Download presentation
Presentation is loading. Please wait.
Published byWinifred Byrd Modified over 9 years ago
1
CSC 386 – Computer Security Scott Heggen
2
Agenda Security Management
3
What goes in a security policy? Examples: http://www.sans.org/security-resources/policieshttp://www.sans.org/security-resources/policies
4
Security Management Scenario 1: – Company XYZ is a new company devoted to developing a social networking platform – The company will house their own servers which will provide its users with content – The company will have an in-house IT team to manage their networks, but connect their servers to the Internet through the local ISP – There will be three main teams working in the company: Administrators (CEOs, HR, Financial, etc.), Developers (software engineers, electrical engineers, graphic designers, etc.), and IT (network engineers, network operations experts, customer service) – They expect their software to serve at least one million users in the next five years
5
Measuring Security Once a policy is in place, how do you know if it’s working? How do you quantify “secure”?
6
Security Management Scenario 2: – You are a contractor for the U.S. government who develops missile control modules – You have regular communications with 3 other government contractor companies regarding the integration of your modules with their parts of the system
7
Risk and Threat Analysis
8
Identify the assets valuable to your company Identify the threats that exist to each asset Determine the impact a threat can potentially have on an asset Monitor your assets for vulnerabilities Prepare for attacks
9
Risk and Threat Analysis
11
Risk = Assets x Threats x Vulnerabilities Trivial – Important - Critical Very unlikely - Likely Fix when convenient – Fix now!
12
Risk Analysis Scenario 1 revisited: – Company XYZ is a new company devoted to developing a social networking platform – The company will house their own servers which will provide its users with content use cloud-based servers to host content – The company will have an in-house IT team to manage their networks, but connect their servers to the Internet through the local ISP – There will be three main teams working in the company: Administrators (CEOs, HR, Financial, etc.), Developers (software engineers, electrical engineers, graphic designers, etc.), and IT (network engineers, network operations experts, customer service) – They expect their software to serve at least one million users in the next five years
13
Risk Mitigation Now have a prioritized list of risks/threats Can develop countermeasures to mitigate those risks Remember, this is an on-going process; IT is constantly changing!
14
Next Class Due: – Have a good weekend Agenda: – Foundations of Computer Security (Chapter 3 of your text)
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.