Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Published byHester Stephens Modified over 9 years ago

Similar presentations

Presentation on theme: "Web Security for Network and System Administrators1 Chapter 2 Security Processes."— Presentation transcript:

1 Web Security for Network and System Administrators1 Chapter 2 Security Processes

2 Web Security for Network and System Administrators2 Objectives In this chapter, you will: Review the basic components of a security education program Use security advisories to understand and correct software vulnerabilities Understand the need for security issue management Assess security risks Respond to security incidents

3 Web Security for Network and System Administrators3 Security Education An education plan answers four central questions for members of an organization: –Who can assist in fighting malicious computer activity? –Where are security policies located? –What are my responsibilities in relation to the security policies? –What security controls must I use?

4 Web Security for Network and System Administrators4 Security Education

5 Web Security for Network and System Administrators5 Security Advisory Software bugs can create vulnerabilities that can be exploited by abusers The software vulnerability lifecycle consists of four phases

6 Web Security for Network and System Administrators6 Security Advisory Steps to address a vulnerability: 1.Receive the advisory 2.Assess the advisory and determine applicability 3.Determine deadlines for fixes 4.Assign work and track progress 5.Periodically check systems for compliance

7 Web Security for Network and System Administrators7 Security Issue Management

8 Web Security for Network and System Administrators8 Security Issue Management Issues must be rated with objective criteria in order to determine deadlines for compliance or correction: –Low – Low risk security exposure problem or exposure on low value systems –Medium – Medium risk security exposure problem or exposure on medium value systems –High – High risk security exposure problem or exposure on high value systems

9 Web Security for Network and System Administrators9 Security Issue Management There are three general outcomes to the issue management process: –Fix the problem –Mitigate the exposure (e.g., install a firewall in front of a system with a lingering exposure) –Accept the risk of the exposure

10 Web Security for Network and System Administrators10 Security Risk Management

11 Web Security for Network and System Administrators11 Security Risk Management Risks should be: –Evaluated using qualitative and/or quantitative methods –Approved by the appropriate management chain –Reviewed regularly

12 Web Security for Network and System Administrators12 Security Incident Management Incident management is the overall system in place to respond to computer attacks. It consists of three major phases: –Preparation –Reaction –Assessment

13 Web Security for Network and System Administrators13 Security Incident Management To prepare: –Learn applicable laws –Build a computer incidence response team (CIRT) –Develop communication plan –Develop a response plan –Conduct training –Post no trespassing signs –Detect malicious activity

14 Web Security for Network and System Administrators14 Security Incident Management To respond in a timely and efficient manner: –Stay calm –Start a detailed log –Conduct thorough interviews –Coordinate communications –Determine the extent of the intrusion –Protect evidence –Contain the problem –Determine the root of the problem –Restore business operations

15 Web Security for Network and System Administrators15 Summary Education is an effective tool in mobilizing the organization to both understand the importance of security and to incorporate it into daily responsibilities. Vulnerability management process involves: receiving advisories, applying the necessary patches, and periodically assessing the environment to ensure fixes are installed. Security issue management is vital in ensuring that security exposures are addressed.

16 Web Security for Network and System Administrators16 Summary Security risk management provides the on-going methodology to compare the cost of security measures against the possible financial loss caused by malicious activity. The security incident management process must be meticulous and effective, and it must protect both the environment and evidence collected.

Download ppt "Web Security for Network and System Administrators1 Chapter 2 Security Processes."

Similar presentations

MONITORING OF SUBGRANTEES

MONITORING OF SUBGRANTEES
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Understanding & Managing Risk

Understanding & Managing Risk
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Controls for Information Security

Controls for Information Security
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Network security policy: best practices

Network security policy: best practices
Patch Management Strategy

Patch Management Strategy

Similar presentations

Ads by Google