SecurityAnalysis

Awareness and training firewalls and network security

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: mechanisms Incident response planning Encryption mechanisms Security awareness and training Firewalls and network security mechanisms Physical security Intrusion detection systems Personnel security Security configuration settings Certification, accreditation, and Anti-viral software Smart cards security assessments Adversaries attack the weakest link…where is yours? What you need to know What • • • • • • IT resources to be managed What’s available on your network Policies, laws & regulations Security Awareness Risk Assessment, Mitigation, & Monitoring Resources to help you The Golden Rules The Building an Effective Enterprise Information Security Program Develop an enterprise-wide information security strategy and game plan Get corporate “buy in” for the enterprise information security program—effective programs start at the top Build information security into the infrastructure of the enterprise Establish level of “due diligence” for information security Focus initially on mission/business case impacts—bring in threat information only when specific and credible The Golden Rules The Building an Effective Enterprise Information Security Program Create a balanced information security program with management, operational, and technical security controls Employ a solid foundation of security controls first, then build on that foundation guided by an assessment of risk Avoid complicated and expensive risk assessments that rely on flawed assumptions or unverifiable data Harden the target; place multiple barriers between the adversary and enterprise information systems Be a good consumer—beware of vendors trying to sell “single point solutions” for enterprise security problems The Golden Rules The Building an Effective Enterprise Information Security Program Don’t be overwhelmed with the enormity or complexity of the information security problem—take one step at a time and build on small successes Don’t tolerate indifference to enterprise information security problems And finally… Manage enterprise risk—don’t try to avoid it! Thanks Thanks Q A...
View Full Document

This document was uploaded on 01/14/2014.

Ask a homework question - tutors are online