Administering Security - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Administering Security

Description:

Security - a combination of technical, administrative, and physical controls. ... Indicating the goals of a computer security effort and the ... OCTAVE ... – PowerPoint PPT presentation

Number of Views:237
Avg rating:3.0/5.0
Slides: 16
Provided by: wing94
Category:

less

Transcript and Presenter's Notes

Title: Administering Security


1
Administering Security
  • Presented by
  • Wing Chi

2
Security Goals
  • Security - a combination of technical,
    administrative, and physical controls.
  • Protect data from leakage to outsiders.
  • Protect against loss of data due to physical
    disaster
  • Protect the datas integrity

3
Administering Security
  • Planing
  • Risk analysis
  • Policy
  • Physical control

4
Security planning
  • Policy
  • Current state
  • Requirements
  • Recommended controls
  • Accountability
  • Timetable
  • Continuing attention

5
Policy
  • Indicating the goals of a computer security
    effort and the willingness of the people involved
    to work to achieve those goals.

6
Current State
  • Describing the status of security at the time of
    the plan
  • Risk analysis a careful investigation of the
    system, its environment, and the things that
    might go wrong.

7
Requirements
  • Recommending ways to meet the security goals
  • Heart of the security plan
  • Organizational needs

8
Recommended Controls
  • Mapping controls to the vulnerabilities
    identified in the policy and requirements

9
Accountability
  • Describing who is responsible for each security
    activity
  • Personal computer
  • Project leaders
  • Managers
  • Database administrators
  • Information officers
  • Personnel staff

10
Timetable
  • Identifying when different security functions are
    to be done
  • Show how and when the element of the plan will be
    performed

11
Continuing Attention
  • Specifying a structure for periodically updating
    the security plan

12
OCTAVE
  • The Software Engineering Institute at Carnegie
    Mellon University has created a framework for
    building a security plan
  • Identify enterprise knowledge
  • Identify operational area knowledge
  • Identify staff knowledge
  • Establish security requirements
  • Map high priority information assets to
    information infrastructure
  • Perform an infrastructure vulnerability
    evaluation
  • Develop a protection strategy

13
Risk Analysis OPSEC
  • U.S Army used its Operations Security (OPSEC)
    guidelines during the Vietnam war
  • Identify the critical information to be protected
  • Analyze the threats
  • Analyze the vulnerabilities
  • Assess the risks
  • Apply countermeasures

14
(No Transcript)
15
Reference
  • Pfleeger, Charles and Pfleeger, Shari. Security
    in Computing.
  • http//e-docs.bea.com/tuxedo/tux71
  • /html/secadm.htm
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Administering Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!