Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.

Published byAngela Lloyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security."— Presentation transcript:

1 Module 2: Creating a Plan for Network Security

2 Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security Design Team

3 Lesson 1: Introduction to Security Policies What Are Security Policies? The Relationship Between Policies and Procedures Typical Reasons Why Security Policies Fail? Guidelines for Creating Policies and Procedures

4 What Are Security Policies? Security policies: Are documents Explain how an organization implements security Are documents Explain how an organization implements security Administrative Policies Technical Policies Physical Policies

5 The Relationship Between Policies and Procedures Policies describe what must be implemented to secure a network Procedures describe how to implement policies

6 Security policies often fail because they are: Typical Reasons Why Security Policies Fail Not enforced Difficult to read Difficult to find Outdated Too vague Too strict Not supported by management Not enforced Difficult to read Difficult to find Outdated Too vague Too strict Not supported by management

7 Guidelines for creating a security plan include: Write clear and concise policies Write simple procedures Obtain management support Ensure employees can find and refer to them easily Ensure no disruption to business processes Use technology to enforce Ensure consequence of violating policy is consistent Create incentives for following security policies Write clear and concise policies Write simple procedures Obtain management support Ensure employees can find and refer to them easily Ensure no disruption to business processes Use technology to enforce Ensure consequence of violating policy is consistent Create incentives for following security policies Guidelines for Creating Policies and Procedures

8 Lesson 2: Designing Security by Using a Framework What Are the Benefits of MSF When Designing a Security Plan? The Envisioning Phase for Network Security The Planning Phase for Network Security The Developing Phase for Network Security The Stabilizing Phase for Network Security The Deploying Phase for Network Security

9 What Are the Benefits of MSF When Designing a Security Plan? The Envisioning Phase The Planning Phase The Developing Phase The Stabilizing Phase The Deploying Phase Vision/Scope ApprovedScope CompletePlans ApprovedRelease ReadinessDeployment Complete Microsoft Solutions Framework 1 1 3 3 4 4 5 5 2 2

10 The Envisioning Phase for Network Security 3 3 4 4 5 5 2 2 Tasks when envisioning a network security plan: Assign team members Draft and circulate a vision/scope document Assign team members Draft and circulate a vision/scope document Envision

11 The Planning Phase for Network Security 3 3 4 4 5 5 Tasks when planning a network security plan: Create a functional specification Model threats Create a risk management plan Create a development and test environment Create a functional specification Model threats Create a risk management plan Create a development and test environment Plan Envision

12 The Developing Phase for Network Security 4 4 5 5 Tasks when developing a network security plan: Complete a proof of concept Create internal drafts of the network security plan Complete a draft network security plan Complete a proof of concept Create internal drafts of the network security plan Complete a draft network security plan Develop Plan Envision

13 The Stabilizing Phase for Network Security 5 5 Tasks when stabilizing a network security plan: Complete all pre-production tests Create a release candidate network security plan Complete all pre-production tests Create a release candidate network security plan Stabilize Develop Plan Envision

14 The Deploying Phase for Network Security Tasks when deploying a network security plan: Train the operations team Implement the network security plan Train the operations team Implement the network security plan Envision Plan Develop Stabilize Deploy

15 Lesson 3: Creating a Security Design Team Core Team Members Extended Team Members Guidelines for Creating a Security Design Team

16 Core Team Members RoleResponsible For Product Management Developing and executing the business case Ensuring that the security design aligns with business requirements Identifying and prioritizing risks Aiding communication Program Management Driving the overall project Managing the strategic goals, budget, schedules, and resources Development Designing, building, and testing security measures Testing Piloting testing Setting metrics to ensure quality control User Experience Driving the usability requirements Designing and developing training

17 Extended Team Members RoleResponsible For Executive Sponsor Approving recommendations by the security design team Advocating with upper management Legal Advising the team about local, national, and international laws and liabilities Human Resources Ensuring that security policies do not conflict with employment laws Managers Enforcing security policies End Users Providing feedback about the security policies Auditors Ensuring compliance with government or industry regulations

18 Guidelines for creating a security design team include: Have a single executive sponsor Use an experienced program manager Involve teams that deploy and manage security Involve legal and human resources Involve managers and end users Provide clear roles and responsibilities for all members Communicate regularly and clearly Have a single executive sponsor Use an experienced program manager Involve teams that deploy and manage security Involve legal and human resources Involve managers and end users Provide clear roles and responsibilities for all members Communicate regularly and clearly Guidelines for Creating a Security Design Team

19 Lab: Creating a Plan for Network Security Exercise 1 Identifying Reasons Why Security Policies Fail Exercise 2 Determining the Members of a Security Design Team

Download ppt "Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security."

Similar presentations

Program Management Office (PMO) Design

Program Management Office (PMO) Design
The Value of a Project Management Office Copyright: Kathy J. Lang, 2004.

The Value of a Project Management Office Copyright: Kathy J. Lang, 2004.
Roadmap for Sourcing Decision Review Board (DRB)

Roadmap for Sourcing Decision Review Board (DRB)
Ahsan Kabir Project Manager Ahsan Kabir Project Manager ………………………….

Ahsan Kabir Project Manager Ahsan Kabir Project Manager ………………………….
1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.

1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.
Security Controls – What Works

Security Controls – What Works
Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 

Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 
01.02.20061 APPLICATION DEVELOPMENT BY SYED ADNAN ALI.

APPLICATION DEVELOPMENT BY SYED ADNAN ALI.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
The Analyst as a Project Manager

The Analyst as a Project Manager
ECM Project Roles and Responsibilities

ECM Project Roles and Responsibilities
CHAPTER 9 DEVELOPING BUSINESS/IT STRATEGIES. IT Planning Planning an information system doesn’t start with bits, and bytes, or a Web site. It starts with.

CHAPTER 9 DEVELOPING BUSINESS/IT STRATEGIES. IT Planning Planning an information system doesn’t start with bits, and bytes, or a Web site. It starts with.
COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.

COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.
Mitun PatelMXP07U. Organisational structure Top management; this includes the organisation’s general manager and its executives Department managers; this.

Mitun PatelMXP07U. Organisational structure Top management; this includes the organisation’s general manager and its executives Department managers; this.
Software Asset Management

Software Asset Management
Network security policy: best practices

Network security policy: best practices
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Emerging Latino Communities Initiative Webinar Series 2011 June 22, 2011 Presenter: Janet Hernandez, Capacity-Building Coordinator.

Emerging Latino Communities Initiative Webinar Series 2011 June 22, 2011 Presenter: Janet Hernandez, Capacity-Building Coordinator.
Charting a course PROCESS.

Charting a course PROCESS.

Similar presentations

Ads by Google