Designing security architecture infrastructures
Download
1 / 17

- PowerPoint PPT Presentation


  • 253 Views
  • Updated On :

Designing Security Architecture Infrastructures. CISSP . CISSP - Certified Information System Security Professional . https://www.isc2.org CISSP examination http://www.cccure.org CISSP Studying Information . CISSP Certification Examination.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - raven


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Cissp certified information system security professional l.jpg
CISSP - Certified Information System Security Professional

  • https://www.isc2.org

    • CISSP examination

  • http://www.cccure.org

    • CISSP Studying Information

LTU CISSP


Cissp certification examination l.jpg
CISSP Certification Examination

  • The CISSP Certification examination consists of 250 multiple-choice questions. Candidates have up to 6 hours to complete the examination.

  • Ten CISSP information systems security test domains are covered in the examination pertaining to the Common Body of Knowledge:

    • Access Control Systems & Methodology

    • Applications & Systems Development

    • Business Continuity Planning

    • Cryptography

    • Law, Investigation & Ethics

    • Operations Security

    • Physical Security

    • Security Architecture & Models

    • Security Management Practices

    • Telecommunications, Network & Internet Security

LTU CISSP


Agenda l.jpg
Agenda

  • Common Body of Knowledge – 6 Topics

    • Cover the examination topics – but will emphasis what works and what does not

  • Homework – yes

    • Skim the chapter

    • do some projects

    • do practice tests and discuss results.

  • Discussion of Sample Tests

    • Why topics are important

  • Hand-outs

    • Electronic Viewgraphs will be available at the end of the course.

    • Still Being Improve

LTU CISSP


Mapping l.jpg
Mapping

LTU CISSP


Itu cissp two classes l.jpg
ITU / CISSP Two Classes

  • Designing Security Architecture Infrastructures

    • Focuses on the technical items

    • Security Assessment

  • Management Infrastructures

    • Plans

    • Polices & Procedures

    • Test Readiness

LTU CISSP


Instructor l.jpg
Instructor

  • Jim Bullough-Latsch

  • Security Experience

    • Recent security assessments, plans, policies, procedures for Web Systems.

    • Worked on Classified Systems.

    • Architect for Several Systems with Sensitive Data

    • Consulted on automating alarms and physical security systems

  • Has plenty of Degrees and Lots of Years

    • Available for consulting!

LTU CISSP


Why are you here l.jpg
Why are you here?

  • What do you know?

  • What do you want to learn?

LTU CISSP


Security trends quick summary l.jpg
Security Trends – Quick Summary

  • On-line Business

  • On-Line Information

  • Access to Information

  • Home Land Security

  • Traditional Closed Systems – New DoD Business

LTU CISSP


Dollars l.jpg
Dollars!

  • Security = $

LTU CISSP


Jim s definition of computer security l.jpg
Jim’s Definition of Computer Security

  • “Protecting tomorrow systems against yesterday’s threats”

  • Advice – Follow the Money

LTU CISSP


Security trends book chapter 2 l.jpg
Security Trends – Book Chapter 2

  • Many organizations incorrectly assume that information security is a technical issue.

    • Information security is a management issue that may require technical solutions.

    • Agree – and it requires operational solutions as well.

  • More and More Companies are coming online and connecting their closed systems to the internet.

    • Agree – Need to stay in business

  • Lots of Advice about multiple layers as a security feature

    • Disagree

    • Each new interface causes lots of problems and access points!

LTU CISSP


Internet information and vulnerability l.jpg
Internet – Information and Vulnerability

  • Cardholder Information Security Program - Check List

  • Will Review some each Session

LTU CISSP


Visa u s a cardholder information security program cisp l.jpg
Visa U.S.A. Cardholder Information Security Program (CISP)

  • The Visa U.S.A. Cardholder Information Security Program (CISP) defines a standard of due care and enforcement for protecting sensitive information.

    • Because the payment industry places a high priority on maintaining the confidentiality and integrity of account and personal data, the CISP requirements are directed to all entities that store, process, or transmit cardholder information.

  • The program ensures the annual validation of merchants that accept Visa and all service providers on both the Issuing and Acquiring side of the business.

    • Includes advice on best practices and information sources!

LTU CISSP


Information security program digital dozen requirements l.jpg
Information Security Program – Digital Dozen Requirements

  • Install and maintain a working firewall to protect data

  • Keep security patches up-to-date

  • Protect stored data

  • Encrypt data sent across public networks

  • Use and regularly update anti-virus software

  • Restrict access by "need to know"

  • Assign unique ID to each person with computer access

  • Don't use vendor-supplied defaults for passwords and security parameters

  • Track all access to data by unique ID

  • Regularly test security systems and processes

  • Implement and maintain an information security policy

  • Restrict physical access to data

LTU CISSP


Rest of today l.jpg
Rest Of Today

  • Internet Sources

  • CISP Overview

  • Access Control

LTU CISSP


Internet resources l.jpg

http://commoncriteria.org

http://csrc.nist.gov/

http://iase.disa.mil/policy.html#guides

http://niap.nist.gov/

http://sepo.spawar.navy.mil/sepo/index2.html

http://us.mcafee.com

http://usa.visa.com/business/merchants/cisp_index.html

http://v4.windowsupdate.microsoft.com/

http://www.cert.org

http://www.criticalsecurity.com

http://www.fas.org/irp/doddir/dod/5200-1r

http://www.hq.nasa.gov/office/codeq/ns871913.htm

http://www.isalliance.org/

http://www.microsoft.com/security

http://www.nsa.gov

http://www.pogner.demon.co.uk/mil_498

http://www.radium.ncsc.mil/tpep

http://www.sans.org/top20/

http://www.symantec.com/

https://sans20.qualys.com/

Internet Resources

LTU CISSP


ad