14
MSIA 711 MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

Embed Size (px)

Citation preview

Page 1: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

1

Introduction to Information Systems Security

Training and Policy

Week 1

Live Session PresentationLive Session Presentation

Page 2: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

2

Information Systems SecurityInformation Systems Security

Purpose: ConfidentialityIntegrityAvailability

Also: AuthenticityNon-Repudiation

Full security is achieved through:

physical, administrative, and technical safeguardscommon sense

Page 3: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

3

Who Should Be Trained?Who Should Be Trained?

Management

End Users (First Line of Defense)

InfoSec Staff (ISSPM, ISSM, NSM, ISSO, TASO, NSO)

System Administrators

Infrastructure Support Services

Who Should Be Trained?Who Should Be Trained?

Page 4: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

4

Awareness TrainingAwareness Training

Secure Password SelectionPassword Security “Least Privilege”Policy Understanding Workstation security - Terminal TimeoutHow to Report Incidents for appropriate actionWARNING Banner PagesRoles for Contingency ActionsAnti-Virus Precautions and ReactionsRegular Backups and Off-Site StorageReview and Act upon CERT/CIRT AlertsEvent Reporting Chain“Social Engineering” Awareness

Page 5: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

5

Advanced TrainingAdvanced Training

Apply as required for the group.

Management need to understand the risks, andthe need for advance capabilities toward Protection, Detection Response and recovery.

SysAdmins on Patches, Security Log configand review, OS config, Least Priviledge, etc.

Security Staff keep up to date on advanced issues

Page 6: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

6

Computer Incident/Emergency Response Centers/Teams, and occasionally vendors, responsibly send out Alerts or Advisories to warn activities and agencies of identifiedvulnerabilities that may be exploited, and how to proceed to “close the hole”. Examples include:

CERT-CCCERT-CCFEDCIRCFEDCIRCFIRSTFIRSTGovernment CERTSGovernment CERTS

Keep up on PatchesKeep up on Patches

Often, you can learn of new exploits before the CERTs warnOften, you can learn of new exploits before the CERTs warnsubscribers by getting on SecurityFocus e-mail listssubscribers by getting on SecurityFocus e-mail lists

(Bugtraq, VulnDev, etc)(Bugtraq, VulnDev, etc)

‚‚ƒƒ„„

Page 7: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

7

Key Issues to Effective Network Security

Management support

Personnel training

Cost-effective, planned, security measures

Network Security PolicyNetwork Security Policy

Adopt “Defense-in-Depth”

Roles and responsibilities

Processes and procedures

Page 8: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

8

Security PolicySecurity Policy

“The first step is to conduct a risk assessment”“best protect your most valuable assets”“evaluate each security threat”“compare the measures taken to protect that asset and ensure the measures do not cost more than…”

Slide Comments taken from: Network Security Policy – A Manager’s PerspectiveErnest D. HernandezNovember 22, 2000

Page 9: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

9

“The security-related decisions you make, or fail to make, as administrator largely determines how secure or insecure your network is, how much functionality your network offers, and how easy your network is to use. However, you cannot make good decisions about security without first determining what your security goals are. Until you determine what your security goals are, you cannot make effective use of any collection of security tools because you simply will not know what to check for and what restrictions to impose.”

Security PolicySecurity Policy

Guide to Writing Network Security Policy:~

Site Security Handbookhttp://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2196.html

Page 10: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

10

Network Security PlanNetwork Security Plan

What are we trying to protect? - Assets?

From whom are we trying to protect?

What are our Threats?

What are our Vulnerabilities?

What is likelihood of Threat occurrence?

What is the detrimental impact from occurrence?

What Safeguards do we have/do we need?

How do we implement security policy cost-effectively?

Page 11: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

11

DESIGNDESIGN

DEVELDEVEL

IMPLE-IMPLE-MENTMENT

OPERATEOPERATEOPERATEOPERATE

TestSecurity Features,Train

Identify & IncludeSecurityFeatures

Risk AnalysisST&ESecurity ProceduresDisaster Recovery PlanTrain

Patch Emerging ProblemsIdentify Addn’l NeedsAudit for ComplianceReview/UpdateTrain

Risk ManagementRisk Management

For our purposes “accredit” means “approve for operation/connection/use”

Page 12: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

12

What are some Policy issues?What are some Policy issues?

????

Page 13: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

13

File BackupsFile Backups

Scheduling / Impact to normal operations

Cost over Speed and Recoverability

Off-Site

Rotations: Son - Father - Grandfather

Page 14: MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation

MSIA 711MSIA 711

14

Asynch Session ReadingsAsynch Session Readings

Discussion:Discussion:

Malicious Software and Hoaxes

http://www.sans.org/infosecFAQ/email/protectionhttp://www.sans.org/infosecFAQ/malicious/hoaxes.htmhttp://www.sans.org/infosecFAQ/malicious/trojan_war.htm

Note: 2 are not on syllabus!

Little Black Book of Viruses (download from website)