Upload File

layered approach - information security recommendations

  • Home
  • Technology
  • Layered Approach - Information Security Recommendations
8

Click here to load reader

Upload: michael-kaishar-msia-cissp

Post on 05-Jul-2015

863 views

Category:

Technology


0 download

Report

DESCRIPTION

This is a presentation discussing recommendations for a secure connection between a remote data center and a primary data center; taking into account user connectivity and end-user security awareness training.

TRANSCRIPT

Page 1: Layered Approach - Information Security Recommendations

1

01 INFORMATION SECURITYUsing a Layered Approach

Michael Kaishar, CISSPInformation Security Consultant

Page 2: Layered Approach - Information Security Recommendations

2

Defense-in-Depth

Layered Approach

Policies, Procedures, & Security Awareness

Physical Security

Perimeter

Internal Network

Host

Application

Data Access Control Lists and Access Control Lists and Permissions controlled by GPOPermissions controlled by GPO

All applications published by Citrix All applications published by Citrix Portal with SSL certificate securityPortal with SSL certificate security

OS Hardening & Patching, BIOS OS Hardening & Patching, BIOS Password, and Disable USBPassword, and Disable USB

Subnets, VLANs, IDS/IPS, IPSecSubnets, VLANs, IDS/IPS, IPSec

Firewalls, VPN, IDS/IPSFirewalls, VPN, IDS/IPS

Badges, PINS, Security Cameras, Badges, PINS, Security Cameras, Locks, etc…Locks, etc…

Electronic Security Policy and Electronic Security Policy and Security Awareness TrainingSecurity Awareness Training

Michael Kaishar, CISSP / Information Security Consultant

Page 3: Layered Approach - Information Security Recommendations

3

02 SECURITY AWARENESS TRAININGWeb-Based Training provided by [Vendor of Choice]

Michael Kaishar, CISSP / Information Security Consultant

Page 4: Layered Approach - Information Security Recommendations

4

Security Awareness Training

Security Awareness Training empowers employees through a web-based delivery system supporting Information Security Policies and Acceptable Use of Electronic Communications Systems at [COMPANY]. The web-based, e-learning courses are designed to help meet compliance requirements.

• Security Awareness Training Course Topics– Passwords: how to create a strong password and the techniques

hackers use to crack them.– Viruses & Hoaxes: malware concepts and protective controls each

employee can take.– Social Engineering: gathering of private information through

conversations, and how to avoid crossing the line from helpful to harmful.

Michael Kaishar, CISSP / Information Security Consultant

Page 5: Layered Approach - Information Security Recommendations

5

03 END-USER SECURITYRECOMMENDATIONS FOR TECHNICAL SECURITY

Michael Kaishar, CISSP / Information Security Consultant

Page 6: Layered Approach - Information Security Recommendations

6

End-User Security Technical Recommendation

End-User Client Security

In order to mitigate the risk of data theft it is necessary to provide a secure ePC (Thin) client solution.

• ePC Security & Feature Configuration Recommendations– RDP / ICA Connection– Only Boot from Hard Drive (Disable CD/DVD/USB Booting)– Enable BIOS Passwords– Latest XP Service Pack.– DISABLE ALL USB PORTS!!

Michael Kaishar, CISSP / Information Security Consultant

Page 7: Layered Approach - Information Security Recommendations

7

04 Network DiagramRECOMMENDATION FOR A SECURE NETWORK

Michael Kaishar, CISSP / Information Security Consultant

Page 8: Layered Approach - Information Security Recommendations

8

Network Security Recommendation

Michael Kaishar, CISSP / Information Security Consultant


Layered approach using conditional random fields for intrusion detection (synopsis)

A Two Layered Approach for Securing an Object Store …canetti/materials/acf+02.pdf · A Two Layered Approach for Securing an Object Store Network ... In our trust model, ... in his

A Layered Approach to Lightweight Toolchaining in Visual ... · A Layered Approach to Lightweight Toolchaining in Visual Analytics Hans-J org Schulz1[0000 0001 9974 535X], Martin

A layered approach for business continuity risk assessments in the supply chain

A Layered Approach to Horizon Scanning: … JFS Palmer...A Layered Approach to Horizon Scanning: Identifying Future Issues in Military and Veterans’ Health 1 Jane Palmer (Research

A Multi-Layered Programmable Blockchain Approach to ...abey.com/whitepaper/aBey-Whitepaper_03.1.pdf · A Multi-Layered Programmable Blockchain Approach to Digital Currency for High-Volume

Layered approach

A Layered Approach to Cybersecurity for Investment Firms · access, system logins, ... 12 | A Layered Approach to Cybersecurity Employee/User Behavior ... (e.g. fingerprint, biometric

Iaetsd a layered security approach through femto cell using

A Layered Approach to Support Extranet Security

A robust controller for a two-layered approach applied to

SERVICE ORIENTED LAYERED APPROACH FOR IMPLEMENTING E-GOVERNANCE SYSTEMS

EMV Security / A Key Component to a Multi-layered Security Approach

Netflix’s Layered Approach to Reducing Risk of Credential ... · Netflix’s Layered Approach to Reducing Risk of Credential Compromise WILL BENGTSON SENIOR SECURITY ENGINEER TRAVIS

SECURITY A MULTI-LAYERED APPROACH

A Multi-Layered Approach to Teaching Literacy and Content Area Standards

Priority layered approach to Transport protocol for Long fat networks

Recursion in Language: A Layered-Derivation Approach

CSL-80-5 a Layered Approach to Software Design

EMV and Encryption + Tokenization: A Layered Approach to Security

24. layered approach using conditional random fields for intrusion detection

Antivirus vulnerability calls for a multi layered cybersecurity approach

Paolo Passeri - A Multi Layered Approach to Threat Intelligence

Layered Approach using Conditional Random Fields For Intrusion Detection

Post-processing approach for tuning multi-layered

Earth System Challenges and A Multi-layered Approach for ...1823/Post... · A Multi-layered Approach for the Sustainable Development Goals Oran R. Young, Arild Underdal, Norichika

Layered approach to_business_discovery_e-arch_faley_2014

Lecture - 3 - Layered Approach to IT Security

A Layered Approach to Link Analysis and Visualization of ...fstasp/paper/icdim2012_event.pdf · In order to alleviate these problems, a layered approach to link analysis and visualization

Risk - A Multi-Layered Approach

Stare Decisis and the Rule of Law: A Layered Approach

4. layered approach using conditional random fields for intrusion detection

Layered approach to the Semantic Webmichael/sw15/slides/ST-6.pdf · 2020-03-04 · Layered approach to the Semantic Web Unicode URI XML + namespaces + XML Schema RDF + RDF Schema

Earth System Challenges and A Multi-layered Approach for ...i.unu.edu/media/ias.unu.edu-en/project/2218/Post2015_UNU-IAS... · Earth System Challenges and A Multi-layered Approach

Information Systems Security Architecture Approach Layered Protection 1532