1 / 15

Administering Security

Administering Security. Presented by Wing Chi. Security Goals. Security - a combination of technical, administrative, and physical controls. Protect data from leakage to outsiders. Protect against loss of data due to physical disaster Protect the data ’ s integrity. Administering Security.

dawson
Download Presentation

Administering Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Administering Security Presented by Wing Chi

  2. Security Goals • Security - a combination of technical, administrative, and physical controls. • Protect data from leakage to outsiders. • Protect against loss of data due to physical disaster • Protect the data’s integrity

  3. Administering Security • Planing • Risk analysis • Policy • Physical control

  4. Security planning • Policy • Current state • Requirements • Recommended controls • Accountability • Timetable • Continuing attention

  5. Policy • Indicating the goals of a computer security effort and the willingness of the people involved to work to achieve those goals.

  6. Current State • Describing the status of security at the time of the plan • Risk analysis – a careful investigation of the system, its environment, and the things that might go wrong.

  7. Requirements • Recommending ways to meet the security goals • Heart of the security plan • Organizational needs

  8. Recommended Controls • Mapping controls to the vulnerabilities identified in the policy and requirements

  9. Accountability • Describing who is responsible for each security activity • Personal computer • Project leaders • Managers • Database administrators • Information officers • Personnel staff

  10. Timetable • Identifying when different security functions are to be done • Show how and when the element of the plan will be performed

  11. Continuing Attention • Specifying a structure for periodically updating the security plan

  12. OCTAVE • The Software Engineering Institute at Carnegie Mellon University has created a framework for building a security plan • Identify enterprise knowledge • Identify operational area knowledge • Identify staff knowledge • Establish security requirements • Map high priority information assets to information infrastructure • Perform an infrastructure vulnerability evaluation • Develop a protection strategy

  13. Risk Analysis OPSEC • U.S Army used its Operations Security (OPSEC) guidelines during the Vietnam war • Identify the critical information to be protected • Analyze the threats • Analyze the vulnerabilities • Assess the risks • Apply countermeasures

  14. Reference • Pfleeger, Charles and Pfleeger, Shari. “Security in Computing.” • http://e-docs.bea.com/tuxedo/tux71 • /html/secadm.htm

More Related