donald hester march 30, 2010 for audio call toll free 1 - 888-886-3951 and use pin/code 133206 it...
TRANSCRIPT
![Page 1: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/1.jpg)
Donald HesterMarch 30, 2010
For audio call Toll Free 1-888-886-3951
and use PIN/code 133206
IT Best Practices for Community Colleges Part 3: Configuration ManagementIT Best Practices for Community Colleges Part 3: Configuration Management
![Page 2: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/2.jpg)
• Maximize your CCC Confer window.• Phone audio will be in presenter-only mode.• Ask questions and make comments using the chat window.
HousekeepingHousekeeping
![Page 3: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/3.jpg)
Adjusting AudioAdjusting Audio
1) If you’re listening on your computer, adjust your volume using the speaker slider.
2) If you’re listening over the phone, click on phone headset.
Do not listen on both computer and phone.
![Page 4: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/4.jpg)
Saving Files & Open/close CaptionsSaving Files & Open/close Captions
1. Save chat window with floppy disc icon
2. Open/close captioning window with CC icon
![Page 5: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/5.jpg)
Emoticons and PollingEmoticons and Polling
1) Raise hand and Emoticons
2) Polling options
![Page 6: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/6.jpg)
Donald Hester
IT Best Practices for Community Colleges Part 3: Configuration ManagementIT Best Practices for Community Colleges Part 3: Configuration Management
![Page 7: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/7.jpg)
“The management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an information system.”• National Information Systems Security
Glossary
7
![Page 8: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/8.jpg)
Control Objectives for Information and related Technology (COBIT)
Information Technology Infrastructure Library (ITIL)
International Standards Organization (ISO)
National Institute of Standards and Technology (NIST)
8
![Page 9: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/9.jpg)
80% of IT systems outages are caused by operator and application errors.
![Page 10: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/10.jpg)
1 admin for every 100 servers More planned work than unplanned work More staff early in lifecycle Collaboration Posture of compliance (IT standards) Culture of change management Understand causality Manage by facts
![Page 11: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/11.jpg)
Configuration Management Change Management Release Management Incident Management Problem Management
![Page 12: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/12.jpg)
Benefits of Configuration ManagementBenefits of Configuration Management
Good CM does not increase workload it decreases it
Fewer Incidents Greater Return on Investment (ROI) Faster Recovery (MTTR) Improve IS quality Improve IT service
![Page 13: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/13.jpg)
Configuration identification• Baseline, gold standard
Configuration control• Change management, change control
Configuration status accounting• Enforcement
Configuration audits• Testing
13
![Page 14: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/14.jpg)
Configuration Management Database (CMDB)
A repository of information related to all the components of an information system• Configuration files
• Group Policy settings
• Image files for operating systems
Details about the important attributes and relationships between them
14
![Page 15: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/15.jpg)
Develop, disseminate, and review/update
A documented configuration management policy
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance
15
![Page 16: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/16.jpg)
Develop, document, and maintain under configuration control, a current baseline configuration • Images
• Builds
• CMDB
• Configuration files
• GPO (Group policy objects)
16
![Page 17: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/17.jpg)
A place to start• Federal Desktop Core Configuration (FDCC)
• CIS Benchmarks
Modify based upon your needs• You may have different configurations for
different workstations
• Compatibility issues
• Interoperability issues
17
![Page 18: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/18.jpg)
Determine the types of changes to the information system that are configuration controlled
Approve configuration-controlled changes Coordinate and provide oversight for
configuration change control activities Document approved configuration-
controlled changes
18
![Page 19: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/19.jpg)
Analyze changes to the information system to determine potential security impacts prior to change implementation • Confidentiality
• Integrity
• Availability
• Interoperability
• Compatibility
19
![Page 20: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/20.jpg)
Define, document, approve, and enforce physical and logical access restrictions associated with changes to the information system • Limit who can make changes
• This means no local admins
• Automate if possible
20
![Page 21: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/21.jpg)
Configure the information system to provide only essential capabilities and specifically prohibit or restrict the use of functions, ports, protocols, and/or services • If it is not needed why have it?
21
![Page 22: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/22.jpg)
Develop, document, and maintain an inventory of information system components • Accurately reflect the current system
• At a level of granularity deemed necessary
22
![Page 23: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/23.jpg)
There is no compulsory IT standard required for local governments
The National Institute of Standards and Technology (NIST)encourages state, local and tribal governments to consider the use of these guidelines, as appropriate
In adopting NIST standards the local government demonstrates due diligence
![Page 24: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/24.jpg)
Institute of Configuration Management • http://www.icmhq.com/
NIST (FDCC)• http://nvd.nist.gov/fdcc/index.cfm
Center for Internet Security (CIS) Benchmarks• http://cisecurity.org/
IT Governance Institute (ITGI)• http://www.itgi.org/
24
![Page 25: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/25.jpg)
Donald E. HesterCISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+
Maze & Associates
@One / San Diego City College
www.LearnSecurity.org
http://www.linkedin.com/in/donaldehester
http://www.facebook.com/group.php?gid=245570977486
Q&AQ&A
![Page 26: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/26.jpg)
Evaluation Survey LinkEvaluation Survey Link
Help us improve our seminars by filing out a short online evaluation survey at:
http://www.surveymonkey.com/s/10SpIT3
![Page 27: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/27.jpg)
“Engaging every online student in lean and green times.”
June 16, 17, & 18 - San Diego City CollegeRegister now at http://otc10.org
Join us in San Diego at the2010 Online Teaching ConferenceJoin us in San Diego at the2010 Online Teaching Conference
![Page 28: Donald Hester March 30, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 133206 IT Best Practices for Community Colleges Part 3: Configuration](https://reader033.vdocuments.site/reader033/viewer/2022051819/5514e75d550346935c8b5934/html5/thumbnails/28.jpg)
Thanks for attendingFor upcoming events and links to recently archived
seminars, check the @ONE Web site at:
http://onefortraining.org/
IT Best Practices for Community Colleges Part 3: Configuration ManagementIT Best Practices for Community Colleges Part 3: Configuration Management