSTEM ANALYSIS AND DESIGN. COURSE OUTLINE The world of the Information Systems Analyst Approaches to System Development The Analyst as.
What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Environmental Management System Definitions
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Creating a European entity Management Architecture for eGovernment CUB - corvinus.hu Id Réka Vas
1 Policy Types l Program l Issue Specific l System l Overall l Most Generic User Policies should be publicized l Internal Operations Policies should be.
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
Practical Approaches for Engaging Youth Serving Organizations and Schools in Child Sexual Abuse Prevention.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
TMS - Cooperation partner of TÜV SÜD EFFECTIVE SERVICE MANAGEMENT based on ISO/IEC & ISO/IEC
THE SECURITY SECTOR REVIEW PROCESS. ISSUES Understanding: -Scope: What are the elements of a SS Review? -Need: Why review the Security Sector? -Process:
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Key Leader Orientation 3- Key Leader Orientation 3-1.
Week 7 Lecture Part 2 Introduction to Database Administration Samuel S. ConnSamuel S. Conn, Asst Professor.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
The NIST Special Publications for Security Management By: Waylon Coulter.
Internal Control Process at Geneseo. Objectives Understand the objectives of effective internal controls Describe Geneseo’s internal control program Accurately.
Information Security Policy Development for Management By Peter McCarthy.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Enterprise Architectures Course Code : CPIS-352 King Abdul Aziz University, Jeddah Saudi Arabia.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
 The processes used for RE vary widely depending on the application domain, the people involved and the organisation developing the requirements.  However,
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
BSA 385 Week 4 Individual Assignment Frequent Shopper Program Part 3 For the items specified in the technical architecture document developed for the Frequent.
Information Security Policy
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Managing the Delivery of Information Services
Information Systems Management
Subject Name: SOFTWARE ENGINEERING Subject Code:10IS51
Presentation transcript:

IT Incident Response

The goals How to achieve this Policies Standards Architecture People Process & Technology What can we really do Management by in Standards Guidelines & Procedures System Safeguard Security & Internet architecture What we really need

The goals Policies Standards Management by in Security Policies sets the stage for standards, guidelines and procedures Define what behavior is not allowed Communicates consensus amongst governance stakeholders Facilitates the “Good neighborly” philosophy for networking What we really need

The goals Policies Standards Management by in Security Policies must be: Implementable and enforceable Concise and ambiguous Balance protection & productivity Security Policies should: State reasons why policy is needed Describe the coverage – who, what where and how Define contacts & responsibilities Define how violations will be handled What we really need

Policy Definitions  Program Policy Used to create IT security program Sometime referred to as departmental or company security policy  Issue-Specific Policy Addresses issues of concern (what-ever)  System-Specific Policy Focuses on decisions to protect a particular system Procedures, standards, Guidelines are used to describe how policies are implemented

Tools to implement policy  Operational Standard Specify uniform use of specific technologies organization wide ID badges  Guidelines Recognize that IT systems vary and that safeguards may be implemented in many ways  Procedures Detailed steps to be followed (set-up user accounts)  Strategies Broad direction on implementation  Directions Focused implementation Instructions

Enforceability  Policies In some jurisdictions, adherence to “policy” may be the only legal enforceable document Guidelines, standards, procedures should probably have a very specific tractability reference to policy – check with legal department

IP Service Categories Business process integration Security Coordination Education & Training Prevent Assess RespondDetect IRT Securit y Cycle

SysAdmi n NetAdmin Policy IPC Legal/Policy Technical Collaboration Incident Handling – Forensic Analysis Criminal Investigation Incident Handling (Technical) User Incident Activity Hostile Benign Illegal Enterprise Wide Collaboration on Incidents Operation Collaboration Incident Handling (Operational) Incident Response Options

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.