administering security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Administering Security PowerPoint Presentation
Download Presentation
Administering Security

Loading in 2 Seconds...

play fullscreen
1 / 15

Administering Security - PowerPoint PPT Presentation


  • 215 Views
  • Uploaded on

Administering Security. Presented by Wing Chi. Security Goals. Security - a combination of technical, administrative, and physical controls. Protect data from leakage to outsiders. Protect against loss of data due to physical disaster Protect the data ’ s integrity. Administering Security.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Administering Security' - dawson


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
administering security

Administering Security

Presented by

Wing Chi

security goals
Security Goals
  • Security - a combination of technical, administrative, and physical controls.
  • Protect data from leakage to outsiders.
  • Protect against loss of data due to physical disaster
  • Protect the data’s integrity
administering security1
Administering Security
  • Planing
  • Risk analysis
  • Policy
  • Physical control
security planning
Security planning
  • Policy
  • Current state
  • Requirements
  • Recommended controls
  • Accountability
  • Timetable
  • Continuing attention
policy
Policy
  • Indicating the goals of a computer security effort and the willingness of the people involved to work to achieve those goals.
current state
Current State
  • Describing the status of security at the time of the plan
  • Risk analysis – a careful investigation of the system, its environment, and the things that might go wrong.
requirements
Requirements
  • Recommending ways to meet the security goals
  • Heart of the security plan
  • Organizational needs
recommended controls
Recommended Controls
  • Mapping controls to the vulnerabilities identified in the policy and requirements
accountability
Accountability
  • Describing who is responsible for each security activity
  • Personal computer
  • Project leaders
  • Managers
  • Database administrators
  • Information officers
  • Personnel staff
timetable
Timetable
  • Identifying when different security functions are to be done
  • Show how and when the element of the plan will be performed
continuing attention
Continuing Attention
  • Specifying a structure for periodically updating the security plan
octave
OCTAVE
  • The Software Engineering Institute at Carnegie Mellon University has created a framework for building a security plan
  • Identify enterprise knowledge
  • Identify operational area knowledge
  • Identify staff knowledge
  • Establish security requirements
  • Map high priority information assets to information infrastructure
  • Perform an infrastructure vulnerability evaluation
  • Develop a protection strategy
risk analysis opsec
Risk Analysis OPSEC
  • U.S Army used its Operations Security (OPSEC) guidelines during the Vietnam war
  • Identify the critical information to be protected
  • Analyze the threats
  • Analyze the vulnerabilities
  • Assess the risks
  • Apply countermeasures
reference
Reference
  • Pfleeger, Charles and Pfleeger, Shari. “Security in Computing.”
  • http://e-docs.bea.com/tuxedo/tux71
  • /html/secadm.htm