Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS4550 Security Policies and Implementation

Published byJulian Murawski Modified over 6 years ago

Similar presentations

Presentation on theme: "IS4550 Security Policies and Implementation"— Presentation transcript:

1 IS4550 Security Policies and Implementation
Unit 10 Automated Policy Compliance Systems

2 Class Agenda 8/18/16 Lesson Covers Chapter 15 Learning Objectives
9/19/2018 Class Agenda 8/18/16 Lesson Covers Chapter 15 Learning Objectives Lesson Presentation and Discussions. Assignments and Lab Activities. Break Times as per School Regulations. Exams Review. Read the text book for Exams. Exams will be held in the next class Final Group Project is due in the next class. (c) ITT Educational Services, Inc.

3 Learning Objective Describe the different issues related to defining, tracking, monitoring, reporting, automating, and configuring compliance systems and emerging technologies.

4 Key Concepts Baseline definition for information systems security
Tracking, monitoring, and reporting for information technology (IT) security baseline definition and policy compliance Automate IT security policy compliance, and policy configuration management and change control management Best practices for IT security policy compliance monitoring Differences between public and private IT security policy compliance monitoring

5 Baseline security. Baseline is used to deploy security policy settings It ensures that all affected system have the same security settings. Is the starting point and provide the basic and the minimum security. Example: Protocols, Services must be set to what will provide the minimum security. Baseline configuration could be created by imaging operating system and application..

6 Monitoring for compliance.
Baseline need to monitored to ensure compliance. Both authorized and unauthorized changes to the baseline should be tracked monitored. Method to verify changes include: Automated systems. Manual tracking and reporting Audit for compliance

7 EXPLORE: CONCEPTS

8 Automated Policy Compliance and Emerging Technologies
Have you ever made any transaction through online banking? What do you think are the benefits of making transaction through the Internet?

9 Manual vs. Automatic Monitoring and Reporting
Why do you think that an online banking system is better than traditional banking system?

10 Automated system for baseline compliance.
Software tools are used to enforce policy compliance Automated tools work by taking your security policies and procedures and implementing them into control points It can regularly query systems to verify compliance. Automated tools have scheduled ability.

11 Public and Private IT Security Policy Compliance Monitoring
Differences between Public and Private Public Regulations require reporting on a timely basis Compliance law requires specific reporting guidelines Governmental laws stipulate when reports are due Private Reporting set by owners with no set timeline Government compliance laws may not apply so reporting of that data is not required Problems often go undisclosed

12 Windows Automated tools
Microsoft Baseline Security Analyzer (MBSA) Windows Server Update Services (WSUS) System Management Server (SMS) Microsoft System Center Configuration Manager (SCCM) (Allow student should explore theses applications)

13 Other Unix and Linux automated tools.
Nessus Nmap Security Administrators Integrated and network Tools (SIANT) Symantec Altiris

14 Manual Tracking and reporting.
Manual intervention to track adherence to the policies Provides procedures and guidelines necessary for day-to-day operations Typical procedures include antivirus, password aging and log monitoring. The process is extremely hands-on Example: Someone has to intervene to correlate the data between the various control points, including antivirus programs, IDSes, firewalls and authentication systems such as Active Directory.

15 Problems of Manual Tracking for compliance
Manually monitoring for policy compliance can be quite cumbersome. Detecting this policy deviation and correcting it can be extremely time-consuming Cheaper than automated systems. Not ideal for big organization

16 EXPLORE: ROLES

17 Roles and Responsibilities
Reporting IT Management Information Security Management Auditing Risk Management Monitoring Information system (IS) Management System Administrators

18 Roles and Responsibilities (Continued)
Compliance Executive Management

19 EXPLORE: RATIONALE

20 Benefits of Automating Security Policy Compliance
Cost reductions as full time employees can be re-tasked Efficiency due to computers doing the policy compliance monitoring Better reporting functions and data capture

21 Benefits of Automating Security Policy Compliance (Continued)
Online real-time compliance reporting and monitoring Increased accuracy

22 Summary In this presentation, the following were covered:
Automated policy compliance systems and emerging technologies Difference between manual and automatic monitoring and reporting Benefits of automating security policy compliance Differences between public and private IT security policy compliance monitoring Roles and responsibilities associated with automated policy compliance systems

23 Unit 10 Assignment and Lab
Discussion 10.1 Tracking, Monitoring, and Reporting Lab 10.2 Align an IT Security Policy Framework to the 7Domains of a Typical IT Infrastructure Assignment 10.3 Automated Policy Compliance Systems

Download ppt "IS4550 Security Policies and Implementation"

Similar presentations

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Test Organization and Management

Test Organization and Management
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Module 14: Configuring Server Security Compliance

Module 14: Configuring Server Security Compliance
Access Training Linux/Unix Power Broker Access Custom Schema Database Access Customer Training Date: 25-JAN-2005.

Access Training Linux/Unix Power Broker Access Custom Schema Database Access Customer Training Date: 25-JAN-2005.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.

Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.
Module 14: Securing Windows Server 2003. Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Introduction to Microsoft Windows 2000 Security Microsoft Windows 2000 Security Services Overview Security subsystem components Local security authority.

Introduction to Microsoft Windows 2000 Security Microsoft Windows 2000 Security Services Overview Security subsystem components Local security authority.
Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.

Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.
IS3220 Information Technology Infrastructure Security

IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Similar presentations

Ads by Google