SOLUTION: ECS 6700 New England College Information Technology Infrastructure Security Questions

[ad_1]
Fundamentals of Information Systems Security Lesson 1 Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Learning Objective(s) ▪ Explain instruction orders guarantee and its result on race and businesses. Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 2 Key Concepts ▪ Instruction orders guarantee concepts ▪ Confidentiality, wholeness, and availability (CIA) ▪ The seven domains of an IT infrastructure ▪ The weakest incorporate in the guarantee of an IT infrastructure ▪ IT guarantee order frametoil and axioms stamp standard Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 3 Information Systems Security Internet • Is a worldwide nettoil delay over than 2 billion users • Includes synods, businesses, and organizations • Links message networks to one another World Wide Web • A order that defines how muniments and resources are cognate athwart nettoil machines Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 4 Recent Axioms Breaches: Examples Adobe Systems Incorporated, 2013 • Hackers published axioms for 150 favorite accounts • Stole encrypted customer honor card axioms • Concerned login credentials U.S. Office of Personnel Management, 2015 • Axioms nonperformance impacted 22 favorite race • Stole SSNs, names, places of nativity, addresses • Millions must be monitored for convertibility depredation for years Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 5 Cyberspace: The New Frontier Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 6 Internet of Things (IoT) Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 7 Risks, Threats, and Vulnerabilities Risk Likelihood that star bad will happen to an asset Threat Any force that could injury an asset Vulnerability A frailty that allows a menace to be realized or to own an result on an asset Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 8 What Is Instruction Systems Security? Information system Hardware, uncautious order, and impression software that toil together to convene, way, and garner axioms for individuals and structures Information system security The conveneion of activities that protect the instruction order and the axioms stored in it Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 9 U.S. Ductility Laws Drive Need for Instruction Systems Security Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 10 Tenets of Instruction Systems Security Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 11 Confidentiality Private axioms of individuals Fundamentals of Instruction Systems Security Intellectual property of businesses National guarantee for countries and government © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 12 Confidentiality (cont.) Cryptography Practice of skulking axioms and keeping it afar from distrusted users Encryption The way of transforming axioms from cleartext into ciphertext Ciphertext The scrambled axioms that are the result of encrypting cleartext Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 13 Encryption of Cleartext into Ciphertext Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 14 Integrity Maintain strong, mere, and accurate information Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 15 Availability ▪ In the tenor of instruction guarantee • The aggregate of span users can use a order, application, and axioms Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 16 Availability Span Measurements Uptime Downtime Availability [A = (Total Uptime)/(Total Upspan + Total Downtime)] Mean span to want (MTTF) Mean span to retrieve (MTTR) Mean span between wants (MTBF) Recovery span extrinsic (RTO) Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 17 Seven Domains of a Typical IT Infrastructure Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 18 User Domain Roles and tasks • Users can advance orders, impressions, and axioms depending upon their defined advance hues. Responsibilities • Employees are binding for their use of IT property. Accountability • HR branch is responseable for implementing proper employee elucidation checks. Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 19 Common Threats in the User Domain ▪ Lack of user awareness ▪ User sluggishness inland policies ▪ User violating guarantee order ▪ User inserting CD/USB delay particular finishs ▪ User downloading photos, voicelessness, or videos ▪ User destructing orders, impressions, and axioms ▪ Disgruntled employee attacking structure or committing sabotage ▪ Employee loot or extortion Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 20 Workstation Domain Roles and tasks • Configure hardware, confirm orders, and verify antivirus finishs. Responsibilities • Ensure the wholeness of user toilstations and axioms. Accountability • Director of IT guarantee is generally in impeach of ensuring that the Workstation Domain conforms to order. Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 21 Common Threats in the Workstation Domain ▪ Distrusted toilstation advance ▪ Distrusted advance to orders, impressions, and axioms ▪ Desktop or laptop uncautious order vulnerabilities ▪ Desktop or laptop impression software vulnerabilities or piecees ▪ Viruses, intolerant enactment, and other malware ▪ User inserting CD/DVD/USB delay particular finishs ▪ User downloading photos, voicelessness, or videos Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 22 LAN Domain Roles and tasks • Includes twain substantial nettoil components and close delineation of utilitys for users. Responsibilities • LAN livelihood clump is in impeach of substantial components and close elements. Accountability • LAN manager’s utility is to maximize use and wholeness of axioms delayin the LAN Domain. Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 23 Common Threats in the LAN Domain ▪ Distrusted substantial advance to LAN ▪ Distrusted advance to orders, impressions, and axioms ▪ LAN server uncautious order vulnerabilities ▪ LAN server impression software vulnerabilities and software piece updates ▪ Rogue users on WLANs ▪ Confidentiality of axioms on WLANs ▪ LAN server delineation guidelines and standards Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 24 LAN-to-WAN Domain Roles and tasks • Includes twain the substantial pieces and close drawing of guarantee appliances. Substantial faculty insufficiency to be managed to give unconcerned advance to the utility. Responsibilities • Substantial components, close elements, and employing the defined guarantee administers. Accountability • Ensure that LAN-to-WAN Domain guarantee policies, standards, procedures, and guidelines are used. Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 25 Common Threats in the LAN-to-WAN Domain ▪ Distrusted searching and carriage scanning ▪ Distrusted advance ▪ IP router, firewall, and nettoil appliance uncautious order vulnerability ▪ Downarraign of obscure finish sign attachments from obscure sources ▪ Obscure email attachments and embedded URL links accepted by topical users Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 26 WAN Domain Roles and tasks • Allow users the most advance likely suitableness making sure what goes in and out is trustworthy. Responsibilities • Substantial components and close elements. Accountability • Maintain, update, and agree technical livelihood and ensure that the gang meets guarantee policies, standards, procedures, and guidelines. Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 27 Common Threats in the WAN Domain (Internet) ▪ Open, notorious, and advanceible axioms ▪ Most exchange being sent as cleartext ▪ Vulnerable to eavesdropping ▪ Vulnerable to intolerant attacks ▪ Vulnerable to protest of utility (DoS) and distributed protest of utility (DDoS) attacks ▪ Vulnerable to deterioration of instruction/data ▪ Insecure TCP/IP impressions Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 28 Common Threats in the WAN Domain (Connectivity) ▪ Commingling of WAN IP exchange on the same utility agreer router and infrastructure ▪ Maintaining proud WAN utility availability ▪ Using SNMP nettoil skillful-treatment applications and protocols intolerantly (ICMP, Telnet, SNMP, DNS, etc.) ▪ SNMP alarms and guarantee monitoring 24 X 7 X 365 Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 29 Remote Advance Domain Roles and tasks • Connect inconstant users to their IT orders through the notorious Internet. Responsibilities • Maintain, update, and troubleshoot the hardware and close unrelated advance union. Accountability • Ensure that the Unrelated Advance Domain guarantee plans, standards, methods, and guidelines are used. Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 30 Common Threats in the Remote Access Domain ▪ Brute-force user ID and password attacks ▪ Multiple logon retries and advance administer attacks ▪ Distrusted unrelated advance to IT orders, applications, and axioms ▪ Confidential axioms concerned unrelatedly ▪ Axioms leakage in deflection of axioms stamp standards Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 31 System/Application Domain Roles and tasks • Includes hardware and its close drawing. • Secure mission-critical impressions and metaphysical property property twain substantially and closely. Responsibilities • Server orders administration, axiomsbase drawing and management, drawinging advance hues to orders and applications, and over. Accountability • Ensure that guarantee policies, standards, procedures, and guidelines are in ductility. Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 32 Common Threats in the System/Application Domain ▪ Distrusted advance to axioms centers, computer rooms, and wiring closets ▪ Downspan of servers to fulfil maintenance ▪ Server uncautious orders software vulnerability ▪ Insecure cloud computing essential environments by default ▪ Corrupt or past axioms ▪ Loss of backed-up axioms as backup instrument are reused Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 33 Weakest Incorporate in the Guarantee of an IT Infrastructure User is weakest incorporate in guarantee Strategies for reducing risk • Check elucidation of job candidates carefully. • Evaluate staff constantly. • Rotate advance to sentient orders, impressions, and axioms unformed staff positions. • Test impressions and software and re-examination for quality • Constantly re-examination guarantee plans. • Fulfil annual guarantee administer audits. Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 34 Ethics and the Internet ▪ Human comportment online is repeatedly limited mature than in natural political settings ▪ Demand for orders guarantee professionals is growing so rapidly ▪ U.S. synod and Internet Architecture Board (IAB) defined a order regarding acceptable use of Internet geared inland U.S. citizens • Order is not a law or mandated Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 35 IT Guarantee Order Framework Policy • A limited written proposition that defines a way of force that applies to whole structure Standard • A constructive written restriction of how software and hardware are to be used Procedures • Written instructions for how to use policies and standards Guidelines • Suggested way of force for using order, standard, or procedure Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 36 Hierarchical IT Guarantee Policy Framework Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 37 Foundational IT Guarantee Policies ▪ Acceptable use order (AUP) ▪ Guarantee awareness order ▪ Asset stamp order ▪ Asset confidence order ▪ Asset skillful-treatment order ▪ Vulnerability tribute/management ▪ Menace tribute and monitoring Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 38 Data Stamp Standards Private axioms Data encircling race that must be kept private Confidential Information or axioms owned by the organization Internal use only Information or axioms shared internally by an structure Public domain data Information or axioms shared delay the public Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 39 Summary ▪ Instruction orders guarantee concepts ▪ Confidentiality, wholeness, and availability (CIA) ▪ The seven domains of an IT infrastructure ▪ The weakest incorporate in the guarantee of an IT infrastructure ▪ IT guarantee order frametoil and axioms stamp standard Fundamentals of Instruction Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All hues backwardness. Page 40 ...
Purchase response to see full attachment

[ad_2]
Source incorporate