IT SECURIY

7/24/2019 IT SECURIY

http://slidepdf.com/reader/full/it-securiy 1/32

ITINFRASTRUCTURE

SECURITY

SachinHarsh



1.TRANSITIONHEADLINE

Let’sthe



AGENDAIT Infrasstructure in CBS

Security rinci!"eSecurity C#ntr#"s

$ysica" Security

L#%ica" Security

Net&#r' Security

Ne(t Generati#n De)icesE C$anne"s

Ris' Assess*ent

+eti%atin% Ris's





IT INFRASTRUCTURE CBS



Physical Security





BIG CONCETBrin the attention o yo!r a!dience o"er a #eyconce$t !sin icons or ill!strations



,$iteIs the color o %il# and

resh snow& the color$rod!ced 'y theco%'ination o all thecolors o the "isi'les$ectr!%(

YOU CAN ALSO SLIT YOUR CONTENT

B"ac' Is the color o coal&

e'ony& and o o!ters$ace( It is the dar#estcolor& the res!lt o thea'sence o or co%$letea'sor$tion o liht(



IN T,O OR THREE COLU+NS

Ye""#&Is the color o old&

'!tter and ri$ele%ons( In thes$ectr!% o "isi'le

liht& yellow iso!nd 'etween

reen and orane(

B"ueIs the colo!r o the

clear s#y and thedee$ sea( It islocated 'etween

"iolet and reen onthe o$tical

s$ectr!%(

Re-Is the color o

'lood& and 'eca!seo this it hashistorically 'een

associated withsacrifce& daner

and co!rae(



A ICTURE IS ,ORTH ATHOUSAND ,ORDS

A co%$le) idea can 'econ"eyed with *!st a sinlestill i%ae& na%ely %a#in it$ossi'le to a'sor' larea%o!nts o data +!ic#ly(



,ANT BIG I+ACT

Use 'ii%ae(



USE CHARTS TOE/LAIN YOURIDEAS

,HITE B.RA/



OR USE DIAGRA+S TO E/LAIN CO+LE/ IDEAS

Sa%$le Te)t

Sa%$le Te)t

Sa%$le Te)t

Sa%$le Te)t



AND TABLES TO CO+ARE DATA

A B C

/ellow 13 43 5

Bl!e 63 17 13

0rane 7 48 19



+AS

o!ro1ce



:;<749<1,hoa2 That’s a 'i n!%'er& aren’t yo! $ro!d3



:;<749<148= That’s a lot o %oney

133> Total s!ccess2

1:7<488 users

And a lot o !sers



OUR ROCESS IS EASY

First

Second

Last



LET?S RE@IE, SO+E CONCETS

Ye""#&Is the color o old& '!tterand ri$e le%ons( In thes$ectr!% o "isi'le liht&yellow is o!nd 'etween

reen and orane(

B"ueIs the colo!r o the clear s#yand the dee$ sea( It islocated 'etween "iolet andreen on the o$tical

s$ectr!%(

Re-Is the color o 'lood& and'eca!se o this it hashistorically 'een associatedwith sacrifce& daner and

co!rae(

Ye""#&Is the color o old& '!tterand ri$e le%ons( In thes$ectr!% o "isi'le liht&yellow is o!nd 'etweenreen and orane(

B"ueIs the colo!r o the clear s#yand the dee$ sea( It islocated 'etween "iolet andreen on the o$ticals$ectr!%(

Re-Is the color o 'lood& and'eca!se o this it hashistorically 'een associatedwith sacrifce& daner andco!rae(



/o! can co$y4$aste ra$hs ro% .oole Sheets



5lace yo!r screhere

ANDROID ROECT

Show and e)$lain yo!r we'&a$$ or sotware $ro*ects!sin these adette%$lates(



5lace yo!r screehere

IHONE ROECT

Show and e)$lain yo!r we'&a$$ or sotware $ro*ects!sin these adet

te%$lates(



5lace yo!r screens

TABLET ROECT

Show and e)$lain yo!r we'&a$$ or sotware $ro*ects!sin these adet

te%$lates(



5lace yo!r screenshot here

DESTO ROECT

Show and e)$lainyo!r we'& a$$ orsotware $ro*ects

!sin these adette%$lates(



THANS

Any +!estions3 /o! can fnd %e at 6!serna%e 4!ser6%ail(%e



+eti%atin% Ris's

7Ba"ance r#tecti#n ,it$ Uti"ityCo%$!ters in an o1ce co!ld 'e co%$letely $rotected i all the %ode%s weretorn o!t and e"eryone was #ic#ed o!t o the roo% 9 '!t then they wo!ldn’t 'eo !se to anyone( This is why one o the 'iest challenes in IT sec!rity isfndin a 'alance 'etween reso!rce a"aila'ility and the confdentiality andinterity o the reso!rces(

Rather than tryin to $rotect aainst all #inds o threats& %ost IT de$art%entsoc!s on ins!latin the %ost "ital syste%s frst and then fndin acce$ta'leways to $rotect the rest witho!t %a#in the% !seless( So%e o the lower9$riority syste%s %ay 'e candidates or a!to%ated analysis& so that the %osti%$ortant syste%s re%ain the oc!s(

7S!"it u! t$e Users an- Res#urcesFor an inor%ation sec!rity syste% to wor#& it %!st #now who is allowed to see

and do $artic!lar thins( So%eone in acco!ntin& or e)a%$le& doesn’t need tosee all the na%es in a client data'ase& '!t he %iht need to see the f!resco%in o!t o sales( This %eans that a syste% ad%inistrator needs to assinaccess 'y a $erson’s *o' ty$e& and %ay need to !rther refne those li%itsaccordin to orani:ational se$arations( This will ens!re that the chie fnancialo1cer will ideally 'e a'le to access %ore data and reso!rces than a *!nioracco!ntant(

That said& ran# doesn’t %ean !ll access( A co%$any;s CE0 %ay need to see%ore data than other indi"id!als& '!t he doesn’t a!to%atically need !ll accessto the syste%( This 'rins !s to the ne)t $oint(



+eti%atin% Ris's

Assi%n +ini*u* ri)i"e%esAn indi"id!al sho!ld 'e assined the %ini%!% $ri"ilees neededto carry o!t his or her res$onsi'ilities( I a $erson’s res$onsi'ilities

chane& so will the $ri"ilees( Assinin %ini%!% $ri"ileesred!ces the chances that <oe ro% desin will wal# o!t the door with

all the %ar#etin data(



+eti%atin% Ris's

7Use In-e!en-ent Defenses This is a %ilitary $rinci$le as %!ch as an IT sec!rity one( Usin onereally ood deense& s!ch as a!thentication $rotocols& is only ood!ntil so%eone 'reaches it( ,hen se"eral inde$endent deenses

are e%$loyed& an attac#er %!st !se se"eral di=erent strateies toet thro!h the%( Introd!cin this ty$e o co%$le)ity doesn’t$ro"ide >?? $ercent $rotection aainst attac#s& '!t it does red!cethe chances o a s!ccess!l attac#(7"an f#r Fai"ure5lannin or ail!re will hel$ %ini%i:e its act!al conse+!encessho!ld it occ!r( Ha"in 'ac#!$ syste%s in $lace 'eorehand allows

the IT de$art%ent to constantly %onitor sec!rity %eas!res andreact +!ic#ly to a 'reach( I the 'reach is not serio!s& the '!siness

or orani:ation can #ee$ o$eratin on 'ac#!$ while the $ro'le% isaddressed( IT sec!rity is as %!ch a'o!t li%itin the da%ae ro%'reaches as it is a'o!t $re"entin the%(



+eti%atin% Ris's

7Rec#r-< Rec#r-< Rec#r-Ideally& a sec!rity syste% will ne"er 'e 'reached& '!t when asec!rity 'reach does ta#e $lace& the e"ent sho!ld 'e recorded( Inact& IT sta= oten record as %!ch as they can& e"en when a

'reach isn;t ha$$enin( So%eti%es the ca!ses o 'reaches aren’ta$$arent ater the act& so it;s i%$ortant to ha"e data to trac#'ac#wards( @ata ro% 'reaches will e"ent!ally hel$ to i%$ro"e thesyste% and $re"ent !t!re attac#s 9 e"en i it doesn’t initially %a#esense(

7Run Freuent TestsHac#ers are constantly i%$ro"in their crat& which %eansinor%ation sec!rity %!st e"ol"e to #ee$ !$( IT $roessionals r!n

tests& cond!ct ris# assess%ents& reread the disaster reco"ery $lan&chec# the '!siness contin!ity $lan in case o attac#& and then do itall o"er aain(





S"i-esCarni)a" s$a!es(

This %eans that Resi:e the% wiChane line co

Isn’t that nice3 D

E)a%$les

Documents

IT SECURIY