Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anuj Dube Jimmy Lambert Michael McClendon

Published byHector Johnson Modified over 5 years ago

Similar presentations

Presentation on theme: "Anuj Dube Jimmy Lambert Michael McClendon"— Presentation transcript:

1 Anuj Dube Jimmy Lambert Michael McClendon
Security Policy Anuj Dube Jimmy Lambert Michael McClendon

2 Clean Desk Policy First line of defense General : Clear desk of papers
Extreme: Clean entire workspace

3 Account Management Policies
Centralized - Database Decentralized – Individual workstations and servers Two account rule

4 Account Management Policies
Disabling/Deleting accounts Termination Leave of absence Time-of-day

5 Portable Device Policies
General: USB/Flash drives Extreme: Mobile phones

6 Internet Usage Policy Goal: ensure maximum employee productivity and to limit potential liability to the organization from inappropriate use of the Internet in a workplace

7

8 Password Policy Components: Password construction Reuse restrictions
Duration Protection of passwords Consequences

9 Insider Threat Top network security risk!!! What is it?
Damage by current or former employees. The insider threat is often discussed among the top information security risks facing organizations. In fact, for the first time in seven years of doing the study, the 2012 Ponemon Data Loss survey listed internal mistakes by insiders is the number one cause of data breaches. What is an insider threat? This term is loosely used to describe current or former employees doing damage to the organization.   These can be malicious actions, such as stealing confidential information, or accidental, such as sending confidential information in an attachment.

10 Personnel Policies Acceptable Usage Policy Mandatory Vacation Policy
Separation of Duties Policy Job Rotation Policy Personnel security is an extremely challenging area of security.  In order to function, an organization must allow access to sensitive data.  But in an instant, a trusted employee can become an attacker. So in order to keep a check on any such harmful advances there are certain personnel policies that an organization must follow.

11 Acceptable Usage Policy (AUP)
What? Set of rules Why? Reduce the potential for legal action How? New members sign AUP before provided with restricted information An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager of a network, website or large computer system that restrict the ways in which the network, website or system may be used. AUP documents are written for corporations,[1] businesses, universities,[2] schools,[3] internet service providers,[4] and website owners,[5] often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement. Acceptable use policies are an integral part of the framework of information security policies; it is often common practice to ask new members of an organization to sign an AUP before they are given access to its information systems. For this reason, an AUP must be concise and clear, while at the same time covering the most important points about what users are, and are not, allowed to do with the IT systems of an organization.

12 Mandatory Vacations Policy
What? Use vacations at specific times of the year Why? Detect security issues with employees How? Someone else perform same duties Mandatory vacation policy requires employees to use their vacations at specific times of the year or use all of their vacation days allotted for a single year. This policy helps detect security issues with employees, such as fraud or other internal hacking activities, because the anomalies might surface while the user is away. For a mandatory vacation to be effective as a fraud deterrent and detection tool, someone else must be cross-trained and must perform the work during the mandated vacation. An employee who never takes a day off may be a red flag for fraud. Employees who engage in fraud may resist taking a vacation, fearing that someone else doing their job in their absence may discover the irregularities.

13 Separation of Duties Policy
What? Restrict power to prevent fraud by an individual Why? Principle of least priviledge How? Information flow diagram Separation of duties is a classic security method to manage conflict of interest, the appearance of conflict of interest, and fraud. It restricts the amount of power held by any one individual. It puts a barrier in place to prevent fraud that may be perpetrated by one individual. The technology group should understand the basic separation of duties issues within the technology area as well as the principle of least privilege. To be certain that you have identified all separation of duties issues, you will first need to create an information flow diagram for every function within each area of the organization.dividual. It puts a barrier in place to prevent fraud that may be perpetrated by one individual.

14 Job Rotation Policy What? Systematic movement Why?
Orientating, training, prevent burnout, prevention from fraud How? Information not isolated just one employee Job Rotation is the systematic movement of employees from one job to another within the organization as a way to achieve many different human resources objectives such as orienting new employees, training employees, enhancing career development and preventing job boredom or burnout.

Download ppt "Anuj Dube Jimmy Lambert Michael McClendon"

Similar presentations

Northside I.S.D. Acceptable Use Policy 2009-2010.

Northside I.S.D. Acceptable Use Policy
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Appendix B: Designing Policies for Managing Networks.

Appendix B: Designing Policies for Managing Networks.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
For Students of Humble ISD

For Students of Humble ISD
Yusuf İ slam Ş EFLEK 11 TM/A 85.  An acceptable use policy is a set of rules applied by the owner/manager of a network, website or large computer system.

Yusuf İ slam Ş EFLEK 11 TM/A 85.  An acceptable use policy is a set of rules applied by the owner/manager of a network, website or large computer system.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
 All employees will be able to communicate with other people in the district, schools, colleges, and various organizations.  Access is provided to hundreds.

 All employees will be able to communicate with other people in the district, schools, colleges, and various organizations.  Access is provided to hundreds.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.

Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Security considerations for mobile devices in GoRTT

Security considerations for mobile devices in GoRTT
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Information Systems Security Operational Control for Information Security.

Information Systems Security Operational Control for Information Security.

Similar presentations

Ads by Google