Upload File

layered approach - information security recommendations

  • Home
  • Technology
  • Layered Approach - Information Security Recommendations
8

Click here to load reader

Upload: michael-kaishar-msia-cissp

Post on 05-Jul-2015

863 views

Category:

Technology


0 download

Report

DESCRIPTION

This is a presentation discussing recommendations for a secure connection between a remote data center and a primary data center; taking into account user connectivity and end-user security awareness training.

TRANSCRIPT

Page 1: Layered Approach - Information Security Recommendations

1

01 INFORMATION SECURITYUsing a Layered Approach

Michael Kaishar, CISSPInformation Security Consultant

Page 2: Layered Approach - Information Security Recommendations

2

Defense-in-Depth

Layered Approach

Policies, Procedures, & Security Awareness

Physical Security

Perimeter

Internal Network

Host

Application

Data Access Control Lists and Access Control Lists and Permissions controlled by GPOPermissions controlled by GPO

All applications published by Citrix All applications published by Citrix Portal with SSL certificate securityPortal with SSL certificate security

OS Hardening & Patching, BIOS OS Hardening & Patching, BIOS Password, and Disable USBPassword, and Disable USB

Subnets, VLANs, IDS/IPS, IPSecSubnets, VLANs, IDS/IPS, IPSec

Firewalls, VPN, IDS/IPSFirewalls, VPN, IDS/IPS

Badges, PINS, Security Cameras, Badges, PINS, Security Cameras, Locks, etc…Locks, etc…

Electronic Security Policy and Electronic Security Policy and Security Awareness TrainingSecurity Awareness Training

Michael Kaishar, CISSP / Information Security Consultant

Page 3: Layered Approach - Information Security Recommendations

3

02 SECURITY AWARENESS TRAININGWeb-Based Training provided by [Vendor of Choice]

Michael Kaishar, CISSP / Information Security Consultant

Page 4: Layered Approach - Information Security Recommendations

4

Security Awareness Training

Security Awareness Training empowers employees through a web-based delivery system supporting Information Security Policies and Acceptable Use of Electronic Communications Systems at [COMPANY]. The web-based, e-learning courses are designed to help meet compliance requirements.

• Security Awareness Training Course Topics– Passwords: how to create a strong password and the techniques

hackers use to crack them.– Viruses & Hoaxes: malware concepts and protective controls each

employee can take.– Social Engineering: gathering of private information through

conversations, and how to avoid crossing the line from helpful to harmful.

Michael Kaishar, CISSP / Information Security Consultant

Page 5: Layered Approach - Information Security Recommendations

5

03 END-USER SECURITYRECOMMENDATIONS FOR TECHNICAL SECURITY

Michael Kaishar, CISSP / Information Security Consultant

Page 6: Layered Approach - Information Security Recommendations

6

End-User Security Technical Recommendation

End-User Client Security

In order to mitigate the risk of data theft it is necessary to provide a secure ePC (Thin) client solution.

• ePC Security & Feature Configuration Recommendations– RDP / ICA Connection– Only Boot from Hard Drive (Disable CD/DVD/USB Booting)– Enable BIOS Passwords– Latest XP Service Pack.– DISABLE ALL USB PORTS!!

Michael Kaishar, CISSP / Information Security Consultant

Page 7: Layered Approach - Information Security Recommendations

7

04 Network DiagramRECOMMENDATION FOR A SECURE NETWORK

Michael Kaishar, CISSP / Information Security Consultant

Page 8: Layered Approach - Information Security Recommendations

8

Network Security Recommendation

Michael Kaishar, CISSP / Information Security Consultant


Earth System Challenges and A Multi-layered Approach for ...i.unu.edu/media/ias.unu.edu-en/project/2218/Post2015_UNU-IAS... · Earth System Challenges and A Multi-layered Approach

Iaetsd a layered security approach through femto cell using

Protecting Critical Infrastructure: a multi-layered approach

Layered approach to_business_discovery_e-arch_faley_2014

Iontophoretic transdermal drug delivery: a multi-layered approach · 2020. 5. 25. · Iontophoretic transdermal drug delivery: a multi-layered approach Jose A. Ferreira´ a, Marco

Information Systems Security Architecture Approach Layered Protection 1532

Stare Decisis and the Rule of Law: A Layered Approach

SECURITY A MULTI-LAYERED APPROACH

Risk - A Multi-Layered Approach

Post-processing approach for tuning multi-layered

24. layered approach using conditional random fields for intrusion detection

Lecture - 3 - Layered Approach to IT Security

A Two Layered Approach for Securing an Object Store …canetti/materials/acf+02.pdf · A Two Layered Approach for Securing an Object Store Network ... In our trust model, ... in his

Layered Approach using Conditional Random Fields For Intrusion Detection

A Two Layered Approach for Securing an Object Store Networkpeople.csail.mit.edu › canetti › materials › acf+02.pdf · A Two Layered Approach for Securing an Object Store Network

A Layered Approach to Link Analysis and Visualization of ...fstasp/paper/icdim2012_event.pdf · In order to alleviate these problems, a layered approach to link analysis and visualization

On Models and Ontologies - A Layered Approach for Model-based …subs.emis.de/LNI/Proceedings/Proceedings82/GI-Proceedings-82-1.pdf · On Models and Ontologies - A Layered Approach

A robust controller for a two-layered approach applied to

A Layered Approach to Lightweight Toolchaining in Visual ... · A Layered Approach to Lightweight Toolchaining in Visual Analytics Hans-J org Schulz1[0000 0001 9974 535X], Martin

SAS - A Layered Approach to Fraud Detection and Prevention

Priority layered approach to Transport protocol for Long fat networks

4. layered approach using conditional random fields for intrusion detection

Layered approach

Earth System Challenges and A Multi-layered Approach for ...1823/Post... · A Multi-layered Approach for the Sustainable Development Goals Oran R. Young, Arild Underdal, Norichika

A Multi-Layered Approach to Teaching Literacy and Content Area Standards

EMV and Encryption + Tokenization: A Layered Approach to Security

Antivirus vulnerability calls for a multi layered cybersecurity approach

A layered approach for business continuity risk assessments in the supply chain

A Multi-Layered Programmable Blockchain Approach to ...abey.com/whitepaper/aBey-Whitepaper_03.1.pdf · A Multi-Layered Programmable Blockchain Approach to Digital Currency for High-Volume

NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Security

Multi-layered approach to 2D urban flood modelling

Netflix’s Layered Approach to Reducing Risk of Credential ... · Netflix’s Layered Approach to Reducing Risk of Credential Compromise WILL BENGTSON SENIOR SECURITY ENGINEER TRAVIS

Layered approach using conditional random fields for intrusion detection (synopsis)

CSL-80-5 a Layered Approach to Software Design

Effective Field Theoretic Approach to Layered Superconductors