Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 9: Designing Security for Data. Overview Creating a Security Plan for Data Creating a Design for Security of Data.

Published byHorace Nathaniel Moody Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 9: Designing Security for Data. Overview Creating a Security Plan for Data Creating a Design for Security of Data."— Presentation transcript:

1 Module 9: Designing Security for Data

2 Overview Creating a Security Plan for Data Creating a Design for Security of Data

3 Lesson 1: Creating a Security Plan for Data MSF and Security of Data Defense in Depth and Security of Data What Is Access Control? STRIDE Threat Model and Security of Data Activity: Identifying Threats to Data

4 MSF and Security of Data The MSF envisioning and planning phases help you to: Decide which locations your plan will help to protect Ensure that appropriate countermeasures are applied Consider appropriate DACL configuration Decide which locations your plan will help to protect Ensure that appropriate countermeasures are applied Consider appropriate DACL configuration 3 3 4 4 5 5 Plan Envision

5 Defense in Depth and Security of Data Policies, Procedures, and Awareness Physical Security Perimeter Internal Network Application Host Data

6 What Is Access Control? Stored on the user’s computer Contains the SIDs of the users account and groups Lists the user rights for the user Stored on the user’s computer Contains the SIDs of the users account and groups Lists the user rights for the user Access Token Contains an ACE for each permission that is assigned SIDs compared to SIDs in the access token Contains an ACE for each permission that is assigned SIDs compared to SIDs in the access token DACL Defines the protections that apply to an object ACE

7 STRIDE Threat Model and Security of Data Administrators and users have improper rights Spoofing Computers running Windows use default NTFS and share permissions Tampering Hardware fails Repudiation Permissions are assigned incorrectly Information disclosure A user irreversibly encrypts a file Denial of service A virus corrupts or deletes data Elevation of privilege

8 Activity: Identifying Threats to Data In this practice you will: Read the scenario Answer the questions Discuss with the class Read the scenario Answer the questions Discuss with the class

9 Lesson 2: Creating a Design for Security of Data Process for Designing an Access Control Model Considerations for Combining NTFS and Share Permissions Multimedia: How Encryption Works Process for Designing EFS Policies Guidelines for Managing Data Securely Activity: Data Threats and Countermeasures

10 To design an access control model, follow these steps: Determine access control requirements Create the access control model Implement the model Determine access control requirements Create the access control model Implement the model 1 1 3 3 2 2 Process for Designing an Access Control Model Accounts Global Group Domain Local Group Permissions

11 Considerations for Combining NTFS and Share Permissions PermissionsApplied Share When the data is accessed remotely over a network NTFS When a user accesses data on an NTFS volume locally or remotely

12 Multimedia: How Encryption Works How EFS Works How BitLocker Works

13 To ensure the proper use of encryption in your organization, design: Policies for encrypting files Procedures for recovering encrypted files A user education strategy Policies for encrypting files Procedures for recovering encrypted files A user education strategy 1 1 3 3 2 2 Process for Designing Encryption Policies

14 Guidelines for Managing Data Securely For each areaDetermine Data storage location How to store data on the network What data to store locally Backup strategy Who can back up and restore files How frequently to back up files How to secure backup media Auditing How to audit data access How to review data access audit logs Management permissions Who manages data Where to manage data Hardware replacement How to use hardware redundancy technology How often to replace hardware Data retention How long to retain data on the network How and where to archive data from the network

15 Activity: Data Threats and Countermeasures In this practice you will: Read the scenario Choose the best risk management strategy Determine an appropriate security response Discuss with the class Read the scenario Choose the best risk management strategy Determine an appropriate security response Discuss with the class

16 Lab: Designing Security for Data Exercise 1 Identifying Potential Data Vulnerabilities Exercise 2 Designing Countermeasures

Download ppt "Module 9: Designing Security for Data. Overview Creating a Security Plan for Data Creating a Design for Security of Data."

Similar presentations

Planning and Administering Windows Server® 2008 Servers

Planning and Administering Windows Server® 2008 Servers
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 1: Installing Windows XP Professional

Module 1: Installing Windows XP Professional
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
15.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

15.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.

Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.

1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Module 13: Configuring Availability of Network Resources and Content.

Module 13: Configuring Availability of Network Resources and Content.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Implementing File and Print Services

Implementing File and Print Services
Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.

Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.

Similar presentations

Ads by Google