180 likes | 203 Views
Note1 (Admi1) Overview of administering security. Outline. Issues in administering security Security planning & policy Risk analysis Auditing Disaster recovery Management of resources and systems Management of Network security. Issues in administering security. Security planning & Policy
E N D
Outline • Issues in administering security • Security planning & policy • Risk analysis • Auditing • Disaster recovery • Management of resources and systems • Management of Network security Overview of Administering Security
Issues in administering security • Security planning & Policy • Risk analysis • Auditing • Disaster recovery • Management of resources and systems • Management of Network security Overview of Administering Security
Security Planning • A security plan is a document that describes how an organization will address its security needs. • When the organization’s security needs change, its security plan needs to be periodically reviewed and updated. Overview of Administering Security
Security Planning- Issues • What the plan should contain? content • Who should write the plan? the security planning team • Support for the plan? securing commitment to the plan • Implementation of the plan? methods, tools, resources, … Overview of Administering Security
Security Planning- Issues • What the plan should contain? • Security policy • Current security status • Requirements • Responsibility for implementation • Timetable • Reviews & updates Overview of Administering Security
Security Planning- Issues • Members of the security planning team • CIO (chief information officer) • Hardware support personnel • Systems programmers • Application programmers • Data entry personnel • Physical security personnel • Representative users Overview of Administering Security
Security Planning- Issues • Securing support for the plan • The plan needs to be accepted by the users and the involved personnel. • User education and publicity are needed to increase the users’ understanding of security. • Training of personnel is needed for implementing the plan. • The plan must be carried out. • Management commitment • Managers are concerned with ROI, vulnerability, risks, laws, etc. • Surveys and outside experts may be needed to persuade the managers to commit. Overview of Administering Security
Security Planning- Issues • Implementation of the plan • Policy versus mechanisms • A policy defines what are or are not allowed. • A policy is enforced by various mechanisms (tools, methods, procedures, etc.). Overview of Administering Security
Risk analysis • The first step in security planning is risk analysis. • A process to determine the exposures and their potential harm • The result of the risk analysis is important in securing management commitment to the security plan. • It justifies expenditures for security. Overview of Administering Security
Risk analysis • Three steps: • A list of all exposures of a computing system and the expected cost of the loss • For each exposure, possible controls and their costs • A cost-benefit analysis • Does it cost less to implement a control or to accept the expected cost of the loss? Overview of Administering Security
Auditing • Administrators should use audit facilities provided in the systems or 3rd party auditing tools to automate the audit analysis process. • Auditing tools provide snapshots of a system’s status. • Anomalies in the audit logs indicate potential attacks or problems. Overview of Administering Security
Auditing • Automated tools should be used to detect inconsistencies in the audit logs Intrusion Detection Systems (IDS) • The audit logs should be protected, by being sent to separate machines or written immediately to a printer. Overview of Administering Security
Disaster recovery • When attacks and/or problems cannot be prevented, how to recover from the damage and loss should be planned in advance. • A contingency plan • An incident response plan and team • User awareness • User notification mechanisms Overview of Administering Security
Types of Disasters • Natural disasters flood, falling water, fire, extreme temperature change, … • Power loss • Human vandals • Unauthorized access and use • Viruses, worms Overview of Administering Security
Management of resources and systems • Acceptable use • Accounts, passwords • Files and devices • Access controls • Network security • Perimeter protection • Connectivity • Remote access • Securing the hosts • backups Overview of Administering Security
Management of Network security • Perimeter protection • Firewalls, routers, wireless access points • Connectivity • The Internet • Local backbone • A map of physical connections • Remote access • VPN for telecommuters ? • telnet, ftp, rlogin ? • Securing the hosts in the network • Insiders’ attacks vs attacks from outside Overview of Administering Security
Summary • Administering the security of an organization’s computer systems involve many issues. • An up-to-date security plan is a must. • Support for the plan is necessary. • A disaster response/recovery plan is important. • Periodic review and update is needed. Overview of Administering Security