SlideShare a Scribd company logo

IT Security and Management - Semi Finals by Mark John Lado

Download as PPTX, PDF
Mark John Lado, MIT, profile picture
Mark John Lado, MIT

The document covers incident response, operational security, and physical and environmental security, emphasizing their importance in managing cyber attacks and protecting sensitive information. It outlines the incident response process, including preparation, identification, containment, eradication, recovery, and lessons learned, along with best practices for operational security. Additionally, it highlights physical security measures needed to protect assets from potential threats such as unauthorized access, natural disasters, and theft.

Education
1 of 128
Downloaded 21 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
1. Incident Response 2. Operational Security 3. Physical and Environmental Security 4. Supplier Relationships Semi Finals – Bachelor of Science in information System IT Security and Management
Chapter I Incident Response
IT Security and Management - Semi Finals by Mark John Lado
Drill •Havoc •Wreak Havoc •Data Breach •Alienate
Drill • Havoc - widespread destruction • Wreak Havoc - to cause great damage • Data Breach - a security incident in which information is accessed without authorization. • Alienate - a withdrawing or separation of a person
Learning Objectives: At the end of this chapter, you will be able to; • Recognize the incident response. • Know how the incident response important. • Engage with the three elements of incident response management. • Familiarize the six steps of incident response plan.
What is Incident Response?
What is Incident Response? A term used to describe the process by which an organization handles a data breach or cyber attack, including the way the organization attempts to manage the consequences of the attack or breach (the “incident”).
What is Incident Response? • Incident response is the methodology an organization uses to respond to and manage a cyber-attack. An attack or data breach can wreak havoc potentially affecting customers, intellectual property company time and resources, and brand value.
What is Incident Response? • An incident response aims to reduce this damage and recover as quickly as possible. Investigation is also a key component in order to learn from the attack and better prepare for the future.
What is Incident Response? • Because many companies today experience a breach at some point in time, a well-developed and repeatable incident response plan is the best way to protect your company.
Why is Incident Response Important?
Why is Incident Response Important? • As the cyber-attacks increase in scale and frequency, incident response plans become more vital to a company’s cyber defenses. Poor incident response can alienate customers.
Who is the Incident Response Team? • The company should look to their “Computer Incident Response Team (CIRT)” to lead incident response efforts.
Who is the Incident Response Team? • This team is comprised of experts from upper-level management, IT, information security, IT auditors when available, as well as any physical security staff that can aid when an incident includes direct contact to company systems. Incident response should also be supported by HR, legal, and PR or communications.
The Responsible for Incident Response Incident Response Manager Who oversees and prioritizes action during the detection, analysis and containment of an incident
The Responsible for Incident Response Security Analyst Who supports the manager and work directly with the affected network to research the time, location and details of an incident.
The Responsible for Incident Response Triage Analyst Filter out false positives and keep an eye out for potential intrusions.
Elements of Incident Response Management 1. Incident Response Plan 2. Incident Response Team 3. Incident Response Tools
Incident Response Plan An incident response plan should prepare your team to deal with threats, indicate how to isolate incidents and identify their severity, how to stop the attack and eradicate the underlying cause, how to recover production systems, and how to conduct a post-mortem analysis to prevent future attacks.
Steps of Incident Response Plan 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons learned
Steps of Incident Response Plan 1. Preparation Listing all possible threat scenarios. Develop policies to implement in the event of a cyber attack. Develop a communication plan. Outline the roles, responsibilities, and procedures of your team.
Steps of Incident Response Plan 1. Preparation Establish a corporate security policy Recruit and train team members, ensure they have access to relevant systems. Ensure team members have access to relevant technologies and tools.
Steps of Incident Response Plan 2. Identification Identify and assess the incident and gathered evidence. Decide on the severity and type of the incident and escalate if necessary.
Steps of Incident Response Plan 2. Identification Document actions taken, addressing “who, what, where, why, and how.” This information may be used later as evidence if the incident reaches a court of law.
Steps of Incident Response Plan 3. Containment The act of preventing the expansion of harm. Typically involves disconnecting affected computers from the network.
Steps of Incident Response Plan 4. Eradication Finding the root cause of the incident and removing affected systems from the production environment.
Steps of Incident Response Plan 4. Eradication These steps may change the configuration of the organization. The aim is to make changes while minimizing the effect on the operations of the organization. You can achieve this by stopping the bleeding and limiting the amount of data that is exposed.
Steps of Incident Response Plan 5. Recovery Ensure that affected systems are not in danger and can be restored to working condition. The purpose of this phase is to bring affected systems back into the production environment carefully, to ensure they will not lead to another incident.
Steps of Incident Response Plan 5. Recovery Ensure another incident doesn’t occur by restoring systems from clean backups, replacing compromised files with clean versions, rebuilding systems from scratch, installing patches, changing passwords and reinforcing network perimeter security.
Steps of Incident Response Plan 6. Lessons learned Completing incident documentation, performing analysis to learn from incident and potentially improving future response efforts. Complete documentation that couldn’t be prepared during the response process. The team should identify how the incident was managed and eradicated.
The Incident Response Team • To prepare for and attend to incidents, you should form a centralized incident response team, responsible for identifying security breaches and taking responsive actions.
The Incident Response Team The team should include: Incident response manager (team leader) Security analysts Lead investigator Threat researchers Communications lead Documentation and timeline lead Legal representation
Incident Response Tools • Cyber incident response tools are more often used by security industries to test the vulnerabilities and provide an emergency incident response to compromised network and applications and helps to take the appropriate incident response steps.
Summary Incident response is an approach to handling security breaches. The aim of incident response is to identify an attack, contain the damage, and eradicate the root cause of the incident. An incident can be defined as any breach of law, policy or unacceptable act that concerns information assets, such as networks, computers, or smartphones.
Chapter II Operational Security
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
Learning Objectives At the end of this chapter, you will be able to; • Familiarize of what is operational security. • Engage with the five steps of operational security. • Recognize the best practices for operational security • Apply the confidentiality, integrity, availability, and nonrepudiation in the corporate world.
Learning Outline 1. OPERATIONAL SECURITY 2. THE FIVE STEPS OF OPERATIONAL SECURITY 3. BEST PRACTICES FOR OPERATIONAL SECURITY
OPERATIONAL SECURITY • Operational security (OPSEC), also known as procedural security, is a risk management process that encourages managers to view operations from the perspective of an adversary in order to protect sensitive information from falling into the wrong hands.
OPERATIONAL SECURITY • Though originally used by the military, OPSEC is becoming popular in the private sector as well. Things that fall under the OPSEC umbrella include monitoring behaviors and habits on social media sites as well as discouraging employees from sharing login credentials via email or text message.
OPERATIONAL SECURITY
THE FIVE STEPS OF OPERATIONAL SECURITY The processes involved in operational security can be neatly categorized into five steps: 1. Identify your sensitive data. 2. Identify possible threats. 3. Analyze security holes and other vulnerabilities. 4. Appraise the level of risk associated with each vulnerability. 5. Get countermeasures in place.
THE FIVE STEPS OF OPERATIONAL SECURITY 1. Identify your sensitive data including your product research, intellectual property, financial statements, customer information, and employee information. This will be the data you will need to focus your resources on protecting.
THE FIVE STEPS OF OPERATIONAL SECURITY 2. Identify possible threats. For each category of information that you deem sensitive, you should identify what kinds of threats are present. While you should be wary of third parties trying to steal your information, you should also watch out for insider threats, such as negligent employees and disgruntled workers.
THE FIVE STEPS OF OPERATIONAL SECURITY 3. Analyze security holes and other vulnerabilities. Assess your current safeguards and determine what, if any, loopholes or weaknesses exist that may be exploited to gain access to your sensitive data.
THE FIVE STEPS OF OPERATIONAL SECURITY 4. Appraise the level of risk associated with each vulnerability. Rank your vulnerabilities using factors such as the likelihood of an attack happening, the extent of damage that you would suffer, and the amount of work and time you would need to recover. The more likely and damaging an attack is, the more you should prioritize mitigating the associated risk.
THE FIVE STEPS OF OPERATIONAL SECURITY 5. Get countermeasures in place. The last step of operational security is to create and implement a plan to eliminate threats and mitigate risks. This could include updating your hardware, creating new policies regarding sensitive data, or training employees on sound security practices and company policies.
THE FIVE STEPS OF OPERATIONAL SECURITY 5. Get countermeasures in place. Countermeasures should be straightforward and simple. Employees should be able to implement the measures required on their part with or without additional training.
BEST PRACTICES FOR OPERATIONAL SECURITY Follow these best practices to implement a robust, comprehensive operational security program:
BEST PRACTICES FOR OPERATIONAL SECURITY 1. Implement precise change management processes that your employees should follow when network changes are performed. All changes should be logged and controlled so they can be monitored and audited.
BEST PRACTICES FOR OPERATIONAL SECURITY 2. Restrict access to network devices using AAA authentication. In the military and other government entities, a “need-to-know” basis is often used as a rule of thumb regarding access and sharing of information.
• AAA authentication Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security.
BEST PRACTICES FOR OPERATIONAL SECURITY 3. Give your employees the minimum access necessary to perform their jobs. Practice the principle of least privilege.
BEST PRACTICES FOR OPERATIONAL SECURITY 4. Implement dual control. Make sure that those who work on your network are not the same people in charge of security.
BEST PRACTICES FOR OPERATIONAL SECURITY 5. Automate tasks to reduce the need for human intervention. Humans are the weakest link in any organization’s operational security initiatives because they make mistakes, overlook details, forget things, and bypass processes.
BEST PRACTICES FOR OPERATIONAL SECURITY 6. Incident response and disaster recovery planning are always crucial components of a sound security posture. Even when operational security measures are robust, you must have a plan to identify risks, respond to them, and mitigate potential damages.
Operational Security (OPSEC) • Risk management involves being able to identify threats and vulnerabilities before they become problems. Operational security forces managers to dive deeply into their operations and figure out where their information can be easily breached.
Operational Security (OPSEC) • Looking at operations from a malicious third- party’s perspective allows managers to spot vulnerabilities they may have otherwise missed so that they can implement the proper countermeasures to protect sensitive data.
Chapter III Physical and Environmental Security
Learning Objectives: At the end of this chapter, you will be able to; • Elaborate what is physical and environmental security. • Engage with the objectives of physical and environmental security. • Distinguish the physical security measures. • Recognize the physical controls. • Appreciate the essence of technical controls
Learning Outline • Physical and environmental security • Objectives of Physical and Environmental Security • Physical Security Measures • Physical Controls • Technical Controls
What does physical and environmental security mean?
What does physical and environmental security mean? The protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.
Objectives of Physical and Environmental Security 1. Prevent unauthorized physical access, damage, and interference to premises and information. 2. Ensure sensitive information and critical information technology are housed in secure areas. 3. Prevent loss, damage, theft, or compromise of assets. 4. Prevent interruption of activities.
Objectives of Physical and Environmental Security 5. protect assets from physical and environmental threats. 6. ensure appropriate equipment location, removal, and disposal. 7. ensure appropriate supporting facilities (e.g., electrical supply, data and voice cabling infrastructure).
PHYSICAL AND ENVIRONMENTAL SECURITY The term physical and environmental security refers to measures taken to protect systems, buildings, and related supporting infrastructure against threats associated with their physical environment.
PHYSICAL AND ENVIRONMENTAL SECURITY Physical and environmental safeguards are often overlooked but are very important in protecting information. Physical security over past decades has become increasingly more difficult for organizations. Technology and computer environments now allow more compromises to occur due to increased vulnerabilities.
PHYSICAL AND ENVIRONMENTAL SECURITY USB hard drives, laptops, tablets and smartphones allow for information to be lost or stolen because of portability and mobile access. In the early days of computers, they were large mainframe computers only used by a few people and were secured in locked rooms.
PHYSICAL AND ENVIRONMENTAL SECURITY Today, desks are filled with desktop computers and mobile laptops that have access to company data from across the enterprise. Protecting data, networks and systems has become difficult to implement with mobile users able to take their computers out of the facilities.
PHYSICAL AND ENVIRONMENTAL SECURITY Fraud, vandalism, sabotage, accidents, and theft are increasing costs for organizations since the environments are becoming more “complex and dynamic”. Physical security becomes tougher to manage as technology increases with complexity, and more vulnerabilities are enabled.
PHYSICAL AND ENVIRONMENTAL SECURITY Buildings and rooms that house information and information technology systems must be afforded appropriate protection to avoid damage or unauthorized access to information and systems. In addition, the equipment housing this information (e.g., filing cabinets, data wiring, laptop computers, and portable disk drives) must be physically protected.
PHYSICAL AND ENVIRONMENTAL SECURITY Equipment theft is of primary concern, but other issues should be considered, such as damage or loss caused by fire, flood, and sensitivity to temperature extra.
PHYSICAL AND ENVIRONMENTAL SECURITY Physical and environmental security programs define the various measures or controls that protect organizations from loss of connectivity and availability of computer processing caused by theft, fire, flood, intentional destruction, unintentional damage, mechanical equipment failure and power failures.
Physical security measures should be sufficient to deal with foreseeable threats and should be tested periodically for their effectiveness and functionality.
Physical Security Measures 1. Determine which managers are responsible for planning, funding, and operations of physical security of the Data Center.
Physical Security Measures 2. Review best practices and standards that can assist with evaluating physical security controls, such as ISO/IEC 27002:2013.
Physical Security Measures 3. Establish a baseline by conducting a physical security controls gap assessment that will include the following as they relate to your campus Data Center:
Physical Security Measures 3.1 Environmental Controls An Environmental Control (EC) system can provide a level of independent control of many devices in the home for people with significant physical disabilities. EC may be suitable if you struggle to control equipment around you because of difficulties with using your arms or hands.
Physical Security Measures 3.2 Environmental Controls
Physical Security Measures 3.3 Natural Disaster Controls
Physical Security Measures 3.4 Supporting Utility Controls
Physical Security Measures 3.5 Physical Protection and Access Controls
Physical Security Measures 3.6 System Reliability Which ensures the system is doing the required job, goes hand in hand with reliability, which ensures the system is doing its job correctly. Although they come from different ways of looking at the same problem, they are both dependent on each other.
Physical Security Measures 3.7 Physical Security Awareness and Training
Physical Security Measures 3.8 Contingency Plans An alternative Information Systems Security (INFOSEC) plan that is implemented when normal business operations are interrupted by emergency, failover or disaster. A contingency plan is also known as a disaster recovery plan (DRP).
Physical Security Measures 4. Determine whether an appropriate investment in physical security equipment (alarms, locks or other physical access controls, identification badges for high-security areas, etc.) has been made and if these controls have been tested and function correctly.
Physical Security Measures 5. Provide responsible managers guidance in handling risks. For example, if the current investment in physical security controls is inadequate, this may allow unauthorized access to servers and network equipment. Inadequate funding for key positions with responsibility for IT physical security may result in poor monitoring, poor compliance with policies and standards, and overall poor physical security.
Physical Security Measures 6. Maintain a secure repository of physical and environmental security controls and policies and establish timelines for their evaluation, update and modification.
Physical Security Measures 7. Create a team of physical and environmental security auditors, outside of the management staff, to periodically assess the effectiveness of the measures taken and provide feedback on their usefulness and functionality.
Physical Controls Facilities need physical access controls in place that control, monitor and manage access. Categorizing building sections should be restricted, private or public. Different access control levels are needed to restrict zones that each employee may enter depending on their role.
Physical Controls Many mechanisms exist that enable control and isolation access privileges at facilities. These mechanisms are intended to discourage and detect access from unauthorized individuals.
Physical Controls 1. Perimeter Security Mantraps, gates, fences and turnstiles are used outside of the facility to create an additional layer of security before accessing the building.
Physical Controls 2. Badges Proof of identity is necessary for verifying if a person is an employee or visitor. These cards come in the forms of name tags, badges and identification (ID) cards. Badges can also be smart cards that integrate with access control systems. Pictures, RFID tags, magnetic strips, computer chips and employee information are frequently included to help security validate.
Physical Controls 3. Motion Detectors Motion detectors offer different technology options depending on necessity. They are used as intrusion detection devices and work in combination with alarm systems. Infrared motion detectors observe changes in infrared light patterns. Heat-based motion detectors sense changes in heat levels. Wave pattern motion detectors use ultrasonic or microwave frequencies that monitor changes in reflected patterns.
Physical Controls 4. Intrusion Alarms Alarms monitor various sensors and detectors. These devices are door and window contacts, glass break detectors, motion detectors, water sensors, and so on. Status changes in the devices trigger the alarm.
Technical Controls The main focus of technical controls is access control because it is one of the most compromised areas of security. Smart cards are a technical control that can allow physical access into a building or secured room and securely log in to company networks and computers.
Technical Controls Multiple layers of defense are needed for overlap to protect from attackers gaining direct access to company resources. Intrusion detection systems are technical controls that are essential because they detect an intrusion.
Technical Controls Detection is a must because it notifies the security event. Awareness of the event allows the organization to respond and contain the incident. Audit trails and access logs must be continually monitored. They enable the organization to locate where breaches are occurring and how often.
Technical Controls This information helps the security team reduce vulnerabilities. 1. Smart Cards 2. Proximity Readers and RFID 3. Intrusion Detection, Guards and CCTV 4. Auditing Physical Access
Technical Controls 1. Smart Cards Token cards have microchips and integrated circuits built into the cards that process data. Microchips and integrated circuits enable the smart card to do two-factor authentication. This authentication control helps keeps unauthorized attackers or employees from accessing rooms they are not permitted to enter.
Technical Controls 1. Smart Cards
Technical Controls 2. Proximity Readers and RFID. Access control systems use proximity readers to scan cards and determines if it has authorized access to enter the facility or area.
Technical Controls 2. Proximity Readers and RFID.
Technical Controls 3. Intrusion Detection, Guards and CCTV If the equipment is relocated without approval, intrusion detection systems (IDSs) can monitor and notify of unauthorized entries. IDSs are essential to security because the systems can send a warning if a specific event occurs or if access was attempted at an unusual time.
Technical Controls 3. Intrusion Detection, Guards and CCTV
Technical Controls 4. Auditing Physical Access Auditing physical access control systems require the use logs and audit trails to surmise where and when a person gained false entry into the facility or attempted to break-in.
Summary Physical protection can be achieved by creating one or more physical barriers around the organization’s premises and information processing facilities. The use of multiple barriers gives additional protection, where the failure of a single barrier does not mean that security is immediately compromised.
Chapter IV Supplier Relationships
Learning Objectives: At the end of this chapter, you will be able to; • Identify the Policy statement. • Engage with the Cope and application of the policy • Elaborate the Definitions of Supplier Relationships • Apprehend about Supplier relationship security policy • Engage with IT division practices • Recognize about Remote access monitoring • Distinguish about the Contract requirements
Learning Outline • POLICY STATEMENT • COPE AND APPLICATION OF THE POLICY • DEFINITIONS • SUPPLIER RELATIONSHIP SECURITY POLICY • IT DIVISION PRACTICES • REMOTE ACCESS MONITORING • CONTRACT REQUIREMENTS
What is Supplier Relationships?
How do you manage supplier relationships?
What do you understand by supplier relations?
POLICY STATEMENT • The security of information processed, transmitted or stored by organizations contracted by Organization to provide those services needs to be insured. This means that the Organization must put in place and manage contracts that protect the confidentiality, integrity and availability of information handled by suppliers of these services.
COPE AND APPLICATION OF THE POLICY • This policy affects all Organization in information technology systems that are supported by suppliers, whether the system or service provided is on-premise or not.
DEFINITIONS A. Suppliers Shall mean vendors, contractors or other third-parties that provide software or IT services to the Organization through a contract or other agreement.
DEFINITIONS B. Soft token Shall mean a software-based security token that generates a single-use login PIN.
DEFINITIONS C. RFP (Request for proposal) Shall mean either a request for proposal or an invitation for bid.
SUPPLIER RELATIONSHIP SECURITY POLICY A. IT Division Practices B. Contract Requirements
IT Division Practices Access Control 1. Supplier Accounts Access must be granted to suppliers only when required for performing work and with the full knowledge and prior approval of the data steward or their designee for the pertinent data
IT Division Practices Access Control 2. Multi-factor authentication a. Suppliers needing access to systems that require multi- factor authentication must do so from an account tied to an individual. b. When an exception to the single individual per supplier account is approved multi-factor authentication to the account must be accomplished by utilizing a soft token mechanism.
Remote Access Monitoring • When required for regulatory compliance supplier access to on-premise systems must be monitored or logged. This may be done using active monitoring by staff or by session logging done with software.
Contract Requirements IT contract requirements • Contracts that relate to services where data is stored off- campus must utilize the standard IT contract addendum, or contract language that sufficiently insures the security of the data.
Contract Requirements IT contract requirements • When purchasing software solutions, either hosted or on-premise, where the Organization has not issued an RFP then the supplier must complete the IT Solution Initial Assessment Tool. Responses to this tool must be analyzed and approved by IT prior to signing a contract.
Be ready for Termly Examination

More Related Content

PPTX
IT Security and Management - Prelim Lessons by Mark John Lado
Mark John Lado, MIT
 
PPTX
IT Security and Management - Security Policies
Mark John Lado, MIT
 
PPT
Introduction to information security
Dhani Ahmad
 
PDF
Information security
Onkar Sule
 
PPT
2 Security And Internet Security
Ana Meskovska
 
PPTX
12 security policies
Saqib Raza
 
PDF
Best Practices for Security Awareness and Training
Kimberly Hood
 
PPTX
Computing safety
titoferrus
 
IT Security and Management - Prelim Lessons by Mark John Lado
Mark John Lado, MIT
 
IT Security and Management - Security Policies
Mark John Lado, MIT
 
Introduction to information security
Dhani Ahmad
 
Information security
Onkar Sule
 
2 Security And Internet Security
Ana Meskovska
 
12 security policies
Saqib Raza
 
Best Practices for Security Awareness and Training
Kimberly Hood
 
Computing safety
titoferrus
 

What's hot (20)

PDF
Information security
Vijayananda Mohire
 
PDF
Data Safety And Security
Constantine Karbaliotis
 
PDF
The red book
habiba Elmasry
 
PPTX
Evolution of Security
DM_GS
 
PDF
Security Awareness
Dinesh O Bareja
 
PPTX
IT Security and Risk Mitigation
Mukalele Rogers
 
PPT
1. security management practices
7wounders
 
PPTX
MIS: Information Security Management
Jonathan Coleman
 
PDF
I0516064
IOSR Journals
 
PDF
Module 1 (legality)
Wail Hassan
 
PDF
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET Journal
 
PPTX
Information Security : Is it an Art or a Science
Pankaj Rane
 
PPT
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
DOCX
Seguridad web -articulo completo- ingles
isidro luna beltran
 
PPTX
Security Awareness and Training
Priyank Hada
 
PDF
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
IGN MANTRA
 
PDF
Hacking the Helpdesk, Craig Clark
Service Desk Institute
 
PPTX
It and-cyber-module-2
Marneil Sanchez
 
PDF
Trustwave Cybersecurity Education Catalog
Trustwave
 
PPTX
“AI techniques in cyber-security applications”. Flammini lnu susec19
Francesco Flammini
 
Information security
Vijayananda Mohire
 
Data Safety And Security
Constantine Karbaliotis
 
The red book
habiba Elmasry
 
Evolution of Security
DM_GS
 
Security Awareness
Dinesh O Bareja
 
IT Security and Risk Mitigation
Mukalele Rogers
 
1. security management practices
7wounders
 
MIS: Information Security Management
Jonathan Coleman
 
I0516064
IOSR Journals
 
Module 1 (legality)
Wail Hassan
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET Journal
 
Information Security : Is it an Art or a Science
Pankaj Rane
 
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Seguridad web -articulo completo- ingles
isidro luna beltran
 
Security Awareness and Training
Priyank Hada
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
IGN MANTRA
 
Hacking the Helpdesk, Craig Clark
Service Desk Institute
 
It and-cyber-module-2
Marneil Sanchez
 
Trustwave Cybersecurity Education Catalog
Trustwave
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
Francesco Flammini
 
Ad

Similar to IT Security and Management - Semi Finals by Mark John Lado (20)

PDF
Practical Guide to Managing Incidents Using LLM's and NLP.pdf
Chris Galvan
 
PDF
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
CyberPro Magazine
 
PPTX
IH - Step 1 - Module 7 Powerpoint Presentation.pptx
trevor501353
 
PPTX
chapter 3 ethics: computer and internet crime
muhammad awais
 
PDF
Vskills Certified Network Security Professional Sample Material
Vskills
 
DOCX
Chapter 33Incident Response and Forensic AnalysisCopyright ©.docx
christinemaritza
 
DOCX
Generic_Sample_incidentresponseplanIRP_ISS_2016
Samuel Loomis
 
PDF
New Age Red Teaming - Enterprise Infilteration
Shritam Bhowmick
 
PPTX
Purple Gradient Illustration Cyber Security Presentation (1).pptx
adnanhanif190b
 
PDF
Preparing for future attacks - the right security strategy
RapidSSLOnline.com
 
PDF
Future Cyber Attacks & Solution - Symantec
CheapSSLsecurity
 
PDF
10 Tips to Improve Your Security Incident Readiness and Reponse
EMC
 
PPT
Incident handling.final
ahmad abdelhafeez
 
PDF
Incident response methodology
Piyush Jain
 
PDF
cyber forensics-incident response methodology.pdf
mcjaya2024
 
PDF
cyber forensics incident response methodology.pdf
mcjaya2024
 
PDF
IRM scm-incident response methodology.pdf
mcjaya2024
 
PPTX
Introduction to Ethical Hacking
UK Defence Cyber School
 
PDF
Risk Management
ijtsrd
 
DOC
Automated Incident Handling Using SIM
Anton Chuvakin
 
Practical Guide to Managing Incidents Using LLM's and NLP.pdf
Chris Galvan
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
CyberPro Magazine
 
IH - Step 1 - Module 7 Powerpoint Presentation.pptx
trevor501353
 
chapter 3 ethics: computer and internet crime
muhammad awais
 
Vskills Certified Network Security Professional Sample Material
Vskills
 
Chapter 33Incident Response and Forensic AnalysisCopyright ©.docx
christinemaritza
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Samuel Loomis
 
New Age Red Teaming - Enterprise Infilteration
Shritam Bhowmick
 
Purple Gradient Illustration Cyber Security Presentation (1).pptx
adnanhanif190b
 
Preparing for future attacks - the right security strategy
RapidSSLOnline.com
 
Future Cyber Attacks & Solution - Symantec
CheapSSLsecurity
 
10 Tips to Improve Your Security Incident Readiness and Reponse
EMC
 
Incident handling.final
ahmad abdelhafeez
 
Incident response methodology
Piyush Jain
 
cyber forensics-incident response methodology.pdf
mcjaya2024
 
cyber forensics incident response methodology.pdf
mcjaya2024
 
IRM scm-incident response methodology.pdf
mcjaya2024
 
Introduction to Ethical Hacking
UK Defence Cyber School
 
Risk Management
ijtsrd
 
Automated Incident Handling Using SIM
Anton Chuvakin
 
Ad

More from Mark John Lado, MIT (20)

PDF
Exploring Parts of Speech, Creating Strong Objectives, and Choosing the Right...
Mark John Lado, MIT
 
PDF
Optimizing Embedded System Device Communication with Network Topology Design
Mark John Lado, MIT
 
PDF
Embedded Systems IO Peripherals Wireless Communication.pdf
Mark John Lado, MIT
 
PDF
Implementing the 6S Lean Methodology for Streamlined Computer System Maintena...
Mark John Lado, MIT
 
PDF
ISO IEC 25010 2011 Systems and Software Quality Requirements and Evaluation S...
Mark John Lado, MIT
 
PDF
4 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
PDF
3 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
PDF
1 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
PDF
2 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
PPSX
PART 1 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
PPSX
PART 2 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
PPSX
PART 3 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
PPSX
Dart Programming Language by Mark John Lado
Mark John Lado, MIT
 
PPTX
What is CRUD in TPS?
Mark John Lado, MIT
 
PPSX
Computer hacking and security - Social Responsibility of IT Professional by M...
Mark John Lado, MIT
 
PDF
A WIRELESS DIGITAL PUBLIC ADDRESS WITH VOICE ALARM AND TEXT-TO-SPEECH FEATURE...
Mark John Lado, MIT
 
PPTX
Systems Administration - MARK JOHN LADO
Mark John Lado, MIT
 
PPTX
Introduction to Networks and Programming Language
Mark John Lado, MIT
 
PPTX
MIS Concept Final Term
Mark John Lado, MIT
 
PPTX
IT Infrastructure and Network Technologies - Finals by Mark John Lado
Mark John Lado, MIT
 
Exploring Parts of Speech, Creating Strong Objectives, and Choosing the Right...
Mark John Lado, MIT
 
Optimizing Embedded System Device Communication with Network Topology Design
Mark John Lado, MIT
 
Embedded Systems IO Peripherals Wireless Communication.pdf
Mark John Lado, MIT
 
Implementing the 6S Lean Methodology for Streamlined Computer System Maintena...
Mark John Lado, MIT
 
ISO IEC 25010 2011 Systems and Software Quality Requirements and Evaluation S...
Mark John Lado, MIT
 
4 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
3 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
1 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
2 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
PART 1 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
PART 2 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
PART 3 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
Dart Programming Language by Mark John Lado
Mark John Lado, MIT
 
What is CRUD in TPS?
Mark John Lado, MIT
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Mark John Lado, MIT
 
A WIRELESS DIGITAL PUBLIC ADDRESS WITH VOICE ALARM AND TEXT-TO-SPEECH FEATURE...
Mark John Lado, MIT
 
Systems Administration - MARK JOHN LADO
Mark John Lado, MIT
 
Introduction to Networks and Programming Language
Mark John Lado, MIT
 
MIS Concept Final Term
Mark John Lado, MIT
 
IT Infrastructure and Network Technologies - Finals by Mark John Lado
Mark John Lado, MIT
 

Recently uploaded (20)

PPTX
A Smarter Way to Think About Choosing a College
Cyndy McDonald
 
PPTX
family health care settings home visit - unit 6 - chn 1 - gnm 1st year.pptx
Priyanshu Anand
 
PDF
Review of Related Literature & Studies.pdf
Thelma Villaflores
 
PPTX
Basics and rules of probability with real-life uses
ravatkaran694
 
DOCX
Modul Ajar Deep Learning Bahasa Inggris Kelas 11 Terbaru 2025
wahyurestu63
 
PDF
BÀI TẬP TEST BỔ TRỢ THEO TỪNG CHỦ ĐỀ CỦA TỪNG UNIT KÈM BÀI TẬP NGHE - TIẾNG A...
Nguyen Thanh Tu Collection
 
PPTX
Dakar Framework Education For All- 2000(Act)
santoshmohalik1
 
PPTX
Care of patients with elImination deviation.pptx
AneetaSharma15
 
PPTX
CONCEPT OF CHILD CARE. pptx
AneetaSharma15
 
PPTX
Virus sequence retrieval from NCBI database
yamunaK13
 
PPTX
20250924 Navigating the Future: How to tell the difference between an emergen...
McGuinness Institute
 
PPTX
Python-Application-in-Drug-Design by R D Jawarkar.pptx
Rahul Jawarkar
 
PPTX
Five Point Someone – Chetan Bhagat | Book Summary & Analysis by Bhupesh Kushwaha
Bhupesh Kushwaha
 
PPTX
Artificial-Intelligence-in-Drug-Discovery by R D Jawarkar.pptx
Rahul Jawarkar
 
PPTX
Information Texts_Infographic on Forgetting Curve.pptx
Tata Sevilla
 
PPTX
PROTIEN ENERGY MALNUTRITION: NURSING MANAGEMENT.pptx
PRADEEP ABOTHU
 
PPTX
Command Palatte in Odoo 18.1 Spreadsheet - Odoo Slides
Celine George
 
PPTX
Sonnet 130_ My Mistress’ Eyes Are Nothing Like the Sun By William Shakespear...
DhatriParmar
 
PPTX
Cleaning Validation Ppt Pharmaceutical validation
Ms. Ashatai Patil
 
PPTX
Introduction to pediatric nursing in 5th Sem..pptx
AneetaSharma15
 
A Smarter Way to Think About Choosing a College
Cyndy McDonald
 
family health care settings home visit - unit 6 - chn 1 - gnm 1st year.pptx
Priyanshu Anand
 
Review of Related Literature & Studies.pdf
Thelma Villaflores
 
Basics and rules of probability with real-life uses
ravatkaran694
 
Modul Ajar Deep Learning Bahasa Inggris Kelas 11 Terbaru 2025
wahyurestu63
 
BÀI TẬP TEST BỔ TRỢ THEO TỪNG CHỦ ĐỀ CỦA TỪNG UNIT KÈM BÀI TẬP NGHE - TIẾNG A...
Nguyen Thanh Tu Collection
 
Dakar Framework Education For All- 2000(Act)
santoshmohalik1
 
Care of patients with elImination deviation.pptx
AneetaSharma15
 
CONCEPT OF CHILD CARE. pptx
AneetaSharma15
 
Virus sequence retrieval from NCBI database
yamunaK13
 
20250924 Navigating the Future: How to tell the difference between an emergen...
McGuinness Institute
 
Python-Application-in-Drug-Design by R D Jawarkar.pptx
Rahul Jawarkar
 
Five Point Someone – Chetan Bhagat | Book Summary & Analysis by Bhupesh Kushwaha
Bhupesh Kushwaha
 
Artificial-Intelligence-in-Drug-Discovery by R D Jawarkar.pptx
Rahul Jawarkar
 
Information Texts_Infographic on Forgetting Curve.pptx
Tata Sevilla
 
PROTIEN ENERGY MALNUTRITION: NURSING MANAGEMENT.pptx
PRADEEP ABOTHU
 
Command Palatte in Odoo 18.1 Spreadsheet - Odoo Slides
Celine George
 
Sonnet 130_ My Mistress’ Eyes Are Nothing Like the Sun By William Shakespear...
DhatriParmar
 
Cleaning Validation Ppt Pharmaceutical validation
Ms. Ashatai Patil
 
Introduction to pediatric nursing in 5th Sem..pptx
AneetaSharma15
 

IT Security and Management - Semi Finals by Mark John Lado

  • 1. 1. Incident Response 2. Operational Security 3. Physical and Environmental Security 4. Supplier Relationships Semi Finals – Bachelor of Science in information System IT Security and Management
  • 5. Drill • Havoc - widespread destruction • Wreak Havoc - to cause great damage • Data Breach - a security incident in which information is accessed without authorization. • Alienate - a withdrawing or separation of a person
  • 6. Learning Objectives: At the end of this chapter, you will be able to; • Recognize the incident response. • Know how the incident response important. • Engage with the three elements of incident response management. • Familiarize the six steps of incident response plan.
  • 8. What is Incident Response? A term used to describe the process by which an organization handles a data breach or cyber attack, including the way the organization attempts to manage the consequences of the attack or breach (the “incident”).
  • 9. What is Incident Response? • Incident response is the methodology an organization uses to respond to and manage a cyber-attack. An attack or data breach can wreak havoc potentially affecting customers, intellectual property company time and resources, and brand value.
  • 10. What is Incident Response? • An incident response aims to reduce this damage and recover as quickly as possible. Investigation is also a key component in order to learn from the attack and better prepare for the future.
  • 11. What is Incident Response? • Because many companies today experience a breach at some point in time, a well-developed and repeatable incident response plan is the best way to protect your company.
  • 13. Why is Incident Response Important? • As the cyber-attacks increase in scale and frequency, incident response plans become more vital to a company’s cyber defenses. Poor incident response can alienate customers.
  • 14. Who is the Incident Response Team? • The company should look to their “Computer Incident Response Team (CIRT)” to lead incident response efforts.
  • 15. Who is the Incident Response Team? • This team is comprised of experts from upper-level management, IT, information security, IT auditors when available, as well as any physical security staff that can aid when an incident includes direct contact to company systems. Incident response should also be supported by HR, legal, and PR or communications.
  • 16. The Responsible for Incident Response Incident Response Manager Who oversees and prioritizes action during the detection, analysis and containment of an incident
  • 17. The Responsible for Incident Response Security Analyst Who supports the manager and work directly with the affected network to research the time, location and details of an incident.
  • 18. The Responsible for Incident Response Triage Analyst Filter out false positives and keep an eye out for potential intrusions.
  • 19. Elements of Incident Response Management 1. Incident Response Plan 2. Incident Response Team 3. Incident Response Tools
  • 20. Incident Response Plan An incident response plan should prepare your team to deal with threats, indicate how to isolate incidents and identify their severity, how to stop the attack and eradicate the underlying cause, how to recover production systems, and how to conduct a post-mortem analysis to prevent future attacks.
  • 21. Steps of Incident Response Plan 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons learned
  • 22. Steps of Incident Response Plan 1. Preparation Listing all possible threat scenarios. Develop policies to implement in the event of a cyber attack. Develop a communication plan. Outline the roles, responsibilities, and procedures of your team.
  • 23. Steps of Incident Response Plan 1. Preparation Establish a corporate security policy Recruit and train team members, ensure they have access to relevant systems. Ensure team members have access to relevant technologies and tools.
  • 24. Steps of Incident Response Plan 2. Identification Identify and assess the incident and gathered evidence. Decide on the severity and type of the incident and escalate if necessary.
  • 25. Steps of Incident Response Plan 2. Identification Document actions taken, addressing “who, what, where, why, and how.” This information may be used later as evidence if the incident reaches a court of law.
  • 26. Steps of Incident Response Plan 3. Containment The act of preventing the expansion of harm. Typically involves disconnecting affected computers from the network.
  • 27. Steps of Incident Response Plan 4. Eradication Finding the root cause of the incident and removing affected systems from the production environment.
  • 28. Steps of Incident Response Plan 4. Eradication These steps may change the configuration of the organization. The aim is to make changes while minimizing the effect on the operations of the organization. You can achieve this by stopping the bleeding and limiting the amount of data that is exposed.
  • 29. Steps of Incident Response Plan 5. Recovery Ensure that affected systems are not in danger and can be restored to working condition. The purpose of this phase is to bring affected systems back into the production environment carefully, to ensure they will not lead to another incident.
  • 30. Steps of Incident Response Plan 5. Recovery Ensure another incident doesn’t occur by restoring systems from clean backups, replacing compromised files with clean versions, rebuilding systems from scratch, installing patches, changing passwords and reinforcing network perimeter security.
  • 31. Steps of Incident Response Plan 6. Lessons learned Completing incident documentation, performing analysis to learn from incident and potentially improving future response efforts. Complete documentation that couldn’t be prepared during the response process. The team should identify how the incident was managed and eradicated.
  • 32. The Incident Response Team • To prepare for and attend to incidents, you should form a centralized incident response team, responsible for identifying security breaches and taking responsive actions.
  • 33. The Incident Response Team The team should include: Incident response manager (team leader) Security analysts Lead investigator Threat researchers Communications lead Documentation and timeline lead Legal representation
  • 34. Incident Response Tools • Cyber incident response tools are more often used by security industries to test the vulnerabilities and provide an emergency incident response to compromised network and applications and helps to take the appropriate incident response steps.
  • 35. Summary Incident response is an approach to handling security breaches. The aim of incident response is to identify an attack, contain the damage, and eradicate the root cause of the incident. An incident can be defined as any breach of law, policy or unacceptable act that concerns information assets, such as networks, computers, or smartphones.
  • 40. Learning Objectives At the end of this chapter, you will be able to; • Familiarize of what is operational security. • Engage with the five steps of operational security. • Recognize the best practices for operational security • Apply the confidentiality, integrity, availability, and nonrepudiation in the corporate world.
  • 41. Learning Outline 1. OPERATIONAL SECURITY 2. THE FIVE STEPS OF OPERATIONAL SECURITY 3. BEST PRACTICES FOR OPERATIONAL SECURITY
  • 42. OPERATIONAL SECURITY • Operational security (OPSEC), also known as procedural security, is a risk management process that encourages managers to view operations from the perspective of an adversary in order to protect sensitive information from falling into the wrong hands.
  • 43. OPERATIONAL SECURITY • Though originally used by the military, OPSEC is becoming popular in the private sector as well. Things that fall under the OPSEC umbrella include monitoring behaviors and habits on social media sites as well as discouraging employees from sharing login credentials via email or text message.
  • 45. THE FIVE STEPS OF OPERATIONAL SECURITY The processes involved in operational security can be neatly categorized into five steps: 1. Identify your sensitive data. 2. Identify possible threats. 3. Analyze security holes and other vulnerabilities. 4. Appraise the level of risk associated with each vulnerability. 5. Get countermeasures in place.
  • 46. THE FIVE STEPS OF OPERATIONAL SECURITY 1. Identify your sensitive data including your product research, intellectual property, financial statements, customer information, and employee information. This will be the data you will need to focus your resources on protecting.
  • 47. THE FIVE STEPS OF OPERATIONAL SECURITY 2. Identify possible threats. For each category of information that you deem sensitive, you should identify what kinds of threats are present. While you should be wary of third parties trying to steal your information, you should also watch out for insider threats, such as negligent employees and disgruntled workers.
  • 48. THE FIVE STEPS OF OPERATIONAL SECURITY 3. Analyze security holes and other vulnerabilities. Assess your current safeguards and determine what, if any, loopholes or weaknesses exist that may be exploited to gain access to your sensitive data.
  • 49. THE FIVE STEPS OF OPERATIONAL SECURITY 4. Appraise the level of risk associated with each vulnerability. Rank your vulnerabilities using factors such as the likelihood of an attack happening, the extent of damage that you would suffer, and the amount of work and time you would need to recover. The more likely and damaging an attack is, the more you should prioritize mitigating the associated risk.
  • 50. THE FIVE STEPS OF OPERATIONAL SECURITY 5. Get countermeasures in place. The last step of operational security is to create and implement a plan to eliminate threats and mitigate risks. This could include updating your hardware, creating new policies regarding sensitive data, or training employees on sound security practices and company policies.
  • 51. THE FIVE STEPS OF OPERATIONAL SECURITY 5. Get countermeasures in place. Countermeasures should be straightforward and simple. Employees should be able to implement the measures required on their part with or without additional training.
  • 52. BEST PRACTICES FOR OPERATIONAL SECURITY Follow these best practices to implement a robust, comprehensive operational security program:
  • 53. BEST PRACTICES FOR OPERATIONAL SECURITY 1. Implement precise change management processes that your employees should follow when network changes are performed. All changes should be logged and controlled so they can be monitored and audited.
  • 54. BEST PRACTICES FOR OPERATIONAL SECURITY 2. Restrict access to network devices using AAA authentication. In the military and other government entities, a “need-to-know” basis is often used as a rule of thumb regarding access and sharing of information.
  • 55. • AAA authentication Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security.
  • 56. BEST PRACTICES FOR OPERATIONAL SECURITY 3. Give your employees the minimum access necessary to perform their jobs. Practice the principle of least privilege.
  • 57. BEST PRACTICES FOR OPERATIONAL SECURITY 4. Implement dual control. Make sure that those who work on your network are not the same people in charge of security.
  • 58. BEST PRACTICES FOR OPERATIONAL SECURITY 5. Automate tasks to reduce the need for human intervention. Humans are the weakest link in any organization’s operational security initiatives because they make mistakes, overlook details, forget things, and bypass processes.
  • 59. BEST PRACTICES FOR OPERATIONAL SECURITY 6. Incident response and disaster recovery planning are always crucial components of a sound security posture. Even when operational security measures are robust, you must have a plan to identify risks, respond to them, and mitigate potential damages.
  • 60. Operational Security (OPSEC) • Risk management involves being able to identify threats and vulnerabilities before they become problems. Operational security forces managers to dive deeply into their operations and figure out where their information can be easily breached.
  • 61. Operational Security (OPSEC) • Looking at operations from a malicious third- party’s perspective allows managers to spot vulnerabilities they may have otherwise missed so that they can implement the proper countermeasures to protect sensitive data.
  • 63. Learning Objectives: At the end of this chapter, you will be able to; • Elaborate what is physical and environmental security. • Engage with the objectives of physical and environmental security. • Distinguish the physical security measures. • Recognize the physical controls. • Appreciate the essence of technical controls
  • 64. Learning Outline • Physical and environmental security • Objectives of Physical and Environmental Security • Physical Security Measures • Physical Controls • Technical Controls
  • 65. What does physical and environmental security mean?
  • 66. What does physical and environmental security mean? The protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.
  • 67. Objectives of Physical and Environmental Security 1. Prevent unauthorized physical access, damage, and interference to premises and information. 2. Ensure sensitive information and critical information technology are housed in secure areas. 3. Prevent loss, damage, theft, or compromise of assets. 4. Prevent interruption of activities.
  • 68. Objectives of Physical and Environmental Security 5. protect assets from physical and environmental threats. 6. ensure appropriate equipment location, removal, and disposal. 7. ensure appropriate supporting facilities (e.g., electrical supply, data and voice cabling infrastructure).
  • 69. PHYSICAL AND ENVIRONMENTAL SECURITY The term physical and environmental security refers to measures taken to protect systems, buildings, and related supporting infrastructure against threats associated with their physical environment.
  • 70. PHYSICAL AND ENVIRONMENTAL SECURITY Physical and environmental safeguards are often overlooked but are very important in protecting information. Physical security over past decades has become increasingly more difficult for organizations. Technology and computer environments now allow more compromises to occur due to increased vulnerabilities.
  • 71. PHYSICAL AND ENVIRONMENTAL SECURITY USB hard drives, laptops, tablets and smartphones allow for information to be lost or stolen because of portability and mobile access. In the early days of computers, they were large mainframe computers only used by a few people and were secured in locked rooms.
  • 72. PHYSICAL AND ENVIRONMENTAL SECURITY Today, desks are filled with desktop computers and mobile laptops that have access to company data from across the enterprise. Protecting data, networks and systems has become difficult to implement with mobile users able to take their computers out of the facilities.
  • 73. PHYSICAL AND ENVIRONMENTAL SECURITY Fraud, vandalism, sabotage, accidents, and theft are increasing costs for organizations since the environments are becoming more “complex and dynamic”. Physical security becomes tougher to manage as technology increases with complexity, and more vulnerabilities are enabled.
  • 74. PHYSICAL AND ENVIRONMENTAL SECURITY Buildings and rooms that house information and information technology systems must be afforded appropriate protection to avoid damage or unauthorized access to information and systems. In addition, the equipment housing this information (e.g., filing cabinets, data wiring, laptop computers, and portable disk drives) must be physically protected.
  • 75. PHYSICAL AND ENVIRONMENTAL SECURITY Equipment theft is of primary concern, but other issues should be considered, such as damage or loss caused by fire, flood, and sensitivity to temperature extra.
  • 76. PHYSICAL AND ENVIRONMENTAL SECURITY Physical and environmental security programs define the various measures or controls that protect organizations from loss of connectivity and availability of computer processing caused by theft, fire, flood, intentional destruction, unintentional damage, mechanical equipment failure and power failures.
  • 77. Physical security measures should be sufficient to deal with foreseeable threats and should be tested periodically for their effectiveness and functionality.
  • 78. Physical Security Measures 1. Determine which managers are responsible for planning, funding, and operations of physical security of the Data Center.
  • 79. Physical Security Measures 2. Review best practices and standards that can assist with evaluating physical security controls, such as ISO/IEC 27002:2013.
  • 80. Physical Security Measures 3. Establish a baseline by conducting a physical security controls gap assessment that will include the following as they relate to your campus Data Center:
  • 81. Physical Security Measures 3.1 Environmental Controls An Environmental Control (EC) system can provide a level of independent control of many devices in the home for people with significant physical disabilities. EC may be suitable if you struggle to control equipment around you because of difficulties with using your arms or hands.
  • 82. Physical Security Measures 3.2 Environmental Controls
  • 83. Physical Security Measures 3.3 Natural Disaster Controls
  • 84. Physical Security Measures 3.4 Supporting Utility Controls
  • 85. Physical Security Measures 3.5 Physical Protection and Access Controls
  • 86. Physical Security Measures 3.6 System Reliability Which ensures the system is doing the required job, goes hand in hand with reliability, which ensures the system is doing its job correctly. Although they come from different ways of looking at the same problem, they are both dependent on each other.
  • 87. Physical Security Measures 3.7 Physical Security Awareness and Training
  • 88. Physical Security Measures 3.8 Contingency Plans An alternative Information Systems Security (INFOSEC) plan that is implemented when normal business operations are interrupted by emergency, failover or disaster. A contingency plan is also known as a disaster recovery plan (DRP).
  • 89. Physical Security Measures 4. Determine whether an appropriate investment in physical security equipment (alarms, locks or other physical access controls, identification badges for high-security areas, etc.) has been made and if these controls have been tested and function correctly.
  • 90. Physical Security Measures 5. Provide responsible managers guidance in handling risks. For example, if the current investment in physical security controls is inadequate, this may allow unauthorized access to servers and network equipment. Inadequate funding for key positions with responsibility for IT physical security may result in poor monitoring, poor compliance with policies and standards, and overall poor physical security.
  • 91. Physical Security Measures 6. Maintain a secure repository of physical and environmental security controls and policies and establish timelines for their evaluation, update and modification.
  • 92. Physical Security Measures 7. Create a team of physical and environmental security auditors, outside of the management staff, to periodically assess the effectiveness of the measures taken and provide feedback on their usefulness and functionality.
  • 93. Physical Controls Facilities need physical access controls in place that control, monitor and manage access. Categorizing building sections should be restricted, private or public. Different access control levels are needed to restrict zones that each employee may enter depending on their role.
  • 94. Physical Controls Many mechanisms exist that enable control and isolation access privileges at facilities. These mechanisms are intended to discourage and detect access from unauthorized individuals.
  • 95. Physical Controls 1. Perimeter Security Mantraps, gates, fences and turnstiles are used outside of the facility to create an additional layer of security before accessing the building.
  • 96. Physical Controls 2. Badges Proof of identity is necessary for verifying if a person is an employee or visitor. These cards come in the forms of name tags, badges and identification (ID) cards. Badges can also be smart cards that integrate with access control systems. Pictures, RFID tags, magnetic strips, computer chips and employee information are frequently included to help security validate.
  • 97. Physical Controls 3. Motion Detectors Motion detectors offer different technology options depending on necessity. They are used as intrusion detection devices and work in combination with alarm systems. Infrared motion detectors observe changes in infrared light patterns. Heat-based motion detectors sense changes in heat levels. Wave pattern motion detectors use ultrasonic or microwave frequencies that monitor changes in reflected patterns.
  • 98. Physical Controls 4. Intrusion Alarms Alarms monitor various sensors and detectors. These devices are door and window contacts, glass break detectors, motion detectors, water sensors, and so on. Status changes in the devices trigger the alarm.
  • 99. Technical Controls The main focus of technical controls is access control because it is one of the most compromised areas of security. Smart cards are a technical control that can allow physical access into a building or secured room and securely log in to company networks and computers.
  • 100. Technical Controls Multiple layers of defense are needed for overlap to protect from attackers gaining direct access to company resources. Intrusion detection systems are technical controls that are essential because they detect an intrusion.
  • 101. Technical Controls Detection is a must because it notifies the security event. Awareness of the event allows the organization to respond and contain the incident. Audit trails and access logs must be continually monitored. They enable the organization to locate where breaches are occurring and how often.
  • 102. Technical Controls This information helps the security team reduce vulnerabilities. 1. Smart Cards 2. Proximity Readers and RFID 3. Intrusion Detection, Guards and CCTV 4. Auditing Physical Access
  • 103. Technical Controls 1. Smart Cards Token cards have microchips and integrated circuits built into the cards that process data. Microchips and integrated circuits enable the smart card to do two-factor authentication. This authentication control helps keeps unauthorized attackers or employees from accessing rooms they are not permitted to enter.
  • 105. Technical Controls 2. Proximity Readers and RFID. Access control systems use proximity readers to scan cards and determines if it has authorized access to enter the facility or area.
  • 106. Technical Controls 2. Proximity Readers and RFID.
  • 107. Technical Controls 3. Intrusion Detection, Guards and CCTV If the equipment is relocated without approval, intrusion detection systems (IDSs) can monitor and notify of unauthorized entries. IDSs are essential to security because the systems can send a warning if a specific event occurs or if access was attempted at an unusual time.
  • 108. Technical Controls 3. Intrusion Detection, Guards and CCTV
  • 109. Technical Controls 4. Auditing Physical Access Auditing physical access control systems require the use logs and audit trails to surmise where and when a person gained false entry into the facility or attempted to break-in.
  • 110. Summary Physical protection can be achieved by creating one or more physical barriers around the organization’s premises and information processing facilities. The use of multiple barriers gives additional protection, where the failure of a single barrier does not mean that security is immediately compromised.
  • 112. Learning Objectives: At the end of this chapter, you will be able to; • Identify the Policy statement. • Engage with the Cope and application of the policy • Elaborate the Definitions of Supplier Relationships • Apprehend about Supplier relationship security policy • Engage with IT division practices • Recognize about Remote access monitoring • Distinguish about the Contract requirements
  • 113. Learning Outline • POLICY STATEMENT • COPE AND APPLICATION OF THE POLICY • DEFINITIONS • SUPPLIER RELATIONSHIP SECURITY POLICY • IT DIVISION PRACTICES • REMOTE ACCESS MONITORING • CONTRACT REQUIREMENTS
  • 115. How do you manage supplier relationships?
  • 116. What do you understand by supplier relations?
  • 117. POLICY STATEMENT • The security of information processed, transmitted or stored by organizations contracted by Organization to provide those services needs to be insured. This means that the Organization must put in place and manage contracts that protect the confidentiality, integrity and availability of information handled by suppliers of these services.
  • 118. COPE AND APPLICATION OF THE POLICY • This policy affects all Organization in information technology systems that are supported by suppliers, whether the system or service provided is on-premise or not.
  • 119. DEFINITIONS A. Suppliers Shall mean vendors, contractors or other third-parties that provide software or IT services to the Organization through a contract or other agreement.
  • 120. DEFINITIONS B. Soft token Shall mean a software-based security token that generates a single-use login PIN.
  • 121. DEFINITIONS C. RFP (Request for proposal) Shall mean either a request for proposal or an invitation for bid.
  • 122. SUPPLIER RELATIONSHIP SECURITY POLICY A. IT Division Practices B. Contract Requirements
  • 123. IT Division Practices Access Control 1. Supplier Accounts Access must be granted to suppliers only when required for performing work and with the full knowledge and prior approval of the data steward or their designee for the pertinent data
  • 124. IT Division Practices Access Control 2. Multi-factor authentication a. Suppliers needing access to systems that require multi- factor authentication must do so from an account tied to an individual. b. When an exception to the single individual per supplier account is approved multi-factor authentication to the account must be accomplished by utilizing a soft token mechanism.
  • 125. Remote Access Monitoring • When required for regulatory compliance supplier access to on-premise systems must be monitored or logged. This may be done using active monitoring by staff or by session logging done with software.
  • 126. Contract Requirements IT contract requirements • Contracts that relate to services where data is stored off- campus must utilize the standard IT contract addendum, or contract language that sufficiently insures the security of the data.
  • 127. Contract Requirements IT contract requirements • When purchasing software solutions, either hosted or on-premise, where the Organization has not issued an RFP then the supplier must complete the IT Solution Initial Assessment Tool. Responses to this tool must be analyzed and approved by IT prior to signing a contract.
  • 128. Be ready for Termly Examination