Presentation is loading. Please wait.

Presentation is loading. Please wait.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Published byMerryl Ramsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect."— Presentation transcript:

1 Brian Bradley

2  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect your assets from being damaged.  Detection: measures taken to allow you to detect when an asset has been damaged, how it was damaged and who damaged it.  Reaction: measures that allow you to recover your assets.

3  Confidentiality ensures that that data is only read by the intended recipients.  Integrity ensures that all of the data has not been corrupted from its original source.  Availability guarantees that the data is usable upon demand.  Accountability is audit information that is kept and protected so that security actions can be traced to the responsible party.

4  Data Security is subject to several types of audit standards and verification.  The most common are ISO 17799, ISO 27001- 02, PCI, ITIL, SAS-70, HIPPA, SOX  Security Administrators are responsible for creating and enforcing a policy that forms to the standards that apply to their organizations business.

5  IT certification audits are generally carried out by 3 rd party accounting firms.  They generally can be done in a week or two, depending on the size of the organization.  Clients can also carry out audits before they begin doing business with the company to ensure that their data is secured to their standards.

6  A security policy is a comprehensive document that defines a companies’ methods for prevention, detection, reaction, classification, accountability of data security practices and enforcement methods.  It generally follows industry best practices as defined by ISO 17799,27001-02, PCI, ITIL, SAS-70, HIPPA, SOX or a mix of them.

7  The security policy is the key document in effective security practices.  Once it has been defined it must be implemented and modified and include any exceptions that may need to be in place for business continuity.  All users need to be trained on these best practices with continuing education at regular intervals.

8  Data needs to be classified in the security policy according to its sensitivity.  Once this has taken place, the most sensitive data has extra measures in place to safeguard and ensure its integrity and availability.  All access to this sensitive data must be logged.  Secure data is usually isolated from other stored data.

9  Controlling physical access to the data center or area where the data is stored.  Active or Open Directory is a centralized authentication management system that is available to companies to control and log access to any data on the system.  Encryption of the sensitive data is critical before transmission across public networks.

10  The use of firewalls on all publicly facing WAN connections.  Deploying VLANs’ and ACLs’ to isolate sensitive departments from the rest of the network.  Shutting down unused switch ports.  If wireless is deployed, use authentication servers to verify and log the identity of those logging on.  Anti-Virus and malicious software protection on all systems.

11  Walk around and look for passwords in the open.  Event Viewer / Log Files  Intrusion Detection/ Protection systems (IDS/IPS) such as SNORT.  These will alert Administrators of suspicious data flows.

12  Set up SNMP monitoring servers to monitor and alert for everything.  This will alert Administrators to everything from unusual bandwidth usage to hardware failure.  It is key to know what's going on with your systems and network.

13  Microsoft Visio is the standard for drawing network maps.  These maps allow a detailed overview of the system and how it is functions.  They also allow the spotting of weak points of security and flaws in design that can impact reliability or continuity of the data to the end user.

14  Nessus is a network scanner that probes devices to ensure their secure.  It will probe and report old out of date software, open ports and the give details on potential exposure related to them.  Should be scheduled at least monthly enterprise wide.  A log needs to be kept of who was scanned so that anybody missed can be scanned either next time or individually.

15  SANS Storm Center will keep you posted to the latest attack trends.  Read you log files regularly of any publicly facing server to see what types of attacks are being run against your enterprise.  Trade publications discuss the latest threats and technologies.  Understand the technology that you are protecting and the technology that is used to attack.

16  All relevant security polices must be clearly explained to the end users.  A clear explanation of the consequences for violating these polices must also be explained.  The end user needs to sign a document acknowledging that they understand the policies and consequences for violating these policies.

17  Must obtain executive authority to enforce policy.  Systematic approach of warnings and punishments.  Coordinate with HR to document continued issues with staff.

18 I very much appreciate your time and interest.

Download ppt "Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
JARED BIRD Nagios: Providing Value Throughout the Organization.

JARED BIRD Nagios: Providing Value Throughout the Organization.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.

Chapter 12 Network Security.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Training at Ministry of Industry, Commerce and Consumer Protection Presented By: Mrs Dodah Pravina Mr Dookee Padaruth Date : 11 September 2014 Explaining.

Training at Ministry of Industry, Commerce and Consumer Protection Presented By: Mrs Dodah Pravina Mr Dookee Padaruth Date : 11 September 2014 Explaining.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Training at Mauritius Institute of Training and Development Presented By Mrs Dodah Pravina Mr Bhugowon Hemrajsingh Date : 04 October 2013 Overview on Data.

Training at Mauritius Institute of Training and Development Presented By Mrs Dodah Pravina Mr Bhugowon Hemrajsingh Date : 04 October 2013 Overview on Data.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,

(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google