Security Management Controls - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Security Management Controls

Description:

Security Management Controls Assets expected loss (AL)over time is at acceptable level Total elimination of loss is either impossible or too costly – PowerPoint PPT presentation

Number of Views:268
Avg rating:3.0/5.0
Slides: 11
Provided by: Saee7
Category:

less

Transcript and Presenter's Notes

Title: Security Management Controls


1
Security Management Controls
  • Assets
  • expected loss (AL)over time is at acceptable
    level
  • Total elimination of loss is either impossible or
    too costly
  • Determine AL and time period
  • Controls of last resort backup, recovery
    procedures, and insurance

2
Information Systems Assets
  • Physical
  • Personnel
  • Hardware
  • computers
  • peripherals
  • storage media
  • Facilities
  • Documentation (systems and programs
    documentation)
  • Supplies (forms, printed checks, )

3
Factors Impacting IS Assets
  • Asset market Values
  • Who values? (different users have different
    values)
  • How Lost? Customer list was lost to a competitor
  • Asset Age? Is it a recent list of A/R?
  • Loss period?

4
Information Systems Assets
  • Logical
  • Data/information (mater files, archival files)
  • Software
  • System (compilers, utilities, communication
    software)
  • Application (payroll, bill of materials)

5
Chapter 6 DB Controls
  • External Schema e.g., salesperson interested in
    the sales process. What can a salesperson see?
  • Conceptual Schema describes the entire contents
    of the database. Locating the salespersons
    content request.
  • Internal Schema mapping of content to physical
    storage media. Where the salesperson content is
    physically located and protected.

6
Role of Security Administrator
  • Prevent and detect
  • Malicious and non-malicious threats
  • Conduct a security program
  • Auditors must evaluate whether security
    administrators are conducting on-going,
    high-quality security reviews. Focus on asset
    safeguarding and data integrity

7
Types of threats to IS Assets
  • See Figure 7-5 and 7-8
  • Exposure analysis
  • EL Expected loss associated with assets
  • Pt Probability of threat occurrence
  • Pf Probability of control failure
  • L Resulting loss if threat is successful
  • ELPt Pf L

8
Security Program
  • Prepare a project plan
  • Identify assets
  • value assets
  • Identify threats
  • Assess likelihood of threats
  • Analyze the exposure
  • Adjust controls
  • Prepare security report

9
Major Security Threats and Remedial Measures
  • Fire Damage
  • Water
  • Energy
  • Structural Damage
  • Pollution
  • Unauthorized Intrusion
  • Viruses and Worms See Fig 7-9
  • Misuse of Software, Data, and Service
  • Develop Code of Conduct Table 7-2

10
Controls of Last Resort
  • Disaster Recovery Plan
  • Emergency plan, Backup plan- Recovery plan- Test
    plan
  • Backup plan
  • hot site (most hardware and software ready)
  • cold site ( not running at the moment, but will)
  • warm site (some things can work immediately)
  • Reciprocal agreement (2 or more organizations
    agree to help each other)
  • Insurance
Write a Comment
User Comments (0)
About PowerShow.com