Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Published byNicole Fletcher Modified over 11 years ago

Similar presentations

Presentation on theme: "Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010."— Presentation transcript:

1 Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010

2 Introduction Easy to define but hard to master Covers everything that can go wrong while computers are running It mainly examines the following controls: Operators Hardware Media Who should be involved with computer operations security? Every person interact with the system internally or externally Every technology that is part of the system

3 How to plan? The plan should be derived by asking right questions such as: How many security events were identified? How to control access privileges? Plan should show the ROI by asking the right questions such as: What will be the losses if not implemented. How much will it cost?

4 Critical O. S. Controls Operation controls focus on the following aspects: Resources protection Accountability, violation processing and user access authorities Access-Privileges Hardware, storage, I/O operations and activity logs Change Management Scheduling, applying, implementing and reporting Hardware

5 Resource Protection Securely guard the organizations Computing resources Loss Compromise Communication Balance of the security implementation depends on: Value of information Business need for the information Benefits are: Decrease possibility of damage to data Limit disclosure and misuse of data

6 Resource Protection Access given to individual users At a specific time Track access log Practices to enhance accountability and authority can be via: Users understanding the importance of passwords Users understanding the privacy regulations and its importance to avoid legal issues Plans for management changes must be in place

7 Access Privileges Hardware access Isolation between unrelated storages Enables controlling unauthorized access I/O operations and devices Should be verified before execution of privilege program Activity logs Auditing

8 Change Management Managing change steps: Introduce change Change log Scheduling change Implementing change Reporting change Why following those steps? Reduce the impact of change on services

9 Hardware Hardware access is via operating system software. Physical security of hardware Storage Unauthorized access

Download ppt "Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010."

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
Hart District Acceptable Use Policy Acceptable Use Policy.

Hart District Acceptable Use Policy Acceptable Use Policy.
Operating System Security

Operating System Security
CSC 360- Instructor: K. Wu Overview of Operating Systems.

CSC 360- Instructor: K. Wu Overview of Operating Systems.
Share Your PC Get Started. Sharing a computer used to mean that others could see your private files, install software you didn't want, or change your.

Share Your PC Get Started. Sharing a computer used to mean that others could see your private files, install software you didn't want, or change your.
Woodland Hills School District Computer Network Acceptable Use Policy.

Woodland Hills School District Computer Network Acceptable Use Policy.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.

Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Security Controls – What Works

Security Controls – What Works
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
کامیار نیرومند کارشناس تیم تجهیزات مرکز تخصصی آپا دانشگاه صنعتی اصفهان پاییز 1388 1.

کامیار نیرومند کارشناس تیم تجهیزات مرکز تخصصی آپا دانشگاه صنعتی اصفهان پاییز
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

Similar presentations

Ads by Google