Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 – Administering Security  Security Planning  Risk Analysis  Security Policies  Physical Security.

Published byNoel Horton Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 8 – Administering Security  Security Planning  Risk Analysis  Security Policies  Physical Security."— Presentation transcript:

1

2 Chapter 8 – Administering Security  Security Planning  Risk Analysis  Security Policies  Physical Security

3 Security Planning  Policy  Current state – risk analysis  Requirements  Recommended controls  Accountability  Timetable  Continuing attention

4 Security Planning - Policy  Who should be allowed access?  To what system and organizational resources should access be allowed?  What types of access should each user be allowed for each resource?

5 Security Planning - Policy  What are the organization’s goals on security?  Where does the responsibility for security lie?  What is the organization’s commitment to security?

6 OCTAVE Methodology http://www.cert.org/octave/  Identify enterprise knowledge.  Identify operational area knowledge.  Identify staff knowledge.  Establish security requirements.  Map high-priority information assests to information infrastructure.  Perform an infrastructure vulnerability evaluation.  Conduct a multidimensional risk analysis.  Develop a protection strategy.

7 Security Planning – Requirements of the TCSEC  Security Policy – must be an explicit and well- defined security policy enforced by the system.  Every subject must be uniquely and convincingly identified.  Every object must be associated with a label that indicates its security level.  The system must maintain complete, secure records of actions that affect security.  The computing system must contain mechanisms that enforce security.  The mechanisms that implement security must be protected against unauthorized change.

8 Security Planning Team Members  Computer hardware group  System administrators  Systems programmers  Application programmers  Data entry personnel  Physical security personnel  Representative users

9 Security Planning  Assuring Commitment to a Security Plan  Business Continuity Plans Assess Business ImpactAssess Business Impact Develop StrategyDevelop Strategy Develop PlanDevelop Plan  Incident Response Plans Advance PlanningAdvance Planning Response TeamResponse Team After the Incident is ResolvedAfter the Incident is Resolved

Download ppt "Chapter 8 – Administering Security  Security Planning  Risk Analysis  Security Policies  Physical Security."

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Security and Personnel

Security and Personnel
Chapter 8 – Administering Security

Chapter 8 – Administering Security
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.
Information Security Policies and Standards

Information Security Policies and Standards
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google