Security and Assurance in IT organization
Download
Report
Transcript Security and Assurance in IT organization
Security and
Assurance in IT
organization
Name: Mai Hoang Nguyen
Class: INFO 609
Professor: T. Rohm
Table of contents:
Attackers
Classification of threats
Defensive measures
Security management framework
Risk & incident management of Security
Attackers:
About 46% of companies and government
agencies suffered security incident from 2007
until now.
Who are the attackers?
+ Thrill seekers who like the challenge of
defeating defense systems.
+ Other attackers who dislike their company and
intended to steal the company’s proprietary data,
such as credit card numbers or other online
payment.
Classification of threats:
Managers must understand the classification of threats:
External Attacks: harm against computing infrastructure.
+E.g.: DoS-Denial of Service:
attackers send data packets
more rapidly than the target
machine can handle. Each
packet begins to be
authentic conversation
with the victim computer,
thus disable infrastructure
devices.
Classified threats:
Classification of threats:
Intrusion: gain access to a company’s internal IT
infrastructure by various methods. e.g. obtaining user
names & passwords.
Intruders can use high-tech ways such as using “sniffer”
software for LANs, or exploiting computer codes to gain
access to systems.
Hackers can scan IP exploitable addresses to their
master computer.
If a company does not know exactly about its system,
customers & business partners will not trust security of
data entrusted to the company.
Defensive Measures:
To secure a company’s data, infrastructure
components, and reputation, managers must build 6
defenses:
1.
Security Policies: related to people who has company account,
passwords, security features,…
Firewalls: collection of software/hardware to prevent system
assess
Authentication: host/network/data authentication to control
assesses
Encryption: renders the e-transmission unreadable
Patching and change management: change passwords regularly
or keep important data in computer’s files or “fingerprints”.
Intrusion Detection and network monitoring: combine hardware
probes and software diagnostic system to help network
administrators recognize when their infrastructure is under attack.
2.
3.
4.
5.
6.
Network intrusion detection system:
Security management frame work:
Make Deliberate security decisions: Managers must not
allow public internet in company and educate
themselves on security relation and decision.
Consider Security a Moving target: company must attack
their own system and hire outside firm to audit, stay in
source of CERT(Computer Emergency Response Team)
Practice Disciplined Management: for process changes
Educate users: to understand the dangers of sharing
password and connection.
Deploy Multilevel technical Measures: as may as needed
be. Use security at host & network levels.
Risk Management:
Managing before the incident: use sound infrastructure design,
disciplined execution of operating procedure, careful documentation,
established crisis management procedures and rehearsing incident
response.
Managing during the incident: human decision makers have
obstacles to deal with: confusion/denial/fear responses. Awareness
of psychological traps helps decision makers to avoid them.
Managing after the incident: erase or rebuild parts of the
infrastructure. Managers need to understand what incident
happened, and connect with the company’s protecting entrusted
information.