SlideShare une entreprise Scribd logo

Security.ppt

Télécharger en tant que PPT, PDF
S
ssuser50c54b

This document discusses network security assessment and policies. It provides an overview of security trends seen in surveys, including many organizations experiencing security breaches. It then discusses starting an assessment from nothing, identifying assets, risks, threats, and how attacks may occur. The document outlines policies and procedures needed for security, including training and implementing tools for defense. It discusses principles like integrity, confidentiality and accountability. The policy process involves definition, implementation and compliance reporting. The implementation process assesses against policy, and then plans and makes fixes. Reasons for policy failure include lack of support, complexity and organizational politics.

Formation
1  sur  26
BindView BindView BindView BindView BindView BindView Scott Blake Mark Loveless Day 2: Morning Starting from Nothing Security Policies Afternoon Intrusion Detection
Overview • Security and networks • Assessment – Understand the what, who, and how • Technology and Policy – Problem specifics change at internet speed – Ways of coping don’t
Security and Networks • From 643 Respondents to the “2000 Computer Crime and Security Survey” (CSI/FBI): – 90% Detected security breaches – 74% Acknowledged financial loss – 25% Detected system penetration for outside the organization – 19% Reported 10 or more incidents
What the Statistics Mean • We don’t really know the prevalence of computer security breaches • Low response rate to surveys • Corps and Govn’ts won’t share information • Successful attacks come from inside • Actual financial losses are probably overstated
The Latest Trends • Old ideas get new life – Yet Another DDoS Tool: Trinity – More Viruses • Alternative Streams • Mobile Devices – Web Page Hacks • Front Page still insecure • Database insecurities
Assessment • Starting from Nothing – Assets - What are you protecting? – Risks - What can be wrong? – Threat Vectors - Who might attack? – Methods - How do they attack?
What are you protecting? • Each component of the network – Web servers – Routers – Accounting systems – Mail Servers – Modem Banks • Don’t forget the data
What can be wrong? • Poor software configuration • Missing patches • Bad passwords • No logs • No sysadmin attention
Who might attack you? • Hackers – A few talented people provide tools for thousands of kids – rootshell.com, insecure.org contain hundreds of tools – Opportunity targets • Customers – Themselves – Through stolen/guessed passwords
Who might attack you? (2) • Insiders – Through malice – Carelessness – Overwork • Competitors – “Denial of Service” attacks make you look bad – Customer lists for marketing
How Outsiders Attack • Look for known weaknesses – Misconfigured Software – Lots of sw has “more secure” configuration which is not turned on out of the box – Outdated software with known problems – Bad passwords
How outsiders attack (2) • Scanning tools (SATAN, sscan) – Make finding problems easy • Exploit tools – Make taking advantage of problems easy • Stealth tools – Make erasing logs easy
How insiders attack • Exactly the same as outsiders – Except that they are more effective
What to do about it? • Policies and Procedures for Security – What are you protecting? – What's in place to protect it? • Training and knowledge throughout the organization – Do system managers know that security is a priority? – Do they have the skills and training to execute?
What to do about it? • Design for Defense – Separation of Responsibility – Least Privilege Required • Tools – Software to Implement
Governing Principles • Integrity – Strong internal controls on security of the applications and data • Confidentiality – Strong security on user access and data transmissions • Availability – Failsafe components, error tolerance, internal availability monitoring • Accountability – Full internal auditing, tie-ins to change control systems
The Policy Process 1. Policy Definition 2. Implementation 3. Compliance Reporting
The Policy Process • High level security process • Begins with policy definition • Implementation forms a separate low level process • Compliance reporting summarizes status viz-a-viz defined policy
The Implementation Process 1. Assess 2. Planning (Reporting) 3. Fix
The Implementation Process • Lower level IT process • Assess against pre-defined policy • Results inform remediation planning • Implement fixes • Repeat
Policies • Know what you want to protect, and why – This lets you do cost benefit analysis • Know who you want to protect it from – This lets you design your defenses • Know what to do – Policies need to define actions
Policies • Involve the Stakeholders – Managers to focus on business case – Technical staff to focus on what's possible, effective – Everyone to commit to goals
Why Do Policies Fail? • Lack of stakeholder support • Too much complexity • Organizational politics
Organizational Politics • Common Organization – Centralized security body – Distributed system administration • Results in tensions, cross-purposes
Questions?
A Distributed Organization

Recommandé

Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptxBinod Rimal
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxAkramAlqadasi1
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
ISAA PPt
ISAA PPtISAA PPt
ISAA PPtRishabhAgrawal695188
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?PECB
 

Recommandé

Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptxBinod Rimal
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxAkramAlqadasi1
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
ISAA PPt
ISAA PPtISAA PPt
ISAA PPtRishabhAgrawal695188
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?PECB
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Seurity policy
Seurity policySeurity policy
Seurity policyHari Sarda
 
Seurity policy
Seurity policySeurity policy
Seurity policyHari Sarda
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghNapier University
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3Lancope, Inc.
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
Incident Response
Incident ResponseIncident Response
Incident Responseprimeteacher32
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
9 - Security
9 - Security9 - Security
9 - SecurityRaymond Gao
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachEast Midlands Cyber Security Forum
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3 Kabul Education University
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowkCura_Relativity
 
CHAPTER8.PPT
CHAPTER8.PPTCHAPTER8.PPT
CHAPTER8.PPTssuser50c54b
 
CHAPTER7.PPT
CHAPTER7.PPTCHAPTER7.PPT
CHAPTER7.PPTssuser50c54b
 

Contenu connexe

Similaire à Security.ppt

Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Seurity policy
Seurity policySeurity policy
Seurity policyHari Sarda
 
Seurity policy
Seurity policySeurity policy
Seurity policyHari Sarda
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghNapier University
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowkCura_Relativity
 

Similaire à Security.ppt (20)

Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
Seurity policy
Seurity policySeurity policy
Seurity policy
 
Seurity policy
Seurity policySeurity policy
Seurity policy
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
9 - Security
9 - Security9 - Security
9 - Security
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to Know
 

Plus de ssuser50c54b

Plus de ssuser50c54b (15)

CHAPTER8.PPT
CHAPTER8.PPTCHAPTER8.PPT
CHAPTER8.PPT
 
CHAPTER7.PPT
CHAPTER7.PPTCHAPTER7.PPT
CHAPTER7.PPT
 
CHAPTER6.PPT
CHAPTER6.PPTCHAPTER6.PPT
CHAPTER6.PPT
 
CHAPTER5.PPT
CHAPTER5.PPTCHAPTER5.PPT
CHAPTER5.PPT
 
CHAPTER4.PPT
CHAPTER4.PPTCHAPTER4.PPT
CHAPTER4.PPT
 
CHAPTER3.PPT
CHAPTER3.PPTCHAPTER3.PPT
CHAPTER3.PPT
 
CHAPTER2.PPT
CHAPTER2.PPTCHAPTER2.PPT
CHAPTER2.PPT
 
CHAPTER1.PPT
CHAPTER1.PPTCHAPTER1.PPT
CHAPTER1.PPT
 
NET7.PPT
NET7.PPTNET7.PPT
NET7.PPT
 
NET6.PPT
NET6.PPTNET6.PPT
NET6.PPT
 
NET5.PPT
NET5.PPTNET5.PPT
NET5.PPT
 
NET4.PPT
NET4.PPTNET4.PPT
NET4.PPT
 
NET3.PPT
NET3.PPTNET3.PPT
NET3.PPT
 
NET2.PPT
NET2.PPTNET2.PPT
NET2.PPT
 
NET1.PPT
NET1.PPTNET1.PPT
NET1.PPT
 

Dernier

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfssuserdda66b
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Association for Project Management
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 

Dernier (20)

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 

Security.ppt

  • 1. BindView BindView BindView BindView BindView BindView Scott Blake Mark Loveless Day 2: Morning Starting from Nothing Security Policies Afternoon Intrusion Detection
  • 2. Overview • Security and networks • Assessment – Understand the what, who, and how • Technology and Policy – Problem specifics change at internet speed – Ways of coping don’t
  • 3. Security and Networks • From 643 Respondents to the “2000 Computer Crime and Security Survey” (CSI/FBI): – 90% Detected security breaches – 74% Acknowledged financial loss – 25% Detected system penetration for outside the organization – 19% Reported 10 or more incidents
  • 4. What the Statistics Mean • We don’t really know the prevalence of computer security breaches • Low response rate to surveys • Corps and Govn’ts won’t share information • Successful attacks come from inside • Actual financial losses are probably overstated
  • 5. The Latest Trends • Old ideas get new life – Yet Another DDoS Tool: Trinity – More Viruses • Alternative Streams • Mobile Devices – Web Page Hacks • Front Page still insecure • Database insecurities
  • 6. Assessment • Starting from Nothing – Assets - What are you protecting? – Risks - What can be wrong? – Threat Vectors - Who might attack? – Methods - How do they attack?
  • 7. What are you protecting? • Each component of the network – Web servers – Routers – Accounting systems – Mail Servers – Modem Banks • Don’t forget the data
  • 8. What can be wrong? • Poor software configuration • Missing patches • Bad passwords • No logs • No sysadmin attention
  • 9. Who might attack you? • Hackers – A few talented people provide tools for thousands of kids – rootshell.com, insecure.org contain hundreds of tools – Opportunity targets • Customers – Themselves – Through stolen/guessed passwords
  • 10. Who might attack you? (2) • Insiders – Through malice – Carelessness – Overwork • Competitors – “Denial of Service” attacks make you look bad – Customer lists for marketing
  • 11. How Outsiders Attack • Look for known weaknesses – Misconfigured Software – Lots of sw has “more secure” configuration which is not turned on out of the box – Outdated software with known problems – Bad passwords
  • 12. How outsiders attack (2) • Scanning tools (SATAN, sscan) – Make finding problems easy • Exploit tools – Make taking advantage of problems easy • Stealth tools – Make erasing logs easy
  • 13. How insiders attack • Exactly the same as outsiders – Except that they are more effective
  • 14. What to do about it? • Policies and Procedures for Security – What are you protecting? – What's in place to protect it? • Training and knowledge throughout the organization – Do system managers know that security is a priority? – Do they have the skills and training to execute?
  • 15. What to do about it? • Design for Defense – Separation of Responsibility – Least Privilege Required • Tools – Software to Implement
  • 16. Governing Principles • Integrity – Strong internal controls on security of the applications and data • Confidentiality – Strong security on user access and data transmissions • Availability – Failsafe components, error tolerance, internal availability monitoring • Accountability – Full internal auditing, tie-ins to change control systems
  • 17. The Policy Process 1. Policy Definition 2. Implementation 3. Compliance Reporting
  • 18. The Policy Process • High level security process • Begins with policy definition • Implementation forms a separate low level process • Compliance reporting summarizes status viz-a-viz defined policy
  • 19. The Implementation Process 1. Assess 2. Planning (Reporting) 3. Fix
  • 20. The Implementation Process • Lower level IT process • Assess against pre-defined policy • Results inform remediation planning • Implement fixes • Repeat
  • 21. Policies • Know what you want to protect, and why – This lets you do cost benefit analysis • Know who you want to protect it from – This lets you design your defenses • Know what to do – Policies need to define actions
  • 22. Policies • Involve the Stakeholders – Managers to focus on business case – Technical staff to focus on what's possible, effective – Everyone to commit to goals
  • 23. Why Do Policies Fail? • Lack of stakeholder support • Too much complexity • Organizational politics
  • 24. Organizational Politics • Common Organization – Centralized security body – Distributed system administration • Results in tensions, cross-purposes