Presentation is loading. Please wait.

Presentation is loading. Please wait.

R. Ching, Ph.D. MIS Area California State University, Sacramento 1 Week 6 Monday, February 27 IT InfrastructureIT Infrastructure Reliability and Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "R. Ching, Ph.D. MIS Area California State University, Sacramento 1 Week 6 Monday, February 27 IT InfrastructureIT Infrastructure Reliability and Security."— Presentation transcript:

1 R. Ching, Ph.D. MIS Area California State University, Sacramento 1 Week 6 Monday, February 27 IT InfrastructureIT Infrastructure Reliability and Security of IT ServicesReliability and Security of IT Services SecuritySecurity

2 R. Ching, Ph.D. MIS Area California State University, Sacramento 2 IT Infrastructure, Another View…

3 R. Ching, Ph.D. MIS Area California State University, Sacramento 3 IT Architecture and Advances in IT Era I - Mainframe (1950’s - 1970s)Era I - Mainframe (1950’s - 1970s) –IT paradigm Centralized computingCentralized computing Automated functionsAutomated functions –Information management Focus on data (i.e., data processing and efficiency)Focus on data (i.e., data processing and efficiency) Fixed reportingFixed reporting File-basedFile-based

4 R. Ching, Ph.D. MIS Area California State University, Sacramento 4 IT Architecture and Advances in IT Era II - PC (1970’s - 1980s)Era II - PC (1970’s - 1980s) –IT paradigm MicrocomputerMicrocomputer Decentralized, end-user developed computingDecentralized, end-user developed computing –Information management Focus on information (i.e., specialized applications)Focus on information (i.e., specialized applications) Specialized and personal software (i.e., electronic spreadsheets, word processing, file management)Specialized and personal software (i.e., electronic spreadsheets, word processing, file management) Islands of informationIslands of information

5 R. Ching, Ph.D. MIS Area California State University, Sacramento 5 IT Architecture and Advances in IT Era III - Network (1990’s - present)Era III - Network (1990’s - present) –IT paradigm Client/server (fat and thin clients)Client/server (fat and thin clients) Internet, intranet (within the organization), extranet (between the organization and its suppliers/partners)Internet, intranet (within the organization), extranet (between the organization and its suppliers/partners) End-user computingEnd-user computing –Information management Focus on knowledge (i.e., OLAP tools, data warehousing/mining)Focus on knowledge (i.e., OLAP tools, data warehousing/mining) Relational and OO database (centralized data repository)Relational and OO database (centralized data repository)

6 R. Ching, Ph.D. MIS Area California State University, Sacramento 6 Infrastructure Delivering the right information to the right people at the right time Delivering IT resources to support users throughout the organizationDelivering IT resources to support users throughout the organization Four layer infrastructure (Weill and Broadbent)Four layer infrastructure (Weill and Broadbent) –IT components –Human IT infrastructure –Shared IT services – services that users can draw upon and share to conduct business –Shared and standard IT applications – stable applications that change less frequently

7 R. Ching, Ph.D. MIS Area California State University, Sacramento 7 Structure of the IT Infrastructure IT components Shared IT services Human IT infrastructure Shared and standard IT applications Local applications IT infrastructure

8 R. Ching, Ph.D. MIS Area California State University, Sacramento 8 Three Views of IT Infrastructure Economies of scale (utility) – providing IT/IS as a service to the business to facilitate operationsEconomies of scale (utility) – providing IT/IS as a service to the business to facilitate operations –Emphasis on reducing costs Support for business programs (dependent) – IT tied to business plan and value-added initiativesSupport for business programs (dependent) – IT tied to business plan and value-added initiatives Flexibility to meet changes in the marketplace (enabling) – IT planning tied to business strategic planFlexibility to meet changes in the marketplace (enabling) – IT planning tied to business strategic plan –Co-alignment between business strategy and IT strategy –Strategic IT and strategic IT planning

9 R. Ching, Ph.D. MIS Area California State University, Sacramento 9 Strategic Grid: Placing Infrastructure Planning and Management in Perspective High Low HighLow Impact of Existing IT applications Impact of Future IT applications Factory Operational IT Support Basic elements Turnaround Gradual adoption Strategic Strategic IT plan, initiatives Mission Critical Less critical How we view reliability and security depends on where the organization lies on the strategic grid.

10 R. Ching, Ph.D. MIS Area California State University, Sacramento 10 Reliability and Availability of the Infrastructure

11 R. Ching, Ph.D. MIS Area California State University, Sacramento 11 Infrastructure Reliability Ensuring continuous operations in support of the organizationEnsuring continuous operations in support of the organization –27 x 7 operation (if important) –Redundancy of components –Cost of maintaining continuous operations vs. cost of failure –Threats and countermeasures

12 R. Ching, Ph.D. MIS Area California State University, Sacramento 12 Availability Availability 100% 0% Number of components Component 1 98% availability Component 2 98% availability Component 3 98% availability Component 4 98% availability Component 5 98% availability.98 x.98 x.98 x.98 x.98 =.9039 Overall service availability Complexity of the system increases as the number of components increase

13 R. Ching, Ph.D. MIS Area California State University, Sacramento 13 Availability Component 1 98% availability Component 2 98% availability Component 3 98% availability Component 4 98% availability Component 5 98% availability.98 x.98 x.98 x.98 x.98 =.9039 Component 1 98% availability Component 2 98% availability Component 3 98% availability Component 4 98% availability Component 5 98% availability Redundancy: If each component has a failure rate of.02, then a complete failure of the system is.02 x.02 x.02 x.02 x.02 =.000000032 Components running in parallel (i.e., each component is capable of doing all functions)

14 R. Ching, Ph.D. MIS Area California State University, Sacramento 14 Making a High-Availability Facility Uninterruptible electric power deliveryUninterruptible electric power delivery Physical securityPhysical security Climate control and fire suppressionClimate control and fire suppression Network connectivityNetwork connectivity N+1 and N+N redundancy of mission critical componentsN+1 and N+N redundancy of mission critical components

15 R. Ching, Ph.D. MIS Area California State University, Sacramento 15 Malicious Threats and Defensive Measures Types of threats:Types of threats: –External attacks – denial of service (DoS) –Intrusion – access via the IT infrastructure –Viruses and worms Defensive measuresDefensive measures –Security policies – defines security by recognizing IT as a resource –Firewalls –Authentication –Encryption –Patching and change management –Intrusion detection and network monitoring

16 R. Ching, Ph.D. MIS Area California State University, Sacramento 16 Risk Management Risk of failure or a breach of securityRisk of failure or a breach of security Must be classified (i.e., critical, not critical, etc.)Must be classified (i.e., critical, not critical, etc.) Addressed in proportion to their likelihood and potential consequencesAddressed in proportion to their likelihood and potential consequences Management action to mitigate risksManagement action to mitigate risks –Costs vs. potential benefits –Expected loss (probability of a threat occurring x cost)

17 R. Ching, Ph.D. MIS Area California State University, Sacramento 17 Prioritization of Risks Consequences High Low Probability0 1 Critical Threats Minor Threats Flooding Earthquake Lightning Construction Hacking Intrusion Fire Corporate espionage

18 R. Ching, Ph.D. MIS Area California State University, Sacramento 18 Managing Threats and Risks Sound infrastructure designSound infrastructure design Disciplined execution of operating proceduresDisciplined execution of operating procedures Careful documentationCareful documentation Established crisis management proceduresEstablished crisis management procedures Rehearsing incident responseRehearsing incident response –Security audit Recovery proceduresRecovery procedures

19 R. Ching, Ph.D. MIS Area California State University, Sacramento 19 Another View of Security and Threats…

20 R. Ching, Ph.D. MIS Area California State University, Sacramento 20 Countermeasures and Contingency Plans Threats Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently the organization.Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently the organization. –Tangible losses (hardware, software, data) –Intangible losses (credibility, confidentiality)

21 R. Ching, Ph.D. MIS Area California State University, Sacramento 21 Threats and Countermeasures Initiate countermeasures to overcome threatsInitiate countermeasures to overcome threats –Consider the types of threat and their impact on the organization Cost-effectivenessCost-effectiveness FrequencyFrequency SeveritySeverity

22 R. Ching, Ph.D. MIS Area California State University, Sacramento 22 Threats and Countermeasures Objective is to achieve a balance between a reasonable secure operation, which does not unduly hinder users, and the costs of maintaining it.Objective is to achieve a balance between a reasonable secure operation, which does not unduly hinder users, and the costs of maintaining it. Risks are independent of the countermeasuresRisks are independent of the countermeasures CountermeasuresCountermeasures CostsCosts SecuredOperationsSecuredOperations Risks

23 R. Ching, Ph.D. MIS Area California State University, Sacramento 23 Countermeasures Computer-based vs. Non-computer-basedComputer-based vs. Non-computer-based Implemented through the operating system and/or DBMS Management policies and procedures

24 R. Ching, Ph.D. MIS Area California State University, Sacramento 24 Computer-Based Controls AuthorizationAuthorization Backup (and recovery)Backup (and recovery) JournalingJournaling Integrity controlsIntegrity controls EncryptionEncryption Associated proceduresAssociated procedures

25 R. Ching, Ph.D. MIS Area California State University, Sacramento 25 Noncomputer-Based Controls Security policy and contingency plansSecurity policy and contingency plans Personnel controlsPersonnel controls Securing positioning of equipmentSecuring positioning of equipment Secure data and softwareSecure data and software Escrow agreementsEscrow agreements Maintenance agreementsMaintenance agreements Physical access controlsPhysical access controls Building controlsBuilding controls Emergency arrangementsEmergency arrangements Management-oriented

26 R. Ching, Ph.D. MIS Area California State University, Sacramento 26 Non-Computer-Based Controls: Countermeasures Security policy and contingency planSecurity policy and contingency plan –Security - covers the operations of the database –Contingency plan - addresses plans for catastrophic events Procedures to followProcedures to follow Line of commandLine of command Personal controlsPersonal controls –Assessing and monitoring employees –Training –Responsibilities - sharing and splitting –Job controls

27 R. Ching, Ph.D. MIS Area California State University, Sacramento 27 Non-Computer-Based Controls: Countermeasures Securing:Securing: –Hardware –Data and software Physical access controlsPhysical access controls –Internal and external Emergency arrangementsEmergency arrangements –Cold, warm and hot sites

28 R. Ching, Ph.D. MIS Area California State University, Sacramento 28 Non-Computer-Based Controls: Countermeasures Risk analysisRisk analysis –Identify assets –Identify threats and risks –Establish their costs relative to losses –Determine countermeasure Establish effectiveness of the countermeasureEstablish effectiveness of the countermeasure Establish cost of implementing the countermeasureEstablish cost of implementing the countermeasure –Examine cost/benefit of countermeasure –Make recommendation

Download ppt "R. Ching, Ph.D. MIS Area California State University, Sacramento 1 Week 6 Monday, February 27 IT InfrastructureIT Infrastructure Reliability and Security."

Similar presentations

IT Service Continuity Management

IT Service Continuity Management
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Chapter 12 Strategies for Managing the Technology Infrastructure.

Chapter 12 Strategies for Managing the Technology Infrastructure.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
The Information Systems Audit Process

The Information Systems Audit Process
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Chapter 13 Organizing Information System Resources MIS Department Centralization and Decentralization Outsourcing Computer Facilities and Services.

Chapter 13 Organizing Information System Resources MIS Department Centralization and Decentralization Outsourcing Computer Facilities and Services.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.

Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.
Chapter 13: Data Security & Disaster Recovery Database Management Systems.

Chapter 13: Data Security & Disaster Recovery Database Management Systems.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
© Pearson Education Limited, 20041 Chapter 5 Database Administration and Security Transparencies.

© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.

Similar presentations

Ads by Google