Security Plan - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Security Plan

Description:

User account creation. User account privileges. Sensitive information handling ... Operating system security. Create group privileges to protect cross group functions ... – PowerPoint PPT presentation

Number of Views:133
Avg rating:3.0/5.0
Slides: 13
Provided by: lakshmisr
Category:

less

Transcript and Presenter's Notes

Title: Security Plan


1
Security Plan
2
Security Plan
  • Security Plan
  • Key components of plan
  • Account Management
  • Employees

3
Security Plan
  • Policies and procedures
  • Policy development
  • Dissemination of plan
  • Technology use

4
Policies and Procedures
  • Security plan is the big picture document
  • Security policy specifies the details of how the
    plan will be implemented
  • Security plan lays down the general guidelines
    that the organization would follow
  • Management commitment to plan
  • Team effort in policies and procedures

5
Policy Development
  • Uniformity in scope of policies
  • User account creation
  • User account privileges
  • Sensitive information handling
  • Penalties for violation
  • Operating system security
  • Create group privileges to protect cross group
    functions
  • Databases under each OS

6
Policy Development
  • Database functional use (pre-production, testing,
    production)
  • Identify application owners
  • Accessibility (remote, local)
  • Backup implementation
  • Auditing (type of audit, by whom, how)

7
Dissemination of Plan
  • Access to current plan is essential
  • Easiest way for dissemination is to make it
    available only through the Intranet
  • Educate the members about the plan with periodic
    messages

8
Technology Use
  • DBA is usually a team
  • Allocate responsibility for security aspects
    among the DBAs
  • Restrict sensitive information to a select few

9
Key Components of Plan
  • Login privileges
  • Single authentication from premise
  • Dual or multiple authentication from external
    site
  • Restricted privileges for add/remove software
  • Application access
  • Granular level access privileges
  • Granular level update (meaning insert/delete/updat
    e) privileges

10
Key Components of Plan
  • Auditing
  • Settings to capture both successful and
    unsuccessful login attempts
  • Log all database updates
  • Authenticated update

11
Account Management
  • Admin account
  • User account
  • Standards
  • Usernames
  • Passwords
  • Roles
  • Database access (views, reports)

12
Employees
  • New employees
  • Employees leaving the organization
  • Monitoring employees work
Write a Comment
User Comments (0)
About PowerShow.com