msia 711 1 introduction to information systems security training and policy week 1 live session...
TRANSCRIPT
MSIA 711MSIA 711
1
Introduction to Information Systems Security
Training and Policy
Week 1
Live Session PresentationLive Session Presentation
MSIA 711MSIA 711
2
Information Systems SecurityInformation Systems Security
Purpose: ConfidentialityIntegrityAvailability
Also: AuthenticityNon-Repudiation
Full security is achieved through:
physical, administrative, and technical safeguardscommon sense
MSIA 711MSIA 711
3
Who Should Be Trained?Who Should Be Trained?
Management
End Users (First Line of Defense)
InfoSec Staff (ISSPM, ISSM, NSM, ISSO, TASO, NSO)
System Administrators
Infrastructure Support Services
Who Should Be Trained?Who Should Be Trained?
MSIA 711MSIA 711
4
Awareness TrainingAwareness Training
Secure Password SelectionPassword Security “Least Privilege”Policy Understanding Workstation security - Terminal TimeoutHow to Report Incidents for appropriate actionWARNING Banner PagesRoles for Contingency ActionsAnti-Virus Precautions and ReactionsRegular Backups and Off-Site StorageReview and Act upon CERT/CIRT AlertsEvent Reporting Chain“Social Engineering” Awareness
MSIA 711MSIA 711
5
Advanced TrainingAdvanced Training
Apply as required for the group.
Management need to understand the risks, andthe need for advance capabilities toward Protection, Detection Response and recovery.
SysAdmins on Patches, Security Log configand review, OS config, Least Priviledge, etc.
Security Staff keep up to date on advanced issues
MSIA 711MSIA 711
6
Computer Incident/Emergency Response Centers/Teams, and occasionally vendors, responsibly send out Alerts or Advisories to warn activities and agencies of identifiedvulnerabilities that may be exploited, and how to proceed to “close the hole”. Examples include:
CERT-CCCERT-CCFEDCIRCFEDCIRCFIRSTFIRSTGovernment CERTSGovernment CERTS
Keep up on PatchesKeep up on Patches
Often, you can learn of new exploits before the CERTs warnOften, you can learn of new exploits before the CERTs warnsubscribers by getting on SecurityFocus e-mail listssubscribers by getting on SecurityFocus e-mail lists
(Bugtraq, VulnDev, etc)(Bugtraq, VulnDev, etc)
‚‚ƒƒ„„
MSIA 711MSIA 711
7
Key Issues to Effective Network Security
Management support
Personnel training
Cost-effective, planned, security measures
Network Security PolicyNetwork Security Policy
Adopt “Defense-in-Depth”
Roles and responsibilities
Processes and procedures
MSIA 711MSIA 711
8
Security PolicySecurity Policy
“The first step is to conduct a risk assessment”“best protect your most valuable assets”“evaluate each security threat”“compare the measures taken to protect that asset and ensure the measures do not cost more than…”
Slide Comments taken from: Network Security Policy – A Manager’s PerspectiveErnest D. HernandezNovember 22, 2000
MSIA 711MSIA 711
9
“The security-related decisions you make, or fail to make, as administrator largely determines how secure or insecure your network is, how much functionality your network offers, and how easy your network is to use. However, you cannot make good decisions about security without first determining what your security goals are. Until you determine what your security goals are, you cannot make effective use of any collection of security tools because you simply will not know what to check for and what restrictions to impose.”
Security PolicySecurity Policy
Guide to Writing Network Security Policy:~
Site Security Handbookhttp://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2196.html
MSIA 711MSIA 711
10
Network Security PlanNetwork Security Plan
What are we trying to protect? - Assets?
From whom are we trying to protect?
What are our Threats?
What are our Vulnerabilities?
What is likelihood of Threat occurrence?
What is the detrimental impact from occurrence?
What Safeguards do we have/do we need?
How do we implement security policy cost-effectively?
MSIA 711MSIA 711
11
DESIGNDESIGN
DEVELDEVEL
IMPLE-IMPLE-MENTMENT
OPERATEOPERATEOPERATEOPERATE
TestSecurity Features,Train
Identify & IncludeSecurityFeatures
Risk AnalysisST&ESecurity ProceduresDisaster Recovery PlanTrain
Patch Emerging ProblemsIdentify Addn’l NeedsAudit for ComplianceReview/UpdateTrain
Risk ManagementRisk Management
For our purposes “accredit” means “approve for operation/connection/use”
MSIA 711MSIA 711
12
What are some Policy issues?What are some Policy issues?
????
MSIA 711MSIA 711
13
File BackupsFile Backups
Scheduling / Impact to normal operations
Cost over Speed and Recoverability
Off-Site
Rotations: Son - Father - Grandfather
MSIA 711MSIA 711
14
Asynch Session ReadingsAsynch Session Readings
Discussion:Discussion:
Malicious Software and Hoaxes
http://www.sans.org/infosecFAQ/email/protectionhttp://www.sans.org/infosecFAQ/malicious/hoaxes.htmhttp://www.sans.org/infosecFAQ/malicious/trojan_war.htm
Note: 2 are not on syllabus!
Little Black Book of Viruses (download from website)