1 Figure 11-7: Mobilizing Users User Training  Security Awareness  Accountability Training  Self-Defense Training Social engineering threats and correct.

Slides:



Advertisements
Similar presentations
The World of Access Controls
Advertisements

Department of Revenue Lessons for Management by Department of Revenue Internal Audit.
Secure SharePoint mobile connectivity
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Hands-On Ethical Hacking and Network Defense
Welcome to New Hire Orientation Information Security
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Computer Security: Principles and Practice
Computer Security Fundamentals
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Session 3 – Information Security Policies
Network security policy: best practices
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Computer Security: Principles and Practice
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Implementing Security Education, Training, and Awareness Programs
Chapter 4.  Can technology alone provide the best security for your organization?
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Field Level Security. Experience Kurt Quiggle: GP Solution Architect/Project Manager Microsoft Certified Trainer Worked with the Microsoft Dynamics.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Information Systems Security Operational Control for Information Security.
FLOOR CANDY.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Awicaksi E-Commerce Security & Payment System E-Commerce.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Frontline Enterprise Security
ORISE OAK RIDGE INSTITUTE FOR SCIENCE AND EDUCATION Travel Managers Meeting April 14, 2003.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
1 Managing the Security Function Chapter 11 2 Figure 11-1: Organizational Issues Top Management Support  Top-Management security awareness briefing.
1 Managing the Security Function Chapter Figure 11-1: Organizational Issues Top Management Support  Top-Management security awareness briefing.
The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick, William L. Simon, Steve Wozniak Kevin D. MitnickWilliam L. SimonSteve.
Web Security Introduction to Ethical Hacking, Ethics, and Legality.
Importance of Physical Security Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative.
Personal data protection in research projects
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Information Technology Department Technology Services Staff Independent Contractor ePaperless, LLC Information Technology Department Technology Services.
Implementing Security Education, Training, and Awareness Programs By: Joseph Flynn.
Top 10 Things to Stay Out of the News Ron Schlecht.
THE CENTRAL SECURITY PLATFORM GUARDIAN360 IS PART OF THE INTERMAX GROUP.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
DEPARTMENT OF COMPUTER SCIENCE INTRODUCTION TO CYBER AND SECURITY.
Welcome to the ICT Department Unit 3_5 Security Policies.
Deployment Planning Services
Security Standard: “reasonable security”
Team 4 – Mack, Josh, Felicia, Kevin and Walter
Responding to Intrusions
Lesson Objectives Aims You should be able to:
Recommending a Security Strategy
Fix Outlook Error Code 550 For best customer assistance related to Outlook get in touch at Outlook Customer Service Number to Fix Outlook.
Forensics Week 11.
Figure 11-5: Control Principles
Unit 4 – Impact of the use of IT on Business Systems
Managing the Security Function
Moving from “Bolt-on” to “Build-in” Security Controls
12 STEPS TO A GDPR AWARE NETWORK
Introduction to Cybercrime and Security
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Cybersecurity: Tried and True Tactics for Assessing and Managing Risks, Employee Training and Program Testing Brian Rubin, Partner, Sutherland Tee Meeks,
How it affects policies and procedures
Internal Audit Who? What? When? How? Why? In brief . . .
Presentation transcript:

1 Figure 11-7: Mobilizing Users User Training  Security Awareness  Accountability Training  Self-Defense Training Social engineering threats and correct responses Make users early warning scouts who know whom to inform if breach suspected In general, mobilize as partners

2 Figure 11-7: Mobilizing Users Authentication  Nontechnical Problems in Providing Access Permissions Who may submit people for usernames and passwords? Limit it Human resources know when people are hired and fired

3 Figure 11-7: Mobilizing Users Authentication  Nontechnical Problems in Providing Access Permissions But on specific servers, many people might submit needs to sys admin  Project managers for projects on the server  For many people: Individual employees, contractors, consultants, temp hires

4 Figure 11-7: Mobilizing Users Authentication  Terminating Authentication Credentials People often do not have their permissions terminated when they no longer need them Person who requests their permissions should have to periodically review them for continuation

5 Figure 11-8: Vulnerability Testing Vulnerability Testing Technology  Using Attacker Technology Designed to do damage  Using Commercial Vulnerability Testing Tools Not as up-to-date as attacker tools Less likely to do damage as side effect Focus on reporting

6 Figure 11-8: Vulnerability Testing Vulnerability Testing Technology  Reporting and Follow-Up Tools Reports should clearly list vulnerabilities and suggested fixes Follow-up report should document which vulnerabilities fixed, not fixed

7 Figure 11-8: Vulnerability Testing Vulnerability Testing Contracts  Need a contract before the testing begins to cover everyone involved  What Will Be Tested: Specifics  How It Will Be Tested: Specifics  Hold Blameless for Side Effects

8 Figure 11-8: Vulnerability Testing Reducing False Positives with Tuning  Avoid meaningless tests, for instance, Apache threat on Microsoft Windows Server

9 Figure 11-8: Vulnerability Testing Who Should Do Vulnerability Testing?  Outside Firms Expertise Use of reformed hackers?  The IT or Security Department Has good knowledge of internal systems If IT staff is the attacker, can hide wrongdoing

10 Figure 11-8: Vulnerability Testing Who Should Do Vulnerability Testing?  IT Auditing Departments Trained to audit whether standards and procedures are being followed Have to upgrade their specific vulnerability testing skills  ================================== Art of Deception by Kevin Mitnick

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.