Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security."— Presentation transcript:

1 Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security

2 Security Awareness: Applying Practical Security in Your World, 2e 2 Objectives Explain how physical security protects an organization Tell the difference between enterprise policies and plans, and list examples of each Give examples of different types of training and education Define ethics

3 Security Awareness: Applying Practical Security in Your World, 2e 3 Physical Security Protects equipment and has one primary goal –To prevent unauthorized users from reaching the equipment to use, steal, or vandalize it Rack-mounted servers –Typically 1.75 inches (4.45 centimeters) tall –Can be stacked with up to 50 other servers in a closely confined area –Typically connected to a single KVM (keyboard, video, mouse) switch

4 Security Awareness: Applying Practical Security in Your World, 2e 4

5 5

6 6 Physical Security (continued) KVM switches –Connection ports allow analog or digital connections from Rack-mounted servers or Connections over network cables –Some have a lock that restricts access In addition to securing device itself –Also important to securing the room containing device

7 Security Awareness: Applying Practical Security in Your World, 2e 7 Physical Security (continued) Basic types of door locks –Preset lock –Deadbolt lock Cipher locks –Combination locks with buttons that user must push in proper sequence to open door –Keep record of when door was opened and by which code

8 Security Awareness: Applying Practical Security in Your World, 2e 8

9 9

10 10

11 Security Awareness: Applying Practical Security in Your World, 2e 11 Physical Security (continued) Other physical vulnerabilities in an office –Suspended ceilings –HVAC ducts –Exposed door hinges –Insufficient lighting –Dead-end corridors

12 Security Awareness: Applying Practical Security in Your World, 2e 12 Enterprise Policies Policy –Document that outlines specific requirements or rules that must be met –Characteristics Communicates a consensus of judgment Defines appropriate behavior for users Identifies what tools and procedures are needed. Provides foundation for human resource action in response to inappropriate behavior Makes the process of prosecuting violators clearer and more fair

13 Security Awareness: Applying Practical Security in Your World, 2e 13 Security Policy Outlines protections that should be enacted to ensure organization’s assets face minimal risks Effective security policy –Must carefully balance trust and control Three models of trust –Trust everyone all of the time –Trust no one at any time –Trust some people some of the time

14 Security Awareness: Applying Practical Security in Your World, 2e 14

15 Security Awareness: Applying Practical Security in Your World, 2e 15 Acceptable Use Policy (AUP) Defines actions users may perform while using the computing and networking equipment Typically covers all computer use –Including Internet, e-mail, Web, and password security Should provide explicit prohibitions regarding security and proprietary information Unacceptable use should also be outlined

16 Security Awareness: Applying Practical Security in Your World, 2e 16 Enterprise Plans A plan –A “call to action” outlining what must be done Plans that are often used –Business continuity plan –Disaster recovery plan

17 Security Awareness: Applying Practical Security in Your World, 2e 17 Business Continuity Plan Process of –Assessing risks –Developing management strategy to ensure that business can continue if risks materialize Addresses anything that could affect the continuity of service over the long term

18 Security Awareness: Applying Practical Security in Your World, 2e 18 Business Continuity Plan (continued) Business continuity management –Concerned with developing a business continuity plan (BCP) Basic steps in creating a BCP –Understand the business –Formulate continuity strategies –Develop a response –Test the plan

19 Security Awareness: Applying Practical Security in Your World, 2e 19 Maintaining Utilities Uninterruptible power supply (UPS) –External device located between the outlet for electrical power and a computer device If power fails, UPS can –Send message to network administrator’s computer –Notify users that they must finish their work and log off immediately –Prevent new users from logging on –Disconnect users and shut down server

20 Security Awareness: Applying Practical Security in Your World, 2e 20 Creating and Maintaining Backups Four basic types of enterprise backups –Full backup –Differential backup –Incremental backup –Copy backup

21 Security Awareness: Applying Practical Security in Your World, 2e 21 Creating and Maintaining Backups (continued) Grandfather-father-son backup system –Divides backups into three sets Daily backup (son) Weekly backup (father) Monthly backup (grandfather)

22 Security Awareness: Applying Practical Security in Your World, 2e 22

23 Security Awareness: Applying Practical Security in Your World, 2e 23

24 Security Awareness: Applying Practical Security in Your World, 2e 24 Disaster Recovery Plan Disaster recovery –Focused on recovering from major disasters that could cause the organization to cease operations Disaster recovery plan (DRP) –Addresses what you should do if major catastrophe occurs

25 Security Awareness: Applying Practical Security in Your World, 2e 25 Disaster Recovery Plan (continued) Typical outline –Unit 1: Purpose and Scope –Unit 2: Recovery Team –Unit 3: Preparing for a Disaster –Unit 4: Emergency Procedures –Unit 5: Recovery Procedures

26 Security Awareness: Applying Practical Security in Your World, 2e 26 Identifying Secure Recovery Hot site –Used in the event of a disaster to continue computer and network operations Cold site –Provides office space –Customer must provide and install all equipment needed to continue operations Warm site –Has all of the equipment installed –Does not have active Internet or telecommunications facilities

27 Security Awareness: Applying Practical Security in Your World, 2e 27 Education and Training Opportunities for security education and training –New employee is hired –Computer attack has occurred –Employee is promoted or given new responsibilities –Department is conducting an annual retreat –New user software is installed –User hardware is upgraded

28 Security Awareness: Applying Practical Security in Your World, 2e 28 How Learners Learn Pedagogical approach –Comes from a Greek word meaning to lead a child Andragogical approach –The art of helping an adult learn People typically learn in three ways –Visually, auditorily, and kinesthetically

29 Security Awareness: Applying Practical Security in Your World, 2e 29

30 Security Awareness: Applying Practical Security in Your World, 2e 30

31 Security Awareness: Applying Practical Security in Your World, 2e 31 Learning Resources Seminars and workshops –Good means of learning latest technologies and networking with other security professionals Print media –Magazines and journals are good sources for most recent material Internet –Contains a wealth of information that can be used to keep informed about new attacks and trends

32 Security Awareness: Applying Practical Security in Your World, 2e 32 Ethics Set of principles and behaviors that people understand and agree to be good and right Values –A person’s fundamental beliefs –Principles used to define what is good, right, and just Morals –Values attributed to system of beliefs that helps the individual define right from wrong Code of conduct –Intended to be a central guide and reference for employees in support of day-to-day decision making

33 Security Awareness: Applying Practical Security in Your World, 2e 33 Summary Physical security –One of the first lines of defense against attacks Policy –Document that outlines specific requirements or rules that must be met Plan –Outlines specifically what must be done

34 Security Awareness: Applying Practical Security in Your World, 2e 34 Summary (continued) Users need to receive training regarding –The importance of securing information –The roles that they play in security –The necessary steps they need to take to ward off attacks Ethics –The study of what people understand to be good and right

Download ppt "Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
Information Technology Awareness Wayne Donald IT Security Officer.

Information Technology Awareness Wayne Donald IT Security Officer.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Internet Safety in Henry County Schools By the division’s Internet Safety Task Force.

Internet Safety in Henry County Schools By the division’s Internet Safety Task Force.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 14 Security Policies and Training.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 14 Security Policies and Training.
Chapter 10: Operational Security Security+ Guide to Network Security Fundamentals Second Edition Instructor by Sukchatri PRASOMSUK.

Chapter 10: Operational Security Security+ Guide to Network Security Fundamentals Second Edition Instructor by Sukchatri PRASOMSUK.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.

Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
© 2003, Educational Institute Chapter 12 Systems and Security Maintenance Managing Technology in the Hospitality Industry Fourth Edition (469T or 469)

© 2003, Educational Institute Chapter 12 Systems and Security Maintenance Managing Technology in the Hospitality Industry Fourth Edition (469T or 469)
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Processing Integrity and Availability Controls

Processing Integrity and Availability Controls
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Computer Security Fundamentals

Computer Security Fundamentals
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Network security policy: best practices

Network security policy: best practices

Similar presentations

Ads by Google