1 / 17

Kaplan School of Information Systems and Technology

Kaplan School of Information Systems and Technology. Unit 4 IT 484 Networking Security. Course Name – IT484-01 Networking Security 1203C Term Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Email: jmcdanolds@kaplan.edu

vernon
Download Presentation

Kaplan School of Information Systems and Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kaplan School of Information Systems and Technology Unit 4IT 484 Networking Security Course Name – IT484-01 Networking Security 1203C Term Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Email: jmcdanolds@kaplan.edu Phone: 641-649-2980 Office Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET

  2. UNIT 3 Review Attack vs. Security Service #1. Name two confidentiality mechanisms #2. How does cryptographic check sum ensure integrity? #3. What is the most basic form of availability?

  3. UNIT 4 Readings for UNIT 4 Web Readings Network security policy: best practices http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f945.shtml Producing Your Network Security Policy available at: http://www.watchguard.com/docs/whitepaper/securitypolicy_wp.pdf

  4. UNIT 4 Policy Understand Why Policy Is Important Define Various Policies Create Appropriate Policy Deploy Policy Use Policy Effectively

  5. UNIT 4 Policy The two primary functions of a policy are: • 1. To define the scope of security within an organization. • 2. To clearly state the expectations from everyone in the organization.

  6. UNIT 4 Why is policy important? Policy defines how security should be implemented including system configurations, network configurations, and physical security measures. Policy defines the mechanisms used to protect information and systems. Policy defines how organizations should react when security incidents occur and provides the framework for employees to work together. Policy defines the common goals and objectives of the organization’s security program. Proper security awareness training helps implement policy initiatives effectively.

  7. UNIT 4 Why is policy important? Policy example exercise: Describe a household policy step-by-step. (replace paper towel, take out garbage, etc.) Describe how to handle a household accident. Describe the first, second, and third steps after a fender-bender. Describe a policy that impacts a household for five years.

  8. UNIT 4 Types of Policies Information policy Security policy Computer use policy Internet use policy E-mail policy User management procedures System administration procedures Backup policy Incident response policy Configuration management procedures Design methodology Disaster recovery plans

  9. UNIT 4 Common Parts of a Policy Policies should have sections outlining the following: Purpose – why the policy was created Scope – what does it apply to (computers, users, etc.) Responsibility – who will be held accountable Other – enforcement, requirements, standards, compliance, monitoring, etc.

  10. UNIT 4 Examples of Policies Docs in Doc Sharing: SAMPLE INFORMATION TECHNOLOGY SECURITY PLAN by Robert H. Spencer PhD A Short Primer for Developing Security Policies – from SANS by Michele D. Guel

  11. UNIT 4 Examples of Policies • Audit Policy (subheading under Security Policy) • Audit Policy versus policy review • The audit section of the security policy defines the types of events to be audited on all systems. For example: • Logins (successful and failed), logouts, failed access to files or system objects, remote access (successful and failed), privileged actions (those performed by administrators, both successes and failures), system events (such as shutdowns and reboots) • Each event should capture the following information: • User ID (if there is one), date and time, process ID (if there is one), action performed and success or failure of the event

  12. UNIT 4 Examples of Policies (cont.) • Audit Policy • Purpose: • Scope: • Responsibility: • Other: • Who creates the audit policy? Who can change it? Who performs the audits? Who can change the process? What is done with the audit results?

  13. UNIT 4 Examples of Policies • Internet Use Policy • The Internet use policy defines the appropriate use of the Internet within an organization. It may also define inappropriate use such as visiting non-business-related web sites. • Requires management to define inappropriate usage and IT personnel to alert management • Relies on audit data to verify usage – sites, usage, time, etc. • Each event should capture the following information: • User ID (if there is one), date and time, process ID (if there is one), action performed and success or failure of the event

  14. UNIT 3 Assignments for UNIT 4 • Read Chapter 6 and the Web Reading • Post to two Discussion questions – 30 points • Complete Project Assignments Part A and B - 55 points • APA formatting • No spelling or grammar errors • Must have reference page

  15. UNIT 3 Assignment for UNIT 4 Write a paper creating an IT security policy for the bank.

  16. UNIT 3 Assignment for UNIT 4 • You have been hired by KU Bank One, a large bank that has 500 employees, to increase their corporate information security. Your first task is to create an IT security policy for the bank. You must include the following topics in your policy, along with 3 other key topics you feel critical to securing the bank’s assets: • - Authentication requirements • - Access control requirements • - Network connection requirements • - Remote access requirements • - Encryption requirements • This policy needs to be professionally written, cover the key aspects listed and provide three additional areas you feel are critical. This document should be a complete, ready to use, professionally written security plan. The page length should be between 4 and 8 pages.

  17. UNIT 3 Assignment for UNIT 4 RUBRIC Paper is professionally written and includes key information on all 5 topics listed. Points 0-15 Paper includes key information on all 3 topics beyond the key topics above and there are 3 key inclusions for an IT policy for a large bank. Points 0-20 Policy created could be used as written by a large bank with little or no new material added. Points 0-20

More Related