Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security week 1 Introductions Class website Syllabus review

Published byMargarethe Kneller Modified over 5 years ago

Similar presentations

Presentation on theme: "Security week 1 Introductions Class website Syllabus review"— Presentation transcript:

1 Security week 1 Introductions Class website Syllabus review
Course outline Homework Security overview Scenario – evaluating two attacks Packet Tracer scenario

2 Network Security Organizations
CERT - CERT Coordination Center (CERT/CC) CERT is chartered to work with the internet community in detecting and resolving computer security incidents, as well as taking steps to prevent future incidents. Part of US-CERT. US-CERT - Computer Emergency Readiness Team. Established in 2003 to protect the nation's Internet infrastructure. Coordinates defense against and responses to cyber attacks. IETF - Internet Engineering Task Force Open international community of network designers, operators, vendors, and researchers concerned with the evolution and operation of the Internet. SANS - SysAdmin, Audit, Network, Security Source for information security, training and certification

3 Security Certifications
International Information Systems Security Certification Consortium (ISC)2 CISSP - Certified Information System Security Professional SSCP - Systems Security Certified Practitioner CheckPoint CCSA - Check Point Certified Security Administrator CCSE - Check Point Certified Security Engineer Cisco CCNA Security  CCNP Security  CCIE Security  Comptia Security+

4 Security Regulations HIPAA (Health Insurance Portability & Accountability Act of 1996) Improved efficiency in healthcare delivery by standardizing electronic data interchange, and Protection of confidentiality and security of health data through setting and enforcing standards.

5 The Security Process Identify and assess assets
Identify and assess threats and risks Create security policy Design network security implementation Test security design- modify as appropriate Implement security design Educate users Monitor per security policy Test, re-evaluate and modify periodically Handle incidents, modify security implementation/policy as appropriate, document

6 What are your assets/items that need to be protected?
Exercise - In groups, see how many assets/items you can identify that warrant protection by IS.

7 Some Network Assets Cabling/wireless - bandwidth Patch panels Switches
Routers Firewalls Servers and workstations- cpu, memory and hard disks Network services - WEB, FTP, , application, database Data Personnel - time, productivity Business assets - Reputation, good will, secrets Other?

8 How do you assess risk? Risk= cost of loss x level of threat
Example – customer data base If unavailable for a while If irretrievably lost If improperly modified If acquired by a competitor

9 How do you evaluate threat?
By type of threat Human conduct Intentional – Damaging, stealing, exploring Negligent, inadvertent Events – disasters, etc Device failures By source of threat Internal v external

10 How do you invoke security?
Fault tolerance/redundancy/high availability Protective procedures - testing security, backups, monitoring Protective policies (acceptable use, saving procedures) Physical security Protective software (anti-virus) Protective configurations (strong passwords) Protective implementations - using encryption, VPNs, certificates Protective devices – firewalls, routers, switches, etc User education Other?

11 Evaluating two attacks on the United States
Russian election interference – 2016 Pearl Harbor – December 7, 1941

12 Exercise – List United States assets

13 Exercise – Evaluate damage to US assets from each attack

Download ppt "Security week 1 Introductions Class website Syllabus review"

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.

MSIA Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Security Certification

Security Certification
Network security policy: best practices

Network security policy: best practices
UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds,

UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT Introduction to Network Security Instructor – Jan McDanolds,
The Top Ten of Security. Ten best practices for securing your network. Ten best security web sites. Eight certifications.

The Top Ten of Security. Ten best practices for securing your network. Ten best security web sites. Eight certifications.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Similar presentations

Ads by Google