Designing Security Architecture Infrastructures - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Designing Security Architecture Infrastructures

Description:

The CISSP Certification examination consists of 250 multiple-choice questions. ... Use and regularly update anti-virus software. Restrict access by 'need to know' ... – PowerPoint PPT presentation

Number of Views:260
Avg rating:3.0/5.0
Slides: 18
Provided by: 4terr
Category:

less

Transcript and Presenter's Notes

Title: Designing Security Architecture Infrastructures


1
Designing Security Architecture Infrastructures
  • CISSP

2
CISSP - Certified Information System Security
Professional
  • https//www.isc2.org
  • CISSP examination
  • http//www.cccure.org
  • CISSP Studying Information

3
CISSP Certification Examination
  • The CISSP Certification examination consists of
    250 multiple-choice questions. Candidates have up
    to 6 hours to complete the examination.
  • Ten CISSP information systems security test
    domains are covered in the examination pertaining
    to the Common Body of Knowledge
  • Access Control Systems Methodology
  • Applications Systems Development
  • Business Continuity Planning
  • Cryptography
  • Law, Investigation Ethics
  • Operations Security
  • Physical Security
  • Security Architecture Models
  • Security Management Practices
  • Telecommunications, Network Internet Security

4
Agenda
  • Common Body of Knowledge 6 Topics
  • Cover the examination topics but will emphasis
    what works and what does not
  • Homework yes
  • Skim the chapter
  • do some projects
  • do practice tests and discuss results.
  • Discussion of Sample Tests
  • Why topics are important
  • Hand-outs
  • Electronic Viewgraphs will be available at the
    end of the course.
  • Still Being Improve

5
Mapping
6
ITU / CISSP Two Classes
  • Designing Security Architecture Infrastructures
  • Focuses on the technical items
  • Security Assessment
  • Management Infrastructures
  • Plans
  • Polices Procedures
  • Test Readiness

7
Instructor
  • Jim Bullough-Latsch
  • jbl_at_4terrorism.com
  • 818-775-1015
  • Security Experience
  • Recent security assessments, plans, policies,
    procedures for Web Systems.
  • Worked on Classified Systems.
  • Architect for Several Systems with Sensitive Data
  • Consulted on automating alarms and physical
    security systems
  • Has plenty of Degrees and Lots of Years
  • Available for consulting!

8
Why are you here?
  • What do you know?
  • What do you want to learn?

9
Security Trends Quick Summary
  • On-line Business
  • On-Line Information
  • Access to Information
  • Home Land Security
  • Traditional Closed Systems New DoD Business

10
Dollars!
  • Security

11
Jims Definition of Computer Security
  • Protecting tomorrow systems against yesterdays
    threats
  • Advice Follow the Money

12
Security Trends Book Chapter 2
  • Many organizations incorrectly assume that
    information security is a technical issue.
  • Information security is a management issue that
    may require technical solutions.
  • Agree and it requires operational solutions as
    well.
  • More and More Companies are coming online and
    connecting their closed systems to the internet.
  • Agree Need to stay in business
  • Lots of Advice about multiple layers as a
    security feature
  • Disagree
  • Each new interface causes lots of problems and
    access points!

13
Internet Information and Vulnerability
  • Cardholder Information Security Program - Check
    List
  • Will Review some each Session

14
Visa U.S.A. Cardholder Information Security
Program (CISP)
  • The Visa U.S.A. Cardholder Information Security
    Program (CISP) defines a standard of due care and
    enforcement for protecting sensitive information.
  • Because the payment industry places a high
    priority on maintaining the confidentiality and
    integrity of account and personal data, the CISP
    requirements are directed to all entities that
    store, process, or transmit cardholder
    information.
  • The program ensures the annual validation of
    merchants that accept Visa and all service
    providers on both the Issuing and Acquiring side
    of the business.
  • Includes advice on best practices and information
    sources!

15
Information Security Program Digital Dozen
Requirements
  • Install and maintain a working firewall to
    protect data
  • Keep security patches up-to-date
  • Protect stored data
  • Encrypt data sent across public networks
  • Use and regularly update anti-virus software
  • Restrict access by "need to know"
  • Assign unique ID to each person with computer
    access
  • Don't use vendor-supplied defaults for passwords
    and security parameters
  • Track all access to data by unique ID
  • Regularly test security systems and processes
  • Implement and maintain an information security
    policy
  • Restrict physical access to data

16
Rest Of Today
  • Internet Sources
  • CISP Overview
  • Access Control

17
Internet Resources
  • http//commoncriteria.org
  • http//csrc.nist.gov/
  • http//iase.disa.mil/policy.htmlguides
  • http//niap.nist.gov/
  • http//sepo.spawar.navy.mil/sepo/index2.html
  • http//us.mcafee.com
  • http//usa.visa.com/business/merchants/cisp_index.
    html
  • http//v4.windowsupdate.microsoft.com/
  • http//www.cert.org
  • http//www.criticalsecurity.com
  • http//www.fas.org/irp/doddir/dod/5200-1r
  • http//www.hq.nasa.gov/office/codeq/ns871913.htm
  • http//www.isalliance.org/
  • http//www.microsoft.com/security
  • http//www.nsa.gov
  • http//www.pogner.demon.co.uk/mil_498
  • http//www.radium.ncsc.mil/tpep
  • http//www.sans.org/top20/
  • http//www.symantec.com/
  • https//sans20.qualys.com/
Write a Comment
User Comments (0)
About PowerShow.com