Juan Ortega 12/15/09 NTS355. Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

MSIA Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.

Security Controls – What Works

Information Security Policies and Standards

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Information Systems Security Officer

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Lecture 11 Reliability and Security in IT infrastructure.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Session 3 – Information Security Policies

Network security policy: best practices

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP.

SEC835 Database and Web application security Information Security Architecture.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,

Evolving IT Framework Standards (Compliance and IT)

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Basics of OHSAS Occupational Health & Safety Management System

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Introduction to Computer Ethics

Security Architecture

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.

INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Information Systems Security Operational Control for Information Security.

Software Project Management

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.

Alaa Mubaied Risk Management Alaa Mubaied

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

Introduction to Information Security

Chap1: Is there a Security Problem in Computing?.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

South Wales Cyber Security Cluster A networking group with a purpose Membership Open to anyone with an interest in Cyber Security.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

RISK MANAGEMENT: CONTROLLING RISK IN INFORMATION SECURITY By Collin Donaldson.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Health & Safety Management “and a few other things for your consideration”

Welcome to the ICT Department Unit 3_5 Security Policies.

For More Best A+ Tutorials CMGT 400 Entire Courses (UOP Course) CMGT 400 Week 1 DQ 1 (UOP Course)  CMGT 400 Week 1 Individual Assignments.

Information Systems Security

Security Management Practices

Introduction to the Federal Defense Acquisition Regulation

LAND RECORDS INFORMATION SYSTEMS DIVISION

Forensics Week 11.

Unit 7 – Organisational Systems Security

I have many checklists: how do I get started with cyber security?

Security Essentials for Small Businesses

Security week 1 Introductions Class website Syllabus review

Cybersecurity Threat Assessment

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

Presentation transcript:

Juan Ortega 12/15/09 NTS355

Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two holes. One flaw could let hackers execute code remotely; the other could let them send a system into a crash spiral. The exploit code has been published on the Web. No fixes contained in Microsoft's latest Patch Tuesday package, which was issued less than a week ago, targeted Windows 7. (November, 2009). Microsoft Security Advisory (977544). Retrieved December 15, 2009 from Microsoft Web site: (November, 2009). E-Commerce News: Exploits & Vulnerabilities: Microsoft Addresses Prickly of Windows 7 Flaws. Retrieved December 15, 2009 from eccomercetimes Web site:

 Zero-day exploit  The new security department will take measures to minimize the damage done to prevent downtime.  Prepare Backups  New threats will undoubtedly appear in the near future, and the security of the organization will be in jeopardy if not prepared accordantly.

 Plan and Organize  All implementations require extensive planning.  Perform risk assessment  Obtain Approval  Implement  Security Policies, procedures, standards, baselines, and guidelines.  Risk management  Security Awareness training  Physical Security  Operate and Maintain  Audits  Procedures are followed to maintained the baseline very implementation.  Monitor and Evaluate  Logs, audit results, goals, improvement. Harris, S. (February, 2009).How should a company’s security program define roles and responsibilities? Retrieved December 15, 2009 from TechTarget Web site: 00.html 00.html

 Information Assets  Databases  Data Files  Operation and support procedures  Continuity Plans  Software Assets  Application software  System software  Physical Assets  Equipment  Services  Outsourced Services  Communication services  Environmental conditions (2001). Identifying and classifying assets. Retrieved December 15, 2009 from networkmagazineindia Web site:

 Information Assets  Security Devices  Access Controls  Storage and Backups  Contingency planning/testing  Encryption  Pen Testing  Software Assets  Physical and Digital storage  Manage Licenses  Compatibility  Physical Assets  Locks  Biometrics  Security Awareness  Services  QoS set up correctly  Pay bills on time Identification and Assessment of Assets and Risks. Retrieved December 15, 2009 from sinclair Web site: _Assessment_of_Assets_and_Risks.htm _Assessment_of_Assets_and_Risks.htm

CISSP Graduate Degree Bachelors Network+ Experience Certifications Cisco Bachelors Admin Certifications Bachelors Experience Bachelors CISM, GIAC Crts. Clearance Bachelors Web Experience Bachelors Experience Bachelors Certifications Experience Bachelors Certifications Experience CEO report. Retrieved December 15, 2009 from ufl Web site:

Currently with the lack of a security department, the organization is functioning in thin ice. With security included in the infrastructure, the organization:  Will not be in fear of liability issues from collecting personal information from customers.  Be able to protect the organizations assents.  Risk management will provide mitigations to prevent the likelihood of catastrophic event, and continue the consistency of the organization.  Establish proper security policies to set the overall behavior of the organization how security will be handles.

 Where afraid the creation of a new security department will cost much more than expected, and this organization does not sure if the money is in out budget.  Having a security department will vastly expand the life span of the organization, it is not simply a nice-to-have implementation anymore. Cost is not necessarily a factor as the department will start small and expand as the budget grows.  Will security get in the way of the business? What if employees start to complain?  Security and access will balance out as security must not get in the way of business needs.  Won’t solving the recent security threat be enough?  As the business grows and becomes more well knows, the organization will endure much more frequent attacks.