1 / 19

Essential Security Principles: Safeguarding Your Organization

Learn about policy, procedure, standards, and guidelines in operational security, physical security mechanisms, environmental concerns, social engineering tactics, and the role of people in security practices within organizations.

oria
Télécharger la présentation

Essential Security Principles: Safeguarding Your Organization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Principles of Networking SecurityChapters 3 & 4 Matt Lavoie NST281-01

  2. Chapter 3:Operational and Organizational Security Matt Lavoie NST281-01

  3. Security in Your Organization • Policy: A broad statement of accomplishment • Procedure: The step-by-step method to implement a policy • Standards: Mandatory elements of implementing a policy • Guidelines: Recommendations related to a policy

  4. Security in Your Organization • Policy Lifecycle: • Plan • Implement • Monitor • Evaluate • Establish a security perimeter

  5. Physical Security • Mechanisms to restrict physical access to computers and networks • Locks (combination/biometric/keyed) • Video surveillance, logs, guards • A room has six sides • Physical barriers (gates/walls, man-traps, open space)

  6. Environmental Issues • HVAC Systems: Climate control • UPS/Generators: Power failure • Fire Protection: Detect/suppress • Off-Site Backups: Bad stuff happens

  7. Other Issues • Wireless • Wi-Fi / Cellular / Bluetooth • Electromagnetic Eavesdropping • TEMPEST • Location • Bury the sensitive stuff

  8. Chapter 4:The Role of People in Security Matt Lavoie NST281-01

  9. Social Engineering • Making people talk • Questions, emotions, weaknesses • Obtaining insider info (or having it) • Knowledge of security procedures • Phishing • Impersonation

  10. Social Engineering • Vishing • Trust in voice technology (VoIP, POTS) • Shoulder surfing • Observation for passcodes, PINs, etc • Reverse social engineering • Victim initiates contact

  11. Poor Security Practices • Password selection • Too short • Not complicated • Easy to guess • Information on a person • Password policies • Can encourage bad behavior

  12. Poor Security Practices • Same password, multiple accounts • One compromises all • Piggybacking • Controlled access points • Dumpster Diving • Sensitive information discarded

  13. Poor Security Practices • Installing software/hardware • Backdoors/rogue access points • Physical access by non-employees • Control who gets in • Pizza and flowers • Legitimate access, nefarious intentions

  14. People as a Security Tool • Security Awareness • Training/refreshers • Be alert • Don’t stick your head in the sand • Individual User Responsibilities • Keep secure material secure

  15. What Have We Learned? In a properly secured environment, people are the weakest link A system with physical access is a compromised system

  16. Questions and Answers

More Related