information systems security
Download
Skip this Video
Download Presentation
Information Systems Security

Loading in 2 Seconds...

play fullscreen
1 / 20

Information Systems Security - PowerPoint PPT Presentation


  • 68 Views
  • Uploaded on

Information Systems Security. Operations Security Domain #9. Operations Security Objectives. Operations Responsibility & Personnel Configuration Management Media Access Protection System Recovery Facsimile Security Vulnerability and Penetration Testing Attack Types.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Information Systems Security' - maj


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
information systems security

Information Systems Security

Operations Security

Domain #9

operations security objectives
Operations Security Objectives
  • Operations Responsibility & Personnel
  • Configuration Management
  • Media Access Protection
  • System Recovery
  • Facsimile Security
  • Vulnerability and Penetration Testing
  • Attack Types
computer operations
Computer Operations
  • Fixing Hardware and software issues
  • Media Libraries
  • Controlling Remote Access
  • Contingency Planning
  • Incident Handling
  • Licensing Issues
  • Input Controls
  • Backup and Recovery
threats to operations
Threats to Operations
  • Disclosure
  • Destruction
  • Loss of system and network capabilities
  • Corruption and Modification
  • Theft
  • Espionage
  • Hackers/Crackers
  • Malicious Code
issues
Issues
  • Backup Maintenance
  • Change workstation/location
    • Used to improve security
  • Need to Know Required
  • Least Privilege Principle Enforced
  • Due Care
  • Due Diligence
    • U.S. Federal Sentencing Guidelines of 1991
      • Up to 290M for non-performance
security control types
Security Control Types
  • Directive control
    • Used to guide the security implementation
  • Preventive control
    • Can deter or mitigate undesirable actions
  • Detective control
    • Verifies whether a control has been successful
  • Corrective control
    • Used to reverse the effects of an unwanted activity
examples
Examples
  • Directive – policies, standards, laws
  • Preventive – firewalls, authentication, access controls, antivirus software
  • Detective – audit trails, logs, CCTV, CRC
  • Corrective – incident handling, fire extingiuishers
vulnerability testing
Vulnerability Testing
  • Things to agree upon
    • Goals of the assessment
    • Written agreement from management
    • Explaining testing ramifications
    • Understand results are just a ‘snapshot’
steps in testing
Steps in Testing
  • Reconnaissance
    • Obtain info either passively or actively
      • Sniffing, eavesdropping, ARIN, Whois, etc.
  • Scanning
    • ID systems that are running and active services
      • Ping sweeps and port scans
  • Gaining Access
    • Exploiting vulnerabilities to gain access
      • Buffer overflow, brute force
more steps
More Steps
  • Maintaining Access
    • Uploading software to ensure reentry
      • Trojan Horse, backdoor
  • Covering Tracks
    • Hide one’s malicious activities
      • Delete system and application logs
honeypots
Honeypots
  • Usually placed in DMZ
    • Should not be connected to internal network
  • Sacrificial lamb system
  • Goal is that hackers will attack this system instead of production system
  • Leaves many ports open and services running to be more ‘enticing’
sensitive media handling
Sensitive Media Handling
  • Marking
  • Handling
  • Storing
  • Destruction
  • Declassification
continuity of operations
Continuity of Operations
  • Fault Tolerance
    • Software
    • Hardware
  • Data Protection
    • RAID 0, 1, 5, 10
  • Redundant Communications
    • Phone, Broadband, Wireless, Satellite
  • Redundant Power Supplies
auditing
Auditing
  • Auditing Basics
    • Logs, monitors, and triggers
  • Accountability, Compliance
  • Audit trails
  • Sampling and clipping levels
  • External auditors
monitoring tools
Monitoring Tools
  • Warning banners
  • Keystroke monitoring
  • Traffic analysis
  • CCTV
more terms
More Terms
  • Ethical Hacking
  • War dialing
  • Radiation monitoring
  • Dumpster diving
  • Social engineering
physical security
Physical Security
  • Facility Location and construction
  • Electrical Issues
  • Perimeter Protection
  • Physical Intrusion Detection
  • Fire Prevention
threats
Threats
  • Physical Damage
  • Theft of Assets
  • Interruption of Service
  • Disclosure of Proprietary Information
  • Natural Disaster
  • Vandalism
  • Terrorism
administration controls
Administration Controls
  • Facility construction
  • Site management
  • Personnel controls
  • Emergency procedures
  • Awareness training
technical controls
Technical Controls
  • Access controls
  • Alarms
  • CCTV/Monitors
  • HVAC
  • Power Supplies
  • Fire detection and suppression
ad