Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing the Security Function

Published byJoshua Morrison Modified over 6 years ago

Similar presentations

Presentation on theme: "Managing the Security Function"— Presentation transcript:

1 Managing the Security Function
Chapter 11

2 Figure 11-1: Organizational Issues
Top Management Support Top-Management security awareness briefing (emphasis on brief) Corporate security policy statement: Vision, not details Follow-through when security must be upheld in conflicts Business champions to give support and business advice

3 Figure 11-1: Organizational Issues
Should You Place Security Within IT? Pros Compatible technical skills Making the CIO responsible for security breaches gives accountability Cons Difficult to blow the whistle on the IT staff Vendor preference differences with networking staff (e.g., Cisco vs Check Point)

4 Figure 11-1: Organizational Issues
Should You Place Security Within IT? Locating security outside IT Can blow the whistle on IT actions If a staff group, can only give advice

5 Figure 11-1: Organizational Issues
Security and Auditing IT Auditing has the skills to determine whether IT rules are enforced, but IT auditing does not set policy Internal Auditing also can audit IT-related procedures, but it does not make policy

6 Figure 11-1: Organizational Issues
Managed Security Service Providers (Figure 11-2) On-site logging, off-site analysis Practice-based expertise Get plenty of experience on a daily basis— like fire departments Separation of responsibilities: Can blow whistle on IT, even the CIO

7 Figure 11-1: Organizational Issues
Managed Security Service Providers (Figure 11-2) What to Outsource? Typically, intrusion detection and vulnerability assessment Rarely policy and other control practices Not commonly antivirus protection and other aspects of security, but MSSPs are expanding

8 Figure 11-1: Organizational Issues
Managed Security Service Providers (Figure 11-2) Evaluating the MSSP Diligence: Is it really reading the logs? (Contracts often are vague) Skills and background of testers

9 Figure 11-1: Organizational Issues
Security and Business Staffs Cannot Just Lob Policies Over the Wall Security and Business Partners Your Business Partner’s Security Affects You Uniformed Security Personnel They are often called first by suspicious users They support investigations

10 Figure 11-1: Organizational Issues
Staffing and Training Hiring staff: Expertise Training is necessary because few people on the market are security experts Certifications are good but vary in what they require and do not make up for lack of experience Background checks should be done on the security staff

11 Figure 11-1: Organizational Issues
Staffing and Training All workers involved in IT should have background checks, including the maintenance staff, consultants, and contractors Should you hire a hacker? They are likely to have the knowledge you need But would you be afraid to fire or lay off one?

12 Figure 11-2: Managed Security Service Provider (MSSP)
Firm MSSP 2. Encrypted & Compressed Log Data MSSP Logging Server 3. Analysis 5. Vulnerability Test Log File 4. Small Number of Alerts Security Manager

Download ppt "Managing the Security Function"

Similar presentations

Issues of collaborating in a Shibboleth FE/HE trust environment Graham Mason KC-ROLO.

Issues of collaborating in a Shibboleth FE/HE trust environment Graham Mason KC-ROLO.
CHAPTER 7 Business Management.

CHAPTER 7 Business Management.
Guide to Network Defense and Countermeasures

Guide to Network Defense and Countermeasures
Security and Personnel

Security and Personnel
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Appendix B: Designing Policies for Managing Networks.

Appendix B: Designing Policies for Managing Networks.
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Information Systems Security Officer

Information Systems Security Officer
Chapter 10 Managing the Delivery of Information Services.

Chapter 10 Managing the Delivery of Information Services.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Intro to Business Chapter 7

Intro to Business Chapter 7
Chapter 2 Strategic Training

Chapter 2 Strategic Training
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Joseph Ferracin Director IT Security Solutions Managing Security.

Joseph Ferracin Director IT Security Solutions Managing Security.
Chapter 13 Information Systems Organizations and Personnel Considerations.

Chapter 13 Information Systems Organizations and Personnel Considerations.
Introduction to Security

Introduction to Security
Should You Outsource Hardware Support? Jonathan Harber CIO, Dignity Health Arizona.

Should You Outsource Hardware Support? Jonathan Harber CIO, Dignity Health Arizona.

Similar presentations

Ads by Google