Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.

Published byChristiana Gregory Modified over 8 years ago

Similar presentations

Presentation on theme: "SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk."— Presentation transcript:

1 SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk

2 CorporationCorporation Protections needed against attacks, such as: Why Is Security so Important? Key Compromise (prevented by dynamic keys) Key Compromise (prevented by dynamic keys) Data Integrity Attacks (prevented by stronger security like IPSec) Data Integrity Attacks (prevented by stronger security like IPSec) Data Confidentiality Attacks (prevented by higher encryption levels) Data Confidentiality Attacks (prevented by higher encryption levels) Man-in-the-middle Attacks (prevented by mutual authentication) Man-in-the-middle Attacks (prevented by mutual authentication) Brute Force Attacks (prevented by complex encryption algorithms) Brute Force Attacks (prevented by complex encryption algorithms) Hardware Theft (prevented by user authentication, vs. device) Hardware Theft (prevented by user authentication, vs. device)

3 Security Requirements and Management: Outline:Outline: 1.Security Mgmt framework 2.Identity and Access Mgmt. 2.Threat Mgmt. 3.Security resource Information Mgmt. 4.Fire Walls 5.Risk Assessment

4 Security Management Framework : Define Policy Define Scope Assess risks Manage Risks Select Controls Statement of applicability Information assets Results and conclusions Control options Selected controls Threats, Vulnerabilities, Impacts, Approach, Assurance required AS/NZS 4444, Additional controls Documented outcomes

5 Access Control Management:

6 Threat Management: Identify Threats Establish Information System Controls Perform Regular Audits of Information System Human Error Computer Abuse and Crime Natural and Political Disasters Hardware and Software Failures Ensure Security, Privacy and Confidentiality through: General Controls Application Controls Check Effectiveness and Efficiency Of System Controls with: Financial Audits Operational Audits Source: Zwass, p. 517

7 Security Resource Management:

8 Firewalls: 1. Application gateways: Filters packets on application data as well as on IP/TCP/UDP fields.Filters packets on application data as well as on IP/TCP/UDP fields. host-to-gateway telnet session gateway-to-remote host telnet session application gateway router and filter 2. Packet Filtering: Internal network is connected to Internet through a router. Router manufacturer provides options for filtering packets, based on: source IP address destination IP address TCP/UDP source and destination port numbers ICMP message type TCP SYN and ACK bits Two firewall types: 1. packet filter 2. application gateways

9 Risk Assessment Process Flow:

10 Attack Sophistication vs Intruder Technical Knowledge

11 Conclusion: The art of Security Management requires attention to the smallest detail while never losing sight of the big picture.

Download ppt "SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.

Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Similar presentations

Ads by Google