organizational security policies who can access which resources in what manner? security policy -...
TRANSCRIPT
Organizational Security PoliciesOrganizational Security Policies
WhoWho can access can access which resourceswhich resources in in what mannerwhat manner??
Security policy - Security policy - high-level high-level management document that informs management document that informs all users of the goals and constraints all users of the goals and constraints on using a system.on using a system.
Security Policies PurposeSecurity Policies Purpose
Recognize sensitive information Recognize sensitive information assetsassets
Clarify security responsibilitiesClarify security responsibilities Promote awareness for existing Promote awareness for existing
employeesemployees Guide new employeesGuide new employees
Security Policies AudienceSecurity Policies Audience
UsersUsers OwnersOwners BeneficiariesBeneficiaries Balance Among All PartiesBalance Among All Parties
ContentsContents
PurposePurpose
Protected Resources (what - asset Protected Resources (what - asset list)list)
Nature of the Protection (who and Nature of the Protection (who and how)how)
Characteristics of a Good Security Characteristics of a Good Security PolicyPolicy
Coverage (comprehensive)Coverage (comprehensive) DurabilityDurability RealismRealism UsefulnessUsefulness ExamplesExamples
Physical SecurityPhysical Security
Natural DisastersNatural Disasters• FloodFlood• FireFire• OtherOther
Power LossPower Loss• UPS; surge suppressors (line conditioners)UPS; surge suppressors (line conditioners)
Human VandalsHuman Vandals• Unauthorized Access and UseUnauthorized Access and Use• TheftTheft
Physical SecurityPhysical Security
Interception of Sensitive InformationInterception of Sensitive Information• Dumpster DivingDumpster Diving - - ShreddingShredding• Remanence (slack bits)Remanence (slack bits)
Overwriting Magnetic DataOverwriting Magnetic Data DiskWipeDiskWipe DegaussingDegaussing
• Emanation - TempestEmanation - Tempest
Contingency PlanningContingency Planning
BACKUP!!!!!BACKUP!!!!!• Complete backupComplete backup• Revolving backupRevolving backup• Selective backupSelective backup
OFFSITE BACKUP!!!!!OFFSITE BACKUP!!!!! Networked Storage (SAN)Networked Storage (SAN) Cold site (shell)Cold site (shell) Hot siteHot site