Physical security involves the provision of a safe - PowerPoint PPT Presentation

1 / 23

About This Presentation

Title:

Physical security involves the provision of a safe

Description:

Physical security involves the provision of a safe environment for information processing activities with a focus on preventing unauthorized physical access to ... – PowerPoint PPT presentation

Number of Views:50

Avg rating:3.0/5.0

Slides: 24

Provided by: imamuEduS

Category:

more less

Transcript and Presenter's Notes

Title: Physical security involves the provision of a safe

1
Building a SuccessfulSecurity Infrastructure
Terrence V. Lillard T. Lillard Consulting, Inc.
2
Ten Security Domains
Cryptography
Law, Investigations, and Ethics
Telecommunication Network Security
Access Control
Application/System Security
Security Management
Operations Security
Security Architecture
Business Continuation Disaster Recovery Planning
Physical Security
3
Group Discussion

Cryptography
Law, Investigations Ethics
Access Control Systems Methodology
Security Management Practices
Security Architecture Models
Physical Security
Business Continuity Disaster Recovery Planning
Operations Security (Computers)
Application Systems Development
Telecommunications Network Security

4
Security Infrastructure

Cryptography. - is the use of secret codes to
achieve desired levels of confidentiality and
integrity. Two categories focus on (1)
cryptographic applications and uses and (2)
crypto technology and implementations. Included
are basic technologies, encryption systems, and
key management methods.

5
Security Infrastructure

Law, Investigation, and Ethics. Law involves the
legal and regulatory issues faced in an
information security environment. Investigation
consists of guidelines and principles necessary
to successfully investigate security incidents
and preserve the integrity of evidence. Ethics
consists of knowledge of the difference between
right and wrong and the inclination to do the
right thing.

6
Security Infrastructure

Access Control. Access control consists of all of
the various mechanisms (physical, logical, and
administrative) used to ensure that only
authorized persons or processes are allowed to
use or access a system. Three categories of
access control focus on (1) access control
principles and objectives, (2) access control
issues, and (3) access control administration.

7
Security Infrastructure

Security Management Policies, Standards, and
Organization. Policies are used to describe
management intent, standards provide a consistent
level of security in an organization, and an
organization architecture enables the
accomplishment of security objectives. Four
categories include (1) information
classification, (2) security awareness, (3)
organization architecture, and (4) policy
development.

8
Security Challenges?
Secured Infrastructure
9
Security Infrastructure

Security Architecture. Security architecture
involves the aspects of computer organization and
configuration that are employed to achieve
computer security. In addition implementing
system security to ensure mechanisms are used to
maintain the security of system programs.

10
Security Architecture
Cryptography Public Key (RSA) X.509
Certificates Digital Signatures Digital
Envelopes Hashing/Message Digest Symmetric
Encryption Certificate Authorities
Security Attacks Viruses Trojan
Horses Bombs/Worms Spoofing/Smurf Sniffing and
Tapping DOS Etc.
Domain Trust Management Directional
Trust Transitive Trust Kerberos NTLM
Security Infrastructure DNSDMZ,
Firewalls Directory Services IDS Virus
Checkers VPN PKI NAT RADIUS, Remote Access Web
Servers DHCPWireless
Security Goals Authentication Auditing Availabilit
y Authorization Privacy Integrity Non-Repudiation
Application Single Sign On Kerberos/DCE Mixed/Inte
grated Security Smart Cards Cryptographic
APIs PDAs (PocketPC, Palm Pilots)
Protocols IPSEC SSL/TLS Kerberos L2TP PPTP PPP Etc
.
11
Security Infrastructure

Physical Security. Physical security involves the
provision of a safe environment for information
processing activities with a focus on preventing
unauthorized physical access to computing
equipment. Three categories include (1) threats
and facility requirements, (2) personnel physical
access control, and (3) microcomputer physical
security.

12
Security Infrastructure

Business Continuity Planning and Risk Management.
Risk management encompasses all activities
involved in the control of risk (risk assessment,
risk reduction, protective measures, risk
acceptance, and risk assignment). Business
continuity planning involves the planning of
specific, coordinated actions to avoid or
mitigate the effects of disruptions to normal
business information processing functions.

13
Security Infrastructure

Operations Security (Computer). Computer
operations security involves the controls over
hardware, media and the operators with access
privileges to these. Several aspects are included
notably, operator controls, hardware controls,
media controls trusted system operations, trusted
facility management, trusted recovery, and
environmental contamination control.

14
Security Infrastructure

Application and System Development. Application
and system security involves the controls placed
within the application and system programs to
support the security policy of the organization.
Topics discussed include threats, applications
development, availability issues, security
design, and application/data access control.

15
Security Infrastructure

Telecommunications Network Security.
Communications security involves ensuring the
integrity and confidentiality of information
transmitted via telecommunications media as well
as ensuring the availability of the
telecommunications media itself. Three categories
of communications security are (1)
telecommunications security objectives, threats,
and countermeasures (2) network security and
(3) Internet security.