Presentation is loading. Please wait.

Presentation is loading. Please wait.

JCC Elementary System/Application Domain

Published byLorena Shields Modified over 6 years ago

Similar presentations

Presentation on theme: "JCC Elementary System/Application Domain"— Presentation transcript:

1 JCC Elementary System/Application Domain
silver consulting JCC Elementary System/Application Domain Alex Wehn Jacklyn Truong Nick Poczynek silver consulting

2 System/Application Domain
Consists of mission-critical systems, applications, and data Common threat targets Desktop OSs Server and Network OSs applications and servers Enterprise Resource Planning applications and systems Web browsers Define silver consulting

3 Common Vulnerabilities
Unauthorized physical or logical access to resources Weaknesses in server operating system or application software Data loss from errors, failures, or disasters Threat types Denial or destruction Alteration Disclosure silver consulting

4 Unauthorized Physical Access
Gaining access to a physical entity or area without permission from an administrative figure Computer rooms Data centers Wiring closets Physical data in transit Describe what physical access is Give examples Explain why it’s bad and why people should be concerned Prevention silver consulting

5 Unauthorized Physical Access
Examples Poor security Unlocked doors Unguarded areas No badge access required Carelessness Social engineering Impersonation to gain access Impersonation to gain access to someone/something with authorized access silver consulting

6 Unauthorized Physical Access
Why is it bad? Sensitive systems could be destroyed Sensitive data stored on these systems could be stolen, altered, or destroyed silver consulting

7 Unauthorized Physical Access
Mitigation Policies Escort all guests Standards Secure areas containing sensitive systems Lock doors Security guard assigned to each secured area Procedures RFID badge access to secure areas Check-in with valid ID badge Guidelines Report suspicious activities Lock drawers before leaving your desk silver consulting

8 Unauthorized Logical Access
Gaining access to data without permission from an administrative figure Human resources and payroll Accounting and financial Student and parent information Medical Grades Private information Describe logical access is Give examples Explain why it’s bad and why people should be concerned Prevention silver consulting

9 Unauthorized Logical Access
Examples Individuals have access to information unnecessary for their position in the workplace Non-payroll staff has access to all private employee information Attacker gains access to systems Obtains unencrypted financial information silver consulting

10 Unauthorized Logical Access
Why is it bad? Staff with access to unnecessary data could accidently alter or destroy said data Attackers can destroy, alter, and/or disclose information if they can gain access to our systems Deny access to important information silver consulting

11 Unauthorized Logical Access
Mitigation Encryption Classify data and roles Certain roles are allowed to access only certain data Second-level authentication Data handling standards Do not store sensitive information on a personal thumb drive Encrypt s Do not unnecessarily disclose information silver consulting

12 Software Vulnerabilities
A flaw that exists in the programming of a software component or system that allows a malicious attacker to gain unauthorized access to that system through an exploit. Malware is malicious software that is capable of taking advantages of flaws in software and/or users in order compromise a software application. Define weaknesses in application software Give examples Explain why it’s bad Prevention silver consulting

13 Software Vulnerabilities
Vulnerabilities are often found in commonly used software: Adobe Reader Adobe Flash Oracle Java Microsoft Office Microsoft Windows Software built in-house is not immune to vulnerabilities. silver consulting

14 Software Vulnerabilities
Why is it bad? Gives attackers an entry point into your system Many remain undetected until they are actively exploited Sometimes user awareness isn't good enough Can be less targeted than other types of attacks silver consulting

15 Software Vulnerabilities
Mitigation User Awareness System Administrator Awareness Software Updates Good Security Policy Antivirus Software silver consulting

16 Server Vulnerabilities
Server Vulnerabilities are vulnerabilities that occur in software that exists on a server, rather than a user workstation Server vulnerabilities may be similar to software vulnerabilities, but server vulnerabilities will require little to no user intervention to be exploited. Define weaknesses in server operating system Give examples Explain why it’s bad Prevention silver consulting

17 Server Vulnerabilities
Examples Server Operating System Vulnerabilities Server Software Vulnerabilities Service Software (FTP, Apache, PHP .NET) Additional Software Vulnerabilities Security Software Vulnerabilities (Firewalls, Antivirus) silver consulting

18 Server Vulnerabilities
Why is it bad? Servers will generally have more access to sensitive information, therefore the impact of server vulnerabilities is much higher Servers are not as carefully monitored as user workstations, allowing suspicious behavior to go unnoticed for extended periods of time Many servers have services that are intentionally exposed to the internet, making them much easier to attack. silver consulting

19 Server Vulnerabilities
Mitigation Plan Configure Careful/Minimal System Configuration Maintain Software Updates Monitor for suspicious behavior Improve Security Policy silver consulting

20 Data Loss What is "data"? We deal with important data every day
s Grades Calendars and event schedules Payroll and employee records Curriculum We deal with important data every day Teachers - imagine losing all of your course materials Loss of data is one of computing's biggest threats Define data and the risks of losing data Give examples Explain why it’s bad Prevention silver consulting

21 Data Loss How do we prevent data loss? Backups silver
"A copy of a file or directory stored on a separate device" Must be performed frequently to be more useful Backups should be physically separated silver consulting

22 Data Loss There are three main types of backups: Full Differential
Performed least often Bit-for-bit replica of a disk or partition Differential Stores all data that has changed since the last full backup If differential backups become large, a new full image is needed Incremental Backs up new or modified files Fast, provides a comprehensive revision history silver consulting

23 Data Loss Common Backup Mistakes Backups should be verified
What happens if you restore data from a backup that was corrupted? Not separating applications and data System images should be available in case you need to reinstall your OS and applications User data can then be grabbed as needed Some data is more static than other data Performing backups infrequently If your most recent backup was over a week ago, what would you lose? silver consulting

24 Data Loss Common Vulnerabilities Hardware failure Natural disasters
When computer systems fail, we rely on backups and redundancy Natural disasters Our backups need to be physically separated to avoid complete data loss by fires and natural disasters System errors System crashes can occur during data transfers silver consulting

25 Data Loss Working at a school presents additional data-related concerns FERPA Academic records are closely controlled under federal law Negligence in protecting this data presents legal issues HIPAA We may be required to store and protect health information for students, faculty, and staff silver consulting

26 Data Loss Be prepared Business Continuity Plan (BCP)
Conduct a business impact analysis to decide which computer uses are most important Determine how long it will take to recover and make these uses available (RTO) Prepare the BCP to focus on the most important uses for work to continue Disaster Recovery Plan (DRP) Prepare DRP based on BCP Start DRP for most important systems first Organize a DRP team and remote data center silver consulting

27 Data Loss Be aware of backup procedures and policies
After a certain period, backups must be transferred to a more permanent storage format silver consulting

28 Data Loss How is data recovered?
A data recovery policy is put in place An electronic form is available to document the incident The help desk creates a ticket and gathers required information The requested data is accessed from the archives If recovery is successfully, it must be delivered Can be transferred to requested disk location or ed silver consulting

29 Data Loss Data recovery, cont.
Keep in mind that recovery speed may vary based on the age of the requested file Recovery from older tape archives can take a long time Recovery from yesterday’s incremental backup can be almost immediate silver consulting

30 Reducing Risks Physically secure areas containing sensitive systems
Implement encryption and data handling standards Minimize data access Backup data Develop a BCP and DRP Be aware of all applications on the network Plan, configure, maintain, and improve network servers Develop and implement standards Read and understand your provided Acceptable Use Policy silver consulting

31 What if I Need Help? Call the Help Desk!
Report suspected IT policy violations to your supervisors For help with production systems and uses Contact the Director of System and Applications or the Director of Software Development For help with system/application domain security policies, standards, procedures, and guidelines Contact the Director of IT Security

32 Questions? silver consulting

Download ppt "JCC Elementary System/Application Domain"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.

Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
Separate Domains of IT Infrastructure

Separate Domains of IT Infrastructure
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Microsoft Technology Associate

Microsoft Technology Associate
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Chapter Fourteen Windows XP Professional Fault Tolerance.

Chapter Fourteen Windows XP Professional Fault Tolerance.

Similar presentations

Ads by Google