bab 7 (assuring reliable and secure it services)
TRANSCRIPT
![Page 1: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/1.jpg)
![Page 2: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/2.jpg)
� The emergence of web-based commerce has
accelerated the expansion of a worldwide
network capable of transmitting information
reliably and securely across vast distances.
� Unfortunately, some components of a firm’s
infrastructure are not inherently reliable. The
reliability of processing systems depends on how
they are designed and managed.
![Page 3: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/3.jpg)
� Businesses need policies that determine how to
integrate redundant elements into a company’s
overall infrastructure: how backup systems and
equipment will be brough online, how problems
will be diagnosed and triaged, and who will be
responsible for responding to incidents.
� Making the wrong decision in designing or
maintaining infrastructure or in responding to
incidents can severely harm a business.
![Page 4: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/4.jpg)
� In modern context, a 98 percent availability rating
for a system usually means that its probability of
being up and running at any given time is 98
percent – period.
� Moreover, for real-time infrastructure, 98 percent
is not nearly good enough.
� In fact, the availability of today’s IT infrastructure
is often expressed in terms of a number of ‘nines’
(99.999) percent.
![Page 5: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/5.jpg)
![Page 6: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/6.jpg)
![Page 7: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/7.jpg)
![Page 8: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/8.jpg)
![Page 9: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/9.jpg)
1. Uninterruptible electric power delivery
2. Physical security
3. Climate control and fire suppression
4. Network connectivity
5. Help desk and incident response procedures
6. N+1 and N+N redundancy
![Page 10: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/10.jpg)
![Page 11: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/11.jpg)
� Classification of threats
1. External atttacks
2. Intrusion
3. Viruses and Worms
![Page 12: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/12.jpg)
![Page 13: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/13.jpg)
![Page 14: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/14.jpg)
![Page 15: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/15.jpg)
� Defensive measures
1. Security Policies
2. Firewalls
3. Authentication
4. Encryption
5. Intrusion detection and network monitoring
![Page 16: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/16.jpg)
1. Make deliberate security decision
2. Consider security a moving target
3. Practice disciplined change management
4. Educate users
5. Deploy multilevel technical measures, as many
as you can afford
![Page 17: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/17.jpg)
![Page 18: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/18.jpg)
� Managing incidents before they accur
1. Sound infrastructure design
2. Disciplined execution of operating procedures
3. Careful documentation
4. Established crisis management procedures
5. Rehearsing incident response
![Page 19: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/19.jpg)
� Managing during an incident
1. Emotional responses, including confusion, denial,
fear and panic
2. Wishful thinking and groupthink
3. Political maneuvering, diving for cover and ducking
responsibility
4. Leaping ti conclusions and blindness to evidence that
contradicts current beliefs
![Page 20: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/20.jpg)
� Managing after an incident
1. Rebuild parts of the infrastructure
2. Sometimes erasing and rebuilding everything from
scratch is the only way to be sure the infrastructure is
restored to its preincident state
3. It is essential to communicate the seriousness with
which a company protects the information entrusted
to it
![Page 21: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/21.jpg)
1. How available do our systems need to be? Are our
infrastructure investments in availability aligned with
requirements?
2. Are we taking security threats seriously enough? How
secure is our current infrastructure? How do we assess
information security on an ongoing basis? Have IT staff
members received adequate training? How do we
compare with information security best-in-class
organizations?
![Page 22: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/22.jpg)
3. Do we have plans for responding to infrastructure
incidents? Do we practice them on a regular basis? Are
staff members trained in incident response? What are
our plans and policies for communicating information
about incidents to external parties such as customers,
partners, the press and the public?
![Page 23: Bab 7 (assuring reliable and secure it services)](https://reader037.vdocuments.site/reader037/viewer/2022110315/55cf08edbb61eb3d5d8b45a5/html5/thumbnails/23.jpg)