Figure 1-17: Security Management - PowerPoint PPT Presentation

About This Presentation
Title:

Figure 1-17: Security Management

Description:

Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment Top-management commitment – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 11
Provided by: rp966
Category:

less

Transcript and Presenter's Notes

Title: Figure 1-17: Security Management


1
Figure 1-17 Security Management
  • Security is a Primarily a Management Issue, not a
    Technology Issue
  • Top-to-Bottom Commitment
  • Top-management commitment
  • Operational execution
  • Enforcement

2
Figure 1-17 Security Management
  • Comprehensive Security
  • Closing all avenues of attack
  • Asymmetrical warfare
  • Attacker only has to find one opening
  • Defense in depth
  • Attacker must get past several defenses to
    succeed
  • Security audits
  • Run attacks against your own network

3
Figure 1-17 Security Management
  • General Security Goals (CIA)
  • Confidentiality
  • Attackers cannot read messages if they intercept
    them
  • Integrity
  • If attackers change messages, this will be
    detected
  • Availability
  • System is able to server users

4
Figure 1-18 The PlanProtectRespond Cycle
  • Planning
  • Need for comprehensive security (no gaps)
  • Risk analysis (see Figure 1-19)
  • Enumerating threats
  • Threat severity estimated cost of attack X
    probability of attack
  • Value of protection threat severity cost of
    countermeasure
  • Prioritize countermeasures by value of
    prioritization

5
Figure 1-19 Threat Severity Analysis
6
Figure 1-18 The PlanProtectRespond Cycle
  • Planning
  • Security policies drive subsequent specific
    actions (see Figure 1-20)
  • Selecting technology
  • Procedures to make technology effective
  • The testing of technology and procedures

7
Figure 1-20 Policy-Driven Technology,
Procedures, and Testing
Only allow authorized personnel to use accounting
webserver
Policy
Technology (Firewall, Hardened Webserver)
Procedures (Configuration, Passwords, Etc.)
Protection
Testing (Test Security)
Attempt to Connect to Unauthorized Webserver
8
Figure 1-18 The PlanProtectRespond Cycle
  • Protecting
  • Installing protections firewalls, IDSs, host
    hardening, etc.
  • Updating protections as the threat environment
    changes
  • Testing protections security audits

9
Figure 1-18 The PlanProtectRespond Cycle
  • Responding
  • Planning for response (Computer Emergency
    Response Team)
  • Incident detection and determination
  • Procedures for reporting suspicious situations
  • Determination that an attack really is occurring
  • Description of the attack to guide subsequent
    actions

10
Figure 1-18 The PlanProtectRespond Cycle
  • Responding
  • Containment Recovery
  • Containment stop the attack
  • Repair the damage
  • Punishment
  • Forensics
  • Prosecution
  • Employee Punishment
  • Fixing the vulnerability that allowed the attack
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Figure 1-17: Security Management" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!