Lecture 17 Page 1 CS 236 Online Prolog to Lecture 17 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Slides:



Advertisements
Similar presentations
Engaging with Small Business Lessons learnt so far from the ATO trials and other forums and activities. Presentation to The Tax Commissioner’s Small Business.
Advertisements

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
Copyright © Allyn & Bacon (2007) Single-Variable, Independent-Groups Designs Graziano and Raulin Research Methods: Chapter 10 This multimedia product and.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
PPA 502 – Program Evaluation Lecture 5b – Collecting Data from Agency Records.
Psych 231: Research Methods in Psychology
 Running is something we all do, but the kids do it much more than the adults, and many of them are quite good at it! Doing.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Shoot For The Stars By Getting Yourself Into The Workforce!! Presented By Jeremiah Swisher.
Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Introduction (Based on Lecture slides by J. H. Wang)
Decision Making.
Lecture 10 Page 1 CS 236 Online Prolog to Lecture 10 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Yoshives Belizaire 5/2/12 E-Commerce. Introduction My E-Commerce initiative I intend to make a service were you can listen and download all type of music.
Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
VULNERABILITY ASSESSMENT FOR THE POLICE DEPARTMENT’S NETWORK.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
CSCD 330 Network Programming Fall/Winter/Spring 2014 Lecture 1 - Course Details.
Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
SurveyMonkey.com What is it good for? A teacher’s critique.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Market Planning – Internal Analysis #1
Lecture 5 Page 1 CS 111 Online Processes CS 111 On-Line MS Program Operating Systems Peter Reiher.
Comparing Management-Based Regulation and Prescriptive Legislation: How to Improve Information Security Through Regulation (a.k.a., “The Efficacy of Cybersecurity.
Lecture 15 Page 1 CS 236 Online Prolog to Lecture 15 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Establishing Healthy Financial Habits Personal Finance.
Lecture 2 Page 1 CS 236 Online Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
After Action Reviews (AAR) Key Points. An After Action Review (AAR)…  Is a dynamic and honest discussion soon after an event  Requires active participation.
CSCD 330 Network Programming Winter 2015 Lecture 1 - Course Details.
To keep us up to date To help fundraise and raise awareness Spread feel good stories Learn from others Debate, discuss and share ideas.
Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.
Lecture 3 Page 1 CS 236 Online Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Social impacts of IT By Lewis dancocks. Social impacts Due to IT people around the world can commutate with each other anywhere at any time, this is due.
Lecture 19 Page 1 CS 236 Online Prolog to Lecture 19 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 8 Page 1 CS 236 Online Prolog to Lecture 8 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
1 Netprog Course Information Network Programming Instructor: Dave Hollinger Home Page:
How do I share my opinion through an essay?. In this lesson, you will learn how to develop a thesis statement by checking to make sure you have strong.
Lecture 10 Page 1 CS 111 Online Memory Management CS 111 On-Line MS Program Operating Systems Peter Reiher.
PROBLEM SOLVING. STEPS IN PROBLEM SOLVING  Problem Definition.  Problem Analysis.  Generating possible Solutions.  Analyzing the Solutions.  Evaluation:
Lecture 18 Page 1 CS 236 Online Prolog to Lecture 18 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Strategies for Generating Topics/Questions If you are researching a topic on which you already have definite opinions, you may have a thesis in mind before.
WYRE FOREST COMMUNITY AMBASSADORS 1. WYRE FOREST COMMUNITY AMBASSADORS 2.
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Outline Basic concepts in computer security
DDoS In the Real World Do DDoS attacks really happen?
Android Access Control
Secure Software and the Law
E 96 Introduction to Engineering Design Peter Reiher UCLA
DDoS In the Real World Do DDoS attacks really happen?
Single-Variable, Independent-Groups Designs
Research Methods Lesson 2 Validity.
2 independent Groups Graziano & Raulin (1997).
Designing with ADA Standards
Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
7X Thursday Passing Laws and Different Levels of Government
To keep us up to date To help fundraise and raise awareness Spread feel good stories Learn from others Debate, discuss and share ideas.
Marketing Name _____________________ 5.2 Questions
To keep us up to date To help fundraise and raise awareness Spread feel good stories Learn from others Debate, discuss and share ideas.
Mandatory Access Control and the Real World
Credit History and Equal Opportunity
Android Access Control
Presentation transcript:

Lecture 17 Page 1 CS 236 Online Prolog to Lecture 17 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Lecture 17 Page 2 CS 236 Online Security Evaluations and the US Government The US government runs lots of computers and networks It’s a big, obvious target –And does get attacked a lot We obviously want its systems to be secure How to evaluate their system security?

Lecture 17 Page 3 CS 236 Online Something That Didn’t Work FISMA (Federal Information Security Management Act of 2002) Result of law intended to improve security of government systems –Passed in 2002 Required NIST to set standards Other gov’t agencies needed to document what they did to meet them

Lecture 17 Page 4 CS 236 Online What Happened With FISMA Turned into an exercise in generating reports All agencies had to do was write lengthy reports Small companies went into business writing the reports But most government systems’ security was not actually improved

Lecture 17 Page 5 CS 236 Online What’s the Lesson For Us? Not just that government tends to useless bureaucracy Rather, be sure to ask for the right thing from security reviews What you really want is to know whether you’re secure And what to do to become more so

Lecture 17 Page 6 CS 236 Online What Was the Problem With FISMA? Did not force agencies to actually improve security –You just had to write reports Did not focus on practical methods of improving security Did not take into account dynamic and changing nature of threats

Lecture 17 Page 7 CS 236 Online How Can You Do Better? If you’re involved in a security evaluation, keep your eye on the ball Look at things that strongly affect real security –In ways relevant to your situation Consider the real threats you’re facing Think about and report on where the system needs to be improved

Lecture 17 Page 8 CS 236 Online The New Government Approach FISMA 2.0 Moving through US legislature (2010) Intended to place more emphasis on actually securing systems –Automated security reporting –Mandating security requirements in contracts –Legislates federal CTO