Security in the Real World - Security in the Real World The best laid schemes o Mice an Men Gang aft agley An lea'e us nought but grief an pain For

Security in the Real World - Security in the Real World The...

This preview shows page 1 - 8 out of 20 pages.

The best laid schemes o’ Mice an’ Men, Gang aft agley, An' lea'e us nought but grief an' pain, For promis'd joy! — Robert Burns Security in the Real World
Planning security Setting up a security plan Forecasting future needs Understanding risk What should you be worried about? What should you guard against? Creating a good security policy Non-technical risks Understanding them Mitigating them Security in the real world 2
Understand what’s currently being done Figure out where the environment is headed Decide what can be done to make things better Set up a plan Policy Current state Requirements Recommended controls Accountability Timetable Continuing attention Planning security 3
High-level description of intended security policy Usually dictated from “on high” Typically can’t be changed (easily) Outlines how system security should work Goals Responsibilities Commitment (who’s paying?) Need to identify Who gets access? What resources can they get access to? What kinds of access do they get? What’s in a security policy? 4
Need to know where things are now Critical for planning upgrades May not be possible to make “discontinuous” changes May involve trying to break into the system! Understand current issues and weaknesses Not just current security strengths & weaknesses, but also who’s responsible! Security is as much about people as it is technology Current security status 5
What does the system need to do to ensure a “secure” environment? Depends on policy Constraint Restricts or directs implementation of requirements Control Attempt to reduce a vulnerability Requirements should be general Specify effect, not mechanism Provide choices for implementation Requirements should be Correct Consistent Complete Security requirements 6
Recommendations What should be done to implement security plan List of controls needed and plan for using them Responsibility Who’s going to do all of this?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture