Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policies CIT 380: Securing Computer SystemsSlide #1.

Published byGiles Hopkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Policies CIT 380: Securing Computer SystemsSlide #1."— Presentation transcript:

1 Policies CIT 380: Securing Computer SystemsSlide #1

2  Codify successful security practices  Standards for backups  Standard anti-virus product throughout the organization  Encryption algorithm  Platform independent  Metric to determine if met CIT 380: Securing Computer Systems2

3  Interpret standards for a particular environment.  Recommendations  Follow tested procedures or best practices  Window Server backups CIT 380: Securing Computer Systems3

4  HIPAA  Medical Privacy - National Standards to Protect the Privacy of Personal Health Information  Sarbanes Oxley  Protecting of financial and accounting information  Federal Information Security Management Act (FISMA)  IT controls and auditing CIT 380: Securing Computer Systems4

5  Have authority commensurate with responsibility  Spaf’s first principle of security administration:  If you have responsibility for security, but have no authority to set rules or punish violators, your own role in the organization is to take the blame when something big goes wrong. CIT 380: Securing Computer Systems5

6  Be sure to know you security perimeter  Laptops and PDAs  Wireless networks  Computer used at home  Portable media ▪ Flash drives, CDs, DVDs CIT 380: Securing Computer Systems6

7  Perimeter defines what is within your control.  Historically  Within walls of building or fences of campus.  Within router that connects to ISP.  Modern perimeters are more complex  Laptops, PDAs.  USB keys, CDs, DVDs, portable HDs.  Wireless networks.  Home PCs that connect to your network. CIT 380: Securing Computer SystemsSlide #7

8 1. Decide how important security is for your site. 2. Involve and educate your user community. 3. Devise a plan for making and storing backups of your system data. 4. Stay inquisitive and suspicious. CIT 380: Securing Computer Systems8

9  Formulating policy is not enough by itself. It is important to determine regularly if the policy is being applied correctly, and if the policy is correct and sufficient. CIT 380: Securing Computer Systems9

10  Audit your systems and personnel regularly.  Audit failures may result from  Personnel shortcomings ▪ Insufficient education or overwork  Material shortcomings ▪ Insufficient resources or maintenance  Organizational shortcomings ▪ Lack of authority, conflicting responsibilities  Policy shortcomings ▪ Unforeseen risks, missing or conflicting policies CIT 380: Securing Computer SystemsSlide #10

11  In-house staff  Full-time or part-time consultants  Choosing a vendor ▪ “Reformed hacker” CIT 380: Securing Computer Systems11

12  Policy divides system into  Authorized (secure) states.  Unauthorized (insecure) states.  Policy vs Mechanism  Policy: describes what security is.  Mechanism: how security policy is enforced.  Written policy and enforced policy will differ.  Compliance audits look for those differences.  Security Perimeter  Describes what is within your control.  Defense in depth: defend perimeter and inside. CIT 380: Securing Computer SystemsSlide #12

13 1. Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. 2. Simson Garfinkel, Gene Spafford, and Alan Schwartz, Practical UNIX and Internet Security, 3/e O’Reilly, 2003. 3. NKU, Acceptable Use Policy, http://it.nku.edu/itsecurity/docs/acceptabl eusepolicy.pdf, 2009. http://it.nku.edu/itsecurity/docs/acceptabl eusepolicy.pdf 4. SANS, SANS Security Policy Project, http://www.sans.org/resources/policies/ CIT 380: Securing Computer SystemsSlide #13

Download ppt "Policies CIT 380: Securing Computer SystemsSlide #1."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
HIPAA Security.

HIPAA Security.
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Security for Mobile Devices

Security for Mobile Devices
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.

Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Security Controls – What Works

Security Controls – What Works
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.
Information Security Policies and Standards

Information Security Policies and Standards
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
General Security Principles and Practices Chapter 3.

General Security Principles and Practices Chapter 3.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
95752:11-1 Security Policy. 95752:11-2 Policy Set of detailed rules as to what is allowed on the system and what is not allowed. User Policy System Policy.

95752:11-1 Security Policy :11-2 Policy Set of detailed rules as to what is allowed on the system and what is not allowed. User Policy System Policy.

Similar presentations

Ads by Google