MIS 495 Assuring Reliable and Secure IT Services

1
MIS 495Assuring Reliable andSecure IT Services

• Dr. Steve RossWinter 2008

Based on Chapter 6 of Applegate, Austin, and
McFarlan, Corporate Information Strategy and
Management, 7th ed., 2007.
2
The Basis for Reliability

• Redundancy provides reliability for the Internet
• Failure of internal infrastructure
• How much redundancy can be afforded?
• How costly is an outage?
• Redundancy increases complexity
• Rehearsals important
• Malicious attacks

3
Availability Math

• Components in series
• Product of availability percentages
• Components in parallel
• Product of non-availability percentages

4
High-Availability Facilities

• Uninterruptible electric power
• Physical security
• Climate control
• Fire suppression
• Network connectivity
• Redundancy
• N 1 N N

5
Securing against Malicious Threats

• Classification of threats
• External attacks denial of service
• Intrusion
• Viruses and worms
• Virus requires user to do something
• Worm replicates automatically

6
Securing against Malicious Threats

• Defensive measures
• Security policies
• Firewalls
• Authentication
• Encryption
• Patching and change management
• Intrusion detection and network monitoring

7
A Security Management Framework

• Make deliberate security decisions
• Consider security a moving target
• Practice disciplined change management
• Educate users
• Deploy multilevel technical measures

8
Managing Incidents before They Occur

• Sound infrastructure design
• Disciplined execution of operating procedures
• Careful documentation
• Established crisis management procedures
• Rehearsing incident response

9
Managing during an Incident

• Beware of psychological obstacles
• Emotional responses
• Wishful thinking
• Political maneuvering
• Leaping to conclusions
• Public relations inhibition

10
Managing after an Incident

• Rebuilding often necessary
• Documentation very helpful
• Analyze
• What caused the incident
• The quality of response and recovery
• Future prevention

11
Questions to ask Before Your Data Center Burns

• Backup
• Where are original copies stored?
• What is being backed up?
• What is not being backed up?
• Where are the backups stored?
• How often is backed-up data moved to a different
  place?
• Restoration and recovery
• Are the backup media readable?
• What devices are required to read the backup
  media?
• What software is needed to read the backup media?
• Who knows how to restore the backed-up data?
• What hardware would be available to resume
  operations?