Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Fundamentals

Published byHolly Morrison Modified over 6 years ago

Similar presentations

Presentation on theme: "Computer Security Fundamentals"— Presentation transcript:

1 Computer Security Fundamentals
by Chuck Easttom Chapter 10 Security Policies

2 Chapter 10 Objectives Recognize the importance of security policies
Understand the various policies and the rationale for them Know what elements go into good policies Create policies for network administration Evaluate and improve existing policies Explain what cyber terrorism is and how it has been used in some actual cases. Understand the basics of information warfare. Have a working knowledge of some plausible cyber terrorism scenarios. Have an appreciation for the dangers posed by cyber terrorism. © 2016 Pearson, Inc Chapter 10 Computer Security Policies

3 Introduction Technology by itself cannot solve all network security problems. Cyber terrorism, according to the definition of the FBI: Premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents. Typically, loss of life in a cyber attack would be less than in a bombing attack. © 2016 Pearson, Inc Chapter 10 Computer Security Policies

4 Introduction (cont.) Virus software won't prevent a user from manually opening an attachment and releasing a virus. A technologically secured network is still vulnerable if former employees (perhaps some unhappy with the company) still have working passwords. Or if passwords are simply put on Post-it notes on computer monitors. A server is not secure if it is in a room that nearly everyone in the company has access to. Your network is not secure if end users are vulnerable to social engineering. All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc Chapter 10 Computer Security Policies

5 What Is a Policy? A security policy is a document that defines how an organization deals with some aspect of security. There can be policies regarding end-user behavior, IT response to incidents, or policies for specific issues and incidents. All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc Chapter 10 Computer Security Policies

6 Defining User Policies
Passwords Internet use attachments Installing/uninstalling software Instant messaging Desktop configuration All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc Chapter 10 Computer Security Policies

7 System Admin Policies New Employees Departing Employees Change Control
Access Control All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc Chapter 10 Computer Security Policies

8 Other Issues Bring Your Own Device
A major concern in the modern network New Employees Departing Employees Bring your own device (BYOD) has become a significant issue for most organizations. Most, if not all, of your employees will have their own smart phones, tablets, smart watches, and Fitbits that they will carry with them into the workplace. When they connect to your wireless network, this introduces a host of new security concerns. You have no idea what networks that device previously connected to, what software was installed on them, or what data might be exfiltrated by these personal devices. © 2016 Pearson, Inc Chapter 10 Computer Security Policies

9 Change Management RFC CAB Follow-up
© 2016 Pearson, Inc Chapter 10 Computer Security Policies

10 Software Development Policies
Security standards Testing © 2016 Pearson, Inc Chapter 10 Computer Security Policies

11 Incident Response Policies
Handling viruses Dealing with breaches All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc Chapter 10 Computer Security Policies

12 Data Classification Public Secure
© 2016 Pearson, Inc Chapter 10 Computer Security Policies

13 BCP and DRP DRP BCP BIA © 2016 Pearson, Inc Chapter 10 Computer Security Policies

14 Fault Tolerance Backups RAID Full: All changes
Differential: All changes since last full backup Incremental: All changes since last backup of any type RAID © 2016 Pearson, Inc Chapter 10 Computer Security Policies

15 Relevant Laws & Regulations
HIPAA Sarbanes-Oxley PCI © 2016 Pearson, Inc Chapter 10 Computer Security Policies

16 Summary In this chapter, you learned the technology is not enough to ensure a secure network. You must have clear and specific policies detailing procedures on your network. Those policies must cover employee computer resource use, new employees, outgoing employees, access rights, how to respond to an emergency, and even how secure code in applications and websites is. User policies must cover all aspects of how the user is expected to use company technology. In some cases, such as instant messaging and web use, policies may be difficult to enforce, but that does not change that they must still be in place. If your user policies fail to cover a particular area of technology use, then you will have difficulty taking any action against any employee who performs that particular misuse. © 2016 Pearson, Inc Chapter 10 Computer Security Policies

Download ppt "Computer Security Fundamentals"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Computer Security Fundamentals by Chuck Easttom Chapter 3 Cyber Stalking, Fraud, and Abuse.

Computer Security Fundamentals by Chuck Easttom Chapter 3 Cyber Stalking, Fraud, and Abuse.
An Introduction to System Administration Chapter 1.

An Introduction to System Administration Chapter 1.
Security Controls – What Works

Security Controls – What Works
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Information Security Policies and Standards

Information Security Policies and Standards
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Computer Security Fundamentals

Computer Security Fundamentals
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
CYBER TERRORISM BY: ASHLEIGH AUSTIN AND HUNTER BURKETT.

CYBER TERRORISM BY: ASHLEIGH AUSTIN AND HUNTER BURKETT.

Similar presentations

Ads by Google