kaplan school of information systems and technology
DESCRIPTION
Kaplan School of Information Systems and Technology. Unit 4 IT 484 Networking Security. Course Name – IT484-01 Networking Security 1203C Term Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Email: [email protected] - PowerPoint PPT PresentationTRANSCRIPT
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY
Unit 4Unit 4IT 484 Networking IT 484 Networking
SecuritySecurityCourse Name – IT484-01 Networking Security 1203C Term Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Email: [email protected] Phone: 641-649-2980Office Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET
#1. Name two confidentiality mechanisms#2. How does cryptographic check sum ensure integrity?#3. What is the most basic form of availability?
UNIT 3 REVIEW
Attack vs. Security Service
UNIT 4
Readings for UNIT 4
Web Readings Network security policy: best practiceshttp://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f945.shtml Producing Your Network Security Policy available at:http://www.watchguard.com/docs/whitepaper/securitypolicy_wp.pdf
Understand Why Policy Is ImportantDefine Various PoliciesCreate Appropriate PolicyDeploy PolicyUse Policy Effectively
UNIT 4
Policy
The two primary functions of a policy are:
1. To define the scope of security within an organization. 2. To clearly state the expectations from everyone in the organization.
UNIT 4
Policy
Policy defines how security should be implemented including system configurations, network configurations, and physical security measures. Policy defines the mechanisms used to protect information and systems.Policy defines how organizations should react when security incidents occur and provides the framework for employees to work together. Policy defines the common goals and objectives of the organization’s security program. Proper security awareness training helps implement policy initiatives effectively.
UNIT 4
Why is policy important?
Policy example exercise: Describe a household policy step-by-step. (replace paper towel, take out garbage, etc.) Describe how to handle a household accident.
Describe the first, second, and third steps after a fender-bender.
Describe a policy that impacts a household for five years.
UNIT 4
Why is policy important?
Information policySecurity policy Computer use policy Internet use policy E-mail policyUser management proceduresSystem administration procedures Backup policyIncident response policy Configuration management procedures Design methodology Disaster recovery plans
UNIT 4
Types of Policies
Policies should have sections outlining the following:
Purpose – why the policy was created Scope – what does it apply to (computers, users, etc.) Responsibility – who will be held accountable Other – enforcement, requirements, standards, compliance, monitoring, etc.
UNIT 4
Common Parts of a Policy
Docs in Doc Sharing:
SAMPLE INFORMATION TECHNOLOGY SECURITY PLAN by Robert H. Spencer PhD
A Short Primer for Developing Security Policies – from SANS by Michele D. Guel
UNIT 4
Examples of Policies
Audit Policy (subheading under Security Policy)Audit Policy versus policy review
The audit section of the security policy defines the types of events to be audited on all systems. For example:
Logins (successful and failed), logouts, failed access to files or system objects, remote access (successful and failed), privileged actions (those performed by administrators, both successes and failures), system events (such as shutdowns and reboots)
Each event should capture the following information:User ID (if there is one), date and time, process ID (if there is one), action performed and success or failure of the event
UNIT 4
Examples of Policies
Audit PolicyPurpose: Scope:Responsibility:Other:
Who creates the audit policy? Who can change it? Who performs the audits? Who can change the process? What is done with the audit results?
UNIT 4
Examples of Policies (cont.)
Internet Use PolicyThe Internet use policy defines the appropriate use of the Internet within an organization. It may also define inappropriate use such as visiting non-business-related web sites.
Requires management to define inappropriate usage and IT personnel to alert management
Relies on audit data to verify usage – sites, usage, time, etc.Each event should capture the following information:
User ID (if there is one), date and time, process ID (if there is one), action performed and success or failure of the event
UNIT 4
Examples of Policies
UNIT 3
Assignments for UNIT 4Read Chapter 6 and the Web Reading
Post to two Discussion questions – 30 points
Complete Project Assignments Part A and B - 55 points
APA formattingNo spelling or grammar errorsMust have reference page
UNIT 3
Assignment for UNIT 4
Write a paper creating an IT security policy for the bank.
UNIT 3
Assignment for UNIT 4You have been hired by KU Bank One, a large bank that has 500 employees, to increase their corporate information security. Your first task is to create an IT security policy for the bank. You must include the following topics in your policy, along with 3 other key topics you feel critical to securing the bank’s assets:
- Authentication requirements- Access control requirements- Network connection requirements- Remote access requirements- Encryption requirements
This policy needs to be professionally written, cover the key aspects listed and provide three additional areas you feel are critical. This document should be a complete, ready to use, professionally written security plan. The page length should be between 4 and 8 pages.
UNIT 3
Assignment for UNIT 4
RUBRICPaper is professionally written and includes keyinformation on all 5 topics listed. Points 0-15
Paper includes key information on all 3 topicsbeyond the key topics above and there are 3 keyinclusions for an IT policy for a large bank. Points 0-20
Policy created could be used as written by a largebank with little or no new material added. Points 0-20