Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 6 of the Executive Guide manual Technology.

Published byAlfred Cody Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 6 of the Executive Guide manual Technology."— Presentation transcript:

1 Chapter 6 of the Executive Guide manual Technology

2 Intro & Overview Its’ important to deploy few products successfully than to implement all security product with minimal success. Its also important to have process and procedures to ensure on-going effectiveness of security products implemented. You must evaluate current environment to plan for future desire environment. Need to assess technology strategy, components and administration to determine effectiveness of Security program

3 Technology Strategy Constant changes in business requires IT regularly update it’s IT security strategy as well. IT architecture should address best practice & growth opportunities via Zone & Layering security schema. – Zone & Layering restrict access & protect critical systems at the gateway, servers & client levels.

4 Technology Components Complexity of deployed technology depends on the business and maturity of the security program. Basic technology starts with Authentication, Authorization and Accounting (AAA) Then anti-virus, firewalls – Anti-virus can protects the gateway, server & client – Firewall filter for authorized traffic

5 Technology Components Cont. Vulnerability management & intrusion detection/prevention (IDS/IPS) tools works to monitor and protect systems against viruses/intrusions. Small Co may not have the resources or tools necessary to security information assets. Outsource is a option but make sure to do Due Diligence on the vendor to ensure they meet your requirements.

6 Technology Administration Independent evaluation of your security program is important and can include: – Penetration tests – Risk assessment – Audits Metrics reporting is critical to provide Executive Management and Board for their support & funding Change management is important to stay current on changing threats & requirements.

7 Design Future state of Technology Strategy Separate your infrastructure into digital zones and layering Digital zone is to divide environment into zones with defined security levels & priority. – Mission critical zone requiring highest level of security standards to be applied – Critical zone requiring medium security application See Figure 6-1 for graphic layout

8 Extranet Allows customers and business partners to access limited resources to conduct business Extranet connects to the Internet so it’s best practice to deploy a few tools including: – Network-based intrusion detection – Network vulnerability management – Host – based intrusion detection – Network- intrusion prevention

9 Intranet This is where most normal front-end business activities are processed by employee, contractors, consultants, business partners… Deployed security should include – Role base user administrations (access based on job responsibilities and least privilege concept) – Access control with user ID and password at minimum – Required periodic password changes – Deactivate account after 60 days of inactivates – Connection Scan

10 Mission-Critical Zone This zone contains critical applications, databases, systems that is vital to the continued operation of your business. Security controls should include: – Full suite of intrusion detection/prevention and vulnerability management tools. – Updated anti-virus tools – Restricted access and periodic monitoring of privilege accounts – System performance monitoring – Daily/Weekly back up

11 Defense-in-Depth Gateway, Server & Clients level Gateway- connection btw sections of systems Security controls should include: – Firewalls, – Anti-virus – DMZ area – Honeypot – Monitoring

12 Server Share computer that performs functions for multiple end users (printers, ERP applications, databases, etc.). Security controls should includes: – Anti-virus – Intrusion detection/prevention – Vulnerability management tools – Back-up & recovery – Capacity monitoring – Access controls

13 Client Individual laptops, desktops, PDAs Security controls should/can includes: – Anti-virus – Encryption – Access Controls – Image scan – Restrict external storage connections – Time-out screen lock – Monitoring

14 Mixed Solutions Select the tools the can integrate & support your organization model Implement a few good tools well Monitor and fine-tune the tools for effective security controls End Goal is to Be Open yet Secure

15 Practical Deployment of Technology Authentication/Authorization/Accounting Firewalls Anti-Virus Vulnerability Management IDS/IPS

16 Technology Administration Regular scaning & remediation program Periodic penetration tests Audit of information security program Regular updates of anti-virus Change management Metric & Report to Executive Management & Board

17 Technology summary Technology is an essential component of Information Security program Program must support current and future business models Basic security includes AAA, firewalls, anti-virus, vulnerability management, IDS/IPS, encryption, monitoring Regular risk assessment, vulnerability scans, pen test is important to ensure security program remains effective. Metrics & report to Executive get support & resource for program.

18

Download ppt "Chapter 6 of the Executive Guide manual Technology."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Security Controls – What Works

Security Controls – What Works
Network Security Philadelphia UniversityAhmad Al-Ghoul 2010-20111 Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Similar presentations

Ads by Google