Presentation is loading. Please wait.

Presentation is loading. Please wait.

Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Copyright Kim.

Published byJessie Pitts Modified over 9 years ago

Similar presentations

Presentation on theme: "Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Copyright Kim."— Presentation transcript:

1 Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Kim.milford@doit.wisc.edu Copyright Kim Milford, 2003

2 Overview Background: Defining a Security Architecture Why we need A Security Architecture Models A Comprehensive Approach to Information Security

3 Background RFC 2401 (IPSec) Security Architecture: –Goal is to provide various security services for traffic at the IP level ISC 2 : –The totality of security design for a system or application IAA/PKI Standards –Federal Bridge PKI –Shibboleth

4 Background CERT: –Maintain a long-term view and invest in research toward systems and operational techniques that yield networks capable of surviving attacks while protecting sensitive data. In doing so, it is essential to seek fundamental technological solutions and to seek proactive, preventive approaches, not just reactive, curative approaches.

5 Why We Need A Security Architecture Mandates –FERPA –HIPAA –Gramm Leach Bliley Act – TEACH –National Strategy to Secure Cyberspace –DHHS proposed legislation to protect laboratories handling select agent (42 CFR Part 73): 73.11(a) “The security plan must be based on a systematic approach in which threats are defined, vulnerabilities are examined, and risks associated with those vulnerabilities are mitigated with a security systems approach.” 73.11(b)”The plan must: (1) describe …cyber security

6 Why We Need A Security Architecture To Protect: Confidentiality Integrity Availability of IT Resources From: Environmental threats Technical threats Human threats

7 Why We Need A Security Architecture Threats

8 Why We Need A Security Architecture Threats – Continued

9 Why We Need A Security Architecture Threats - Continued

10 Why We Need A Security Architecture Threats – Continued (2002 CSI/FBI Survey): 90% of respondents detected computer security incidents in the past 12 months 80% acknowledged financial losses due to computer security incidents

11 Why We Need A Security Architecture Threats – Continued (2002 CSI/FBI Survey):

12 Security Architecture: Models Historical:

13 Security Architecture: Models

14

15 The building blocks of security… POLICIES VIRUS PROTECTION PHYSICAL SECURITY PROTECT YOUR SERVERS PROTECT YOUR PCs DISASTER RECOVERY EDUCATION INCIDENT HANDLING FIREWALLS

16 Security Architecture: Models Interlocking Communities Served by Interlocking Information Infrastructures FII DII Electronic Commerce Electronic Mail Electronic Data Interchange Electronic Funds Transfer File Transfer Information Search/Retrieval NII GII Requiring PROTECTDETECTRESPONDRECONSTITUTE Private Citizen Business Sector State, Local Govt Critical Public Safety Federal Govt Natl Security Intel/DOD Internatl Basic Information Security Services * Data Integrity* Data Confidentiality* Transaction Non-Repudiation * User Identification and Authentication* System Availability Through trained system users, maintainers and developers

17 Security Architecture: Models

18 A Comprehensive Approach to Information Security From theory to practice: 1.Perform risk assessment 2.Develop a comprehensive plan to information security –Phased migration 3.Develop an architectural model –Get management's attention –Get system developer’s attention

19 References www.doit.wisc.edu/security www.cert.org Security Project Cookbook, The Burton Group Nigel Willson, Dan Blum, 2002 www.gocsi.comwww.gocsi.com (CSI/FBI survey) Kim.milford@doit.wisc.edu

Download ppt "Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Copyright Kim."

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.

Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D 202-254-5802.

Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.

Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Securing Information Systems

Securing Information Systems
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google