Download presentation
Presentation is loading. Please wait.
Published byAndrew Freeman Modified over 9 years ago
1
©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir
2
©Dr. Respickius Casmir Outline Introduction to IT Security Best Practices The Security Team Security Policy Enforceability Minimum Security Requirements
3
©Dr. Respickius Casmir Introduction to Security Best Practices Best practices in network security are more about the what and why of securing the organization's information assets than about the how. The IT Security Policy is a formal definition of an organization's stance on security, meaning what is allowed and what is not allowed.
4
©Dr. Respickius Casmir Introduction to Security Best Practices (2) Policy statements, in particular "Acceptable Use" statements, define users' roles and responsibilities and can be stated as general high-level statements that cover all network systems and data within the organization. The statements should include acceptable use of systems and data for ALL categories of USERS including the system administrator.
5
©Dr. Respickius Casmir Introduction to Security Best Practices (3) The intent of this policy is to clearly define the purpose, providing guidelines and responsibilities. The policy should also identify specific actions that could be taken in response to a violation of security policy, including disciplinary action. Put it in print and post it on the walls.
6
©Dr. Respickius Casmir Introduction to Security Best Practices (4) Security awareness training is a MUST to make the policy enforceable. All employees must be aware of the security policy and if possible every employee sign on a copy of the acceptable-use statement.
7
©Dr. Respickius Casmir The Security Team The security team needs to be a cross- functional team with participants from every operational area. The team is responsible for policy awareness and enforcement as well as being informed on the technical aspects of the security architecture. The team is also responsible for responding to security breaches and reporting to senior management..
8
©Dr. Respickius Casmir The Security Team (2) The security team should also be responsible for approving security changes, or alternatively, a security team member should sit on the change management team. Monitoring the security of the network, creating an incident response process that includes being part of the restoration team when a loss occurs – they are all responsibilities of the security team.
9
©Dr. Respickius Casmir Security Policy Enforceability In order for a policy to be enforceable, it needs to be Consistent with other corporate policies Accepted by the network support staff as well as the appropriate levels of management Enforceable using existing network equipment and procedures Compliant with local and national laws.
10
©Dr. Respickius Casmir Minimum Security Requirements 1. Software patch updates 2. Anti-virus software 3. Host-based firewall software 4. Passwords 5. No unencrypted authentication 6. No unauthenticated email relays 7. No unauthenticated proxy services 8. Physical security 9. Unnecessary services
11
©Dr. Respickius Casmir Conclusion Remember that it is impossible to completely secure distributed systems. The goal is to create security awareness and implement security mechanisms, minimize risk and maximize the use of technology.
12
©Dr. Respickius Casmir Thank You! Dr. Respickius Casmir res@udsm.ac.tz
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.