SlideShare a Scribd company logo

Network security, change control, outsourcing

Download as PPT, PDF
Nicholas Davis
Nicholas Davis

This document discusses network security, change control, and outsourcing. It provides an overview of key network security concepts like authentication, authorization, firewalls and intrusion prevention systems. It also discusses the importance of change control processes for network security and preventing unauthorized access. The document outlines potential security threats when outsourcing like theft of intellectual property and introduces countermeasures like electronic vaults, access controls and compartmentalization of data.

1 of 45
Downloaded 10 times
Information System 365/765 Lecture 12 Network Security, Change Control, Outsourcing
Todayโ€™s Chocolate Bar Snickers โ€“ AGAIN! โ€ข In 1930, the Mars family introduced its second product, Snickers, named after one of their favorite horses โ€ข Snickers is the best selling chocolate bar of all time and has annual global sales of US$2 billion
Nutty Cisco Video โ€ข Watch video โ€ข Think about what you would do to protect you server area, using your knowledge gained so far in the class โ€ข Split into groups of four, come up with a mini presentation โ€ข Talk to class for 3 minutes
Network Security โ€ข Why didnโ€™t we talk about this on day one? โ€ข Bringing it all together โ€ข protect the network and the network-accessible resources from unauthorized access and consistent and continuous monitoring and measurement of its effectiveness
Network Security vs. Computer Security โ€ข Securing network infrastructure is like securing possible entry points of attacks on a country by deploying appropriate defense. โ€ข Computer security is more like providing means to protect a single PC against outside intrusion.
Network Security โ€ข Prevents users from ever being exposed to attacks โ€ข Protection of all entry points and shared resources โ€ข Printers, Network attached storage (NAS), Iphones, etc. โ€ข Attacks stop at entry points, BEFORE they spread
Computer Security โ€ข Focused on an individual host โ€ข A computerโ€™s security is vulnerable to people who have higher access privileges than the protection mechanism. โ€ข While this is also true with Network Security, it is less likely.
Attributes Of A Secure Network โ€ข Authentication โ€ข Authorization โ€ข Firewall โ€ข Intrusion Prevention System โ€ข Antivirus โ€ข Honeypots โ€ข Monitoring
Authentication โ€ข Providing proof that you are who you claim to be
Authorization โ€ข Determining the level of access that a given individual should have โ€ข Authorization is done after authentication
Firewall โ€ข An integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. It is also a device or set of devices configured to permit, deny, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.
Intrusion Prevention System โ€ข An intrusion prevention system is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities.
Antivirus and Anti-Malware โ€ข Scans and cleanses data in storage and as it travels across the network, so end users are not exposed to this type of threat
Honeypots โ€ข Essentially decoy network- accessible resources, could be deployed in a network as surveillance and early-warning tools.
Security Management โ€ข Depends on environment โ€ข Small, medium and large businesses, educational institutions, government.
Small Business โ€ข A basic firewall. โ€ข For Windows users, basic antivirus and anti-spyware/anti-malware software. โ€ข When using a wireless connection, use a robust password. โ€ข Use the strongest security supported by your wireless devices, such as WPA or WPA2.
Medium Business โ€ข A strong firewall โ€ข Strong Antivirus software and Internet Security Software. โ€ข For authentication, use strong passwords and change it on a monthly basis. โ€ข When using a wireless connection, use a robust password. โ€ข Raise awareness about physical security to employees. โ€ข Use an optional network analyzer or network monitor.
Large Business โ€ข A strong firewall and proxy to keep unwanted people out. โ€ข A strong Antivirus software package and Internet Security Software package. โ€ข For authentication, use strong passwords and change it on a weekly/bi-weekly basis. โ€ข When using a wireless connection, use a robust password. โ€ข Exercise physical security precautions to employees.
Large Business โ€ข Prepare a network analyzer or network monitor and use it when needed. โ€ข Implement physical security management like closed circuit television for entry areas and restricted zones. โ€ข Security fencing to mark the company's perimeter. โ€ข Fire extinguishers for fire-sensitive areas like server rooms and security rooms. โ€ข Security guards can help to maximize security.
Educational Institutions โ€ข An adjustable firewall โ€ข Strong Antivirus software and Internet Security Software packages. โ€ข Wireless connections that lead to firewalls. โ€ข Children's Internet Protection Act compliance. โ€ข Supervision of network to guarantee updates and changes based on popular site usage. โ€ข Constant supervision by teachers, librarians, and administrators to guarantee protection against attacks by both internet and sneakernet sources.
Federal Government โ€ข A strong strong firewall and proxy to keep unwanted people out. โ€ข Strong Antivirus software and Internet Security Software suites. โ€ข Strong encryption, usually with a 256 bit key. โ€ข Whitelist authorized wireless connection, block all else. โ€ข All network hardware is in secure zones. โ€ข All host should be on a private network that is invisible from the outside. โ€ข Put all servers in a DMZ, or a firewall from the outside and from the inside. โ€ข Security fencing to mark perimeter and set wireless range to this.
Change Control โ€ข A general term describing the procedures used to ensure that changes (normally, but not necessarily, to IT systems) are introduced in a controlled and coordinated manner
Goals of Change Management โ€ข Minimal disruption to services โ€ข Reduction in back-out activities โ€ข Economic utilization of resources involved in implementing change โ€ข Ensure that a product, service or process is only modified in line with the identified necessary change
Why Is Change Control Important In IS Security? โ€ข It is particularly related to software development because of the danger of unnecessary changes being introduced without forethought, introducing faults (bugs) into the system or undoing changes made by other users of the software. Later it became a fundamental process in quality control.
The Change Control Process โ€ข Record / Classify โ€ข Assess โ€ข Plan โ€ข Build / Test โ€ข Implement โ€ข Close / Gain Acceptance.
Record and Classify โ€ข A formal request is received for something to be changed, known as the "Change Initiation". โ€ข Someone then records and classifies or categorizes that request. Part of the classification would be to assign a Category to the change, i.e. is the change a "major business change", "normal business change" or "minor business change".
Assigning a Priority โ€ข Emergency โ€ข Expedited โ€ข Normal
Assessment โ€ข The impact assessor make their risk analysis typically by answering a set of questions concerning risk, both to the business and to the IT estate, and follow this by making a judgment on who or whom should carry out the change.
Build and Test โ€ข Plan their change in detail, and also construct a regression plan, if it all goes wrong โ€ข The plan should be checked out by an independent reviewer โ€ข Build the solution, which will then be tested โ€ข Seek approval and maybe a review and request a time and date to carry out the implementation phase.
Implementation โ€ข The Change Manager approves the change with an โ€œAuthority to Implementโ€ flag โ€ข The change can then be implemented but only at the time and date agreed โ€ข Following Implementation, it is usual to carry out a โ€œPost Implementation Reviewโ€ โ€ข When the client agrees all is OK, the change can be closed.
Outsourcing Related Security Issues โ€ข Two main issues with collaborative design (outsourcing) revolve around TRUST: โ€“ Confidentiality (of product design data in storage or in transit) โ€“ Access Control (read, write, delete privileges) โ€ข Suppliers can be competitors, or have close relationships with competitors
Potential Threats of Outsourcing โ€ข Theft of trade secrets, or intellectual property โ€ข Introduction of viruses/malware to the network โ€ข Lack of understanding of corporate systems could result in damage or data loss โ€ข Loss of control over sharing of sensitive data
Potential Threats of Outsourcing โ€ข Spoofing: A competitor uses managerโ€™s or outsourcerโ€™s ID to gain access to valuable product data to use in their own designs โ€ข Tampering: Changing the product information in the database to ruin the final product design. Changing access controls allowing competing companies access to each otherโ€™s information โ€ข Repudiation: User goes in and performs a malicious act (submits false product data) and says that it was not him who did it
Countermeasures โ€ข Electronic Vault โ€ข Engineering Change Control โ€ข Release-Management Process โ€ข Flexible Access Control โ€ข Data Set Access Control โ€ข Scheduled Access Control
Electronic Vault โ€ข Keeps files in native form while still encrypting files โ€ข End-to-end security โ€“ Encryption โ€“ Access Control โ€ข Creates tamper-evident audit trails (any and all access to a document is logged)
Electronic Vault Advantages ๏ฌ Document accuracy โ€“ Maintains print streams in native format โ€ข Document quality โ€“ Streams are compressed in electronic vault without loss of resolution โ€ข Flexibility โ€“ Easy to enhance, modify, combine, engineer streams
Electronic Vault Advantages (cont.) ๏ฌSpeed โ€“ Loaded into vault with almost no disruption of operations ๏ฌLong-term viability โ€“ Since native format is allowed, electronic vault can be used in the future
Engineering Change Control โ€ข Defines and controls the process of reviewing and approving changes to the product data โ€ข Prevents tampering with accountability factor โ€ข New version of data is released in database to allow for reversal if necessary
Release-Management Process โ€ข Data released when approved โ€ข Access based on project, password, and other controls that user defines โ€ข Allows for auditing and tracking of information โ€ข Creates relationships among product data โ€ข Prevents information leaking of competing suppliers actions
Flexible Access Control โ€ข Role-based โ€ข Allows for project to have users change groups and roles โ€ข Enables distributed design data access and sharing
Scheduled Access Control โ€ข Schedule for suppliers to work on certain resources โ€ข Privileges granted at certain periods when they are needed in the design process โ€ข Revoked when not needed
Data Set Access Control โ€ข Data are assigned roles โ€ข Different views of data based on how organizations and individuals behave in a task โ€ข Least Privilege Security Principle
Access Control Diagram
Security Principles Applied โ€ข Practice defense in depth โ€“ Role based access control, data based access control, electronic vault, release management โ€ข Follow the principle of least privilege โ€“ Access controls only allow privileges to those who need it
Security Principles Applied (cont.) โ€ข Compartmentalize โ€“ Various versions of data. Information split up based on part of design for users who will need access to it โ€ข Promote privacy โ€“ Accountability so users will want to keep passwords and information secret โ€ข Be reluctant to trust โ€“ System is based on least privilege and does not disclose information until necessary
Ad

Recommended

CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
Karthikeyan Dhayalan
ย 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
Alain Charpentier
ย 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
ย 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Digital Bond
ย 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
ย 
Robert Williams Final Project
Robert Williams Final Project Robert Williams Final Project
Robert Williams Final Project
Robert D. Williams
ย 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systems
Ben Rothke
ย 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Digital Bond
ย 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
Precisely
ย 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
Thomas Springer
ย 
Network security
Network securityNetwork security
Network security
Ujjwal 'Shanu'
ย 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
MLG College of Learning, Inc
ย 
ITIL # Lecture 8
ITIL # Lecture 8ITIL # Lecture 8
ITIL # Lecture 8
Kabul Education University
ย 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & Control
Adetula Bunmi
ย 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
Ben Rothke
ย 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9
jemtallon
ย 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
nado-web
ย 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
Faizan Janjua
ย 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
Digital Bond
ย 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technology
Kevin Lloyd
ย 
Health information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information securityHealth information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information security
Dr. Lasantha Ranwala
ย 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
backdoor
ย 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
Sam Bowne
ย 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
Jim Gilsinn
ย 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Jim Gilsinn
ย 
10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business
SYMBIONT, INC.
ย 
Cascade TEK - ISTA Package Testing
Cascade TEK - ISTA Package TestingCascade TEK - ISTA Package Testing
Cascade TEK - ISTA Package Testing
Cascade TEK
ย 
10 reiner - Early careers winter school, 9-12th January 2012, University of C...
10 reiner - Early careers winter school, 9-12th January 2012, University of C...10 reiner - Early careers winter school, 9-12th January 2012, University of C...
10 reiner - Early careers winter school, 9-12th January 2012, University of C...
UK Carbon Capture and Storage Research Centre
ย 
Eu law
Eu lawEu law
Eu law
p_drury
ย 
Electronic Bubble Wrap Keychain!
Electronic Bubble Wrap Keychain!Electronic Bubble Wrap Keychain!
Electronic Bubble Wrap Keychain!
sj3288
ย 
Ad

More Related Content

What's hot (18)

Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
Precisely
ย 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
Thomas Springer
ย 
Network security
Network securityNetwork security
Network security
Ujjwal 'Shanu'
ย 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
MLG College of Learning, Inc
ย 
ITIL # Lecture 8
ITIL # Lecture 8ITIL # Lecture 8
ITIL # Lecture 8
Kabul Education University
ย 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & Control
Adetula Bunmi
ย 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
Ben Rothke
ย 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9
jemtallon
ย 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
nado-web
ย 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
Faizan Janjua
ย 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
Digital Bond
ย 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technology
Kevin Lloyd
ย 
Health information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information securityHealth information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information security
Dr. Lasantha Ranwala
ย 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
backdoor
ย 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
Sam Bowne
ย 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
Jim Gilsinn
ย 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Jim Gilsinn
ย 
10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business
SYMBIONT, INC.
ย 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
Precisely
ย 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
Thomas Springer
ย 
Network security
Network securityNetwork security
Network security
Ujjwal 'Shanu'
ย 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
MLG College of Learning, Inc
ย 
ITIL # Lecture 8
ITIL # Lecture 8ITIL # Lecture 8
ITIL # Lecture 8
Kabul Education University
ย 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & Control
Adetula Bunmi
ย 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
Ben Rothke
ย 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9
jemtallon
ย 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
nado-web
ย 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
Faizan Janjua
ย 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
Digital Bond
ย 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technology
Kevin Lloyd
ย 
Health information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information securityHealth information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information security
Dr. Lasantha Ranwala
ย 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
backdoor
ย 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
Sam Bowne
ย 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
Jim Gilsinn
ย 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Jim Gilsinn
ย 
10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business10 Quick Cybersecurity Wins for Small Business
10 Quick Cybersecurity Wins for Small Business
SYMBIONT, INC.
ย 

Viewers also liked (6)

Cascade TEK - ISTA Package Testing
Cascade TEK - ISTA Package TestingCascade TEK - ISTA Package Testing
Cascade TEK - ISTA Package Testing
Cascade TEK
ย 
10 reiner - Early careers winter school, 9-12th January 2012, University of C...
10 reiner - Early careers winter school, 9-12th January 2012, University of C...10 reiner - Early careers winter school, 9-12th January 2012, University of C...
10 reiner - Early careers winter school, 9-12th January 2012, University of C...
UK Carbon Capture and Storage Research Centre
ย 
Eu law
Eu lawEu law
Eu law
p_drury
ย 
Electronic Bubble Wrap Keychain!
Electronic Bubble Wrap Keychain!Electronic Bubble Wrap Keychain!
Electronic Bubble Wrap Keychain!
sj3288
ย 
NetSpective Internet Content Filter | Powered by TeleMate.Net
NetSpective Internet Content Filter | Powered by TeleMate.NetNetSpective Internet Content Filter | Powered by TeleMate.Net
NetSpective Internet Content Filter | Powered by TeleMate.Net
telemate_mktg
ย 
DVS Services Handout 2015
DVS Services Handout 2015DVS Services Handout 2015
DVS Services Handout 2015
Kevin Sakaki
ย 
Cascade TEK - ISTA Package Testing
Cascade TEK - ISTA Package TestingCascade TEK - ISTA Package Testing
Cascade TEK - ISTA Package Testing
Cascade TEK
ย 
10 reiner - Early careers winter school, 9-12th January 2012, University of C...
10 reiner - Early careers winter school, 9-12th January 2012, University of C...10 reiner - Early careers winter school, 9-12th January 2012, University of C...
10 reiner - Early careers winter school, 9-12th January 2012, University of C...
UK Carbon Capture and Storage Research Centre
ย 
Eu law
Eu lawEu law
Eu law
p_drury
ย 
Electronic Bubble Wrap Keychain!
Electronic Bubble Wrap Keychain!Electronic Bubble Wrap Keychain!
Electronic Bubble Wrap Keychain!
sj3288
ย 
NetSpective Internet Content Filter | Powered by TeleMate.Net
NetSpective Internet Content Filter | Powered by TeleMate.NetNetSpective Internet Content Filter | Powered by TeleMate.Net
NetSpective Internet Content Filter | Powered by TeleMate.Net
telemate_mktg
ย 
DVS Services Handout 2015
DVS Services Handout 2015DVS Services Handout 2015
DVS Services Handout 2015
Kevin Sakaki
ย 
Ad

Similar to Network security, change control, outsourcing (20)

Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
ย 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
Kudzi Chikwatu
ย 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
ย 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
Inductive Automation
ย 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
aizazhussain234
ย 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
Inductive Automation
ย 
Robert Williams Final Project
Robert Williams Final Project Robert Williams Final Project
Robert Williams Final Project
Robert D. Williams
ย 
Maintenance of Hospital Information System
Maintenance of Hospital Information SystemMaintenance of Hospital Information System
Maintenance of Hospital Information System
Dr Jasbeer Singh
ย 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
Anne Starr
ย 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Muhammad Asim
ย 
Mis
MisMis
Mis
misecho
ย 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
ย 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
Cognic Systems Pvt Ltd
ย 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
dotco
ย 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
EduclentMegasoftel
ย 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfare
Nicholas Davis
ย 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government Cyberwarfare
Nicholas Davis
ย 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
AlgoSec
ย 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architecture
Imran Khan
ย 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
Brian Pichman
ย 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
ย 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
Kudzi Chikwatu
ย 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
ย 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
Inductive Automation
ย 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
aizazhussain234
ย 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
Inductive Automation
ย 
Robert Williams Final Project
Robert Williams Final Project Robert Williams Final Project
Robert Williams Final Project
Robert D. Williams
ย 
Maintenance of Hospital Information System
Maintenance of Hospital Information SystemMaintenance of Hospital Information System
Maintenance of Hospital Information System
Dr Jasbeer Singh
ย 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
Anne Starr
ย 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Muhammad Asim
ย 
Mis
MisMis
Mis
misecho
ย 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
ย 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
Cognic Systems Pvt Ltd
ย 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
dotco
ย 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
EduclentMegasoftel
ย 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfare
Nicholas Davis
ย 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government Cyberwarfare
Nicholas Davis
ย 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
AlgoSec
ย 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architecture
Imran Khan
ย 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
Brian Pichman
ย 
Ad

More from Nicholas Davis (20)

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Nicholas Davis
ย 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
ย 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support Systems
Nicholas Davis
ย 
Lecture blockchain
Lecture blockchainLecture blockchain
Lecture blockchain
Nicholas Davis
ย 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development Methodologies
Nicholas Davis
ย 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD Security
Nicholas Davis
ย 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
ย 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Nicholas Davis
ย 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things Overview
Nicholas Davis
ย 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
Nicholas Davis
ย 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
Nicholas Davis
ย 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team Project
Nicholas Davis
ย 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
Nicholas Davis
ย 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Nicholas Davis
ย 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
Nicholas Davis
ย 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing Education
Nicholas Davis
ย 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An Overview
Nicholas Davis
ย 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security Implications
Nicholas Davis
ย 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
Nicholas Davis
ย 
Information Security 365/765 Lecture 13 โ€“ Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 โ€“ Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 โ€“ Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 โ€“ Legal Regulations, Industry Compli...
Nicholas Davis
ย 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Nicholas Davis
ย 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
ย 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support Systems
Nicholas Davis
ย 
Lecture blockchain
Lecture blockchainLecture blockchain
Lecture blockchain
Nicholas Davis
ย 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development Methodologies
Nicholas Davis
ย 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD Security
Nicholas Davis
ย 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
ย 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Nicholas Davis
ย 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things Overview
Nicholas Davis
ย 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
Nicholas Davis
ย 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
Nicholas Davis
ย 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team Project
Nicholas Davis
ย 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
Nicholas Davis
ย 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Nicholas Davis
ย 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
Nicholas Davis
ย 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing Education
Nicholas Davis
ย 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An Overview
Nicholas Davis
ย 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security Implications
Nicholas Davis
ย 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
Nicholas Davis
ย 
Information Security 365/765 Lecture 13 โ€“ Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 โ€“ Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 โ€“ Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 โ€“ Legal Regulations, Industry Compli...
Nicholas Davis
ย 

Recently uploaded (20)

Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
ย 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
ย 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
ย 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
ย 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
ย 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
ย 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
ย 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
ย 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
ย 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
ย 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
ย 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
ย 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
ย 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
ย 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
ย 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
ย 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
ย 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
ย 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
ย 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
ย 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
ย 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
ย 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
ย 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
ย 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
ย 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
ย 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
ย 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
ย 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
ย 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
ย 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
ย 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
ย 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
ย 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
ย 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
ย 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
ย 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
ย 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
ย 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
ย 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
ย 

Network security, change control, outsourcing

  • 1. Information System 365/765 Lecture 12 Network Security, Change Control, Outsourcing
  • 2. Todayโ€™s Chocolate Bar Snickers โ€“ AGAIN! โ€ข In 1930, the Mars family introduced its second product, Snickers, named after one of their favorite horses โ€ข Snickers is the best selling chocolate bar of all time and has annual global sales of US$2 billion
  • 3. Nutty Cisco Video โ€ข Watch video โ€ข Think about what you would do to protect you server area, using your knowledge gained so far in the class โ€ข Split into groups of four, come up with a mini presentation โ€ข Talk to class for 3 minutes
  • 4. Network Security โ€ข Why didnโ€™t we talk about this on day one? โ€ข Bringing it all together โ€ข protect the network and the network-accessible resources from unauthorized access and consistent and continuous monitoring and measurement of its effectiveness
  • 5. Network Security vs. Computer Security โ€ข Securing network infrastructure is like securing possible entry points of attacks on a country by deploying appropriate defense. โ€ข Computer security is more like providing means to protect a single PC against outside intrusion.
  • 6. Network Security โ€ข Prevents users from ever being exposed to attacks โ€ข Protection of all entry points and shared resources โ€ข Printers, Network attached storage (NAS), Iphones, etc. โ€ข Attacks stop at entry points, BEFORE they spread
  • 7. Computer Security โ€ข Focused on an individual host โ€ข A computerโ€™s security is vulnerable to people who have higher access privileges than the protection mechanism. โ€ข While this is also true with Network Security, it is less likely.
  • 8. Attributes Of A Secure Network โ€ข Authentication โ€ข Authorization โ€ข Firewall โ€ข Intrusion Prevention System โ€ข Antivirus โ€ข Honeypots โ€ข Monitoring
  • 9. Authentication โ€ข Providing proof that you are who you claim to be
  • 10. Authorization โ€ข Determining the level of access that a given individual should have โ€ข Authorization is done after authentication
  • 11. Firewall โ€ข An integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. It is also a device or set of devices configured to permit, deny, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.
  • 12. Intrusion Prevention System โ€ข An intrusion prevention system is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities.
  • 13. Antivirus and Anti-Malware โ€ข Scans and cleanses data in storage and as it travels across the network, so end users are not exposed to this type of threat
  • 14. Honeypots โ€ข Essentially decoy network- accessible resources, could be deployed in a network as surveillance and early-warning tools.
  • 15. Security Management โ€ข Depends on environment โ€ข Small, medium and large businesses, educational institutions, government.
  • 16. Small Business โ€ข A basic firewall. โ€ข For Windows users, basic antivirus and anti-spyware/anti-malware software. โ€ข When using a wireless connection, use a robust password. โ€ข Use the strongest security supported by your wireless devices, such as WPA or WPA2.
  • 17. Medium Business โ€ข A strong firewall โ€ข Strong Antivirus software and Internet Security Software. โ€ข For authentication, use strong passwords and change it on a monthly basis. โ€ข When using a wireless connection, use a robust password. โ€ข Raise awareness about physical security to employees. โ€ข Use an optional network analyzer or network monitor.
  • 18. Large Business โ€ข A strong firewall and proxy to keep unwanted people out. โ€ข A strong Antivirus software package and Internet Security Software package. โ€ข For authentication, use strong passwords and change it on a weekly/bi-weekly basis. โ€ข When using a wireless connection, use a robust password. โ€ข Exercise physical security precautions to employees.
  • 19. Large Business โ€ข Prepare a network analyzer or network monitor and use it when needed. โ€ข Implement physical security management like closed circuit television for entry areas and restricted zones. โ€ข Security fencing to mark the company's perimeter. โ€ข Fire extinguishers for fire-sensitive areas like server rooms and security rooms. โ€ข Security guards can help to maximize security.
  • 20. Educational Institutions โ€ข An adjustable firewall โ€ข Strong Antivirus software and Internet Security Software packages. โ€ข Wireless connections that lead to firewalls. โ€ข Children's Internet Protection Act compliance. โ€ข Supervision of network to guarantee updates and changes based on popular site usage. โ€ข Constant supervision by teachers, librarians, and administrators to guarantee protection against attacks by both internet and sneakernet sources.
  • 21. Federal Government โ€ข A strong strong firewall and proxy to keep unwanted people out. โ€ข Strong Antivirus software and Internet Security Software suites. โ€ข Strong encryption, usually with a 256 bit key. โ€ข Whitelist authorized wireless connection, block all else. โ€ข All network hardware is in secure zones. โ€ข All host should be on a private network that is invisible from the outside. โ€ข Put all servers in a DMZ, or a firewall from the outside and from the inside. โ€ข Security fencing to mark perimeter and set wireless range to this.
  • 22. Change Control โ€ข A general term describing the procedures used to ensure that changes (normally, but not necessarily, to IT systems) are introduced in a controlled and coordinated manner
  • 23. Goals of Change Management โ€ข Minimal disruption to services โ€ข Reduction in back-out activities โ€ข Economic utilization of resources involved in implementing change โ€ข Ensure that a product, service or process is only modified in line with the identified necessary change
  • 24. Why Is Change Control Important In IS Security? โ€ข It is particularly related to software development because of the danger of unnecessary changes being introduced without forethought, introducing faults (bugs) into the system or undoing changes made by other users of the software. Later it became a fundamental process in quality control.
  • 25. The Change Control Process โ€ข Record / Classify โ€ข Assess โ€ข Plan โ€ข Build / Test โ€ข Implement โ€ข Close / Gain Acceptance.
  • 26. Record and Classify โ€ข A formal request is received for something to be changed, known as the "Change Initiation". โ€ข Someone then records and classifies or categorizes that request. Part of the classification would be to assign a Category to the change, i.e. is the change a "major business change", "normal business change" or "minor business change".
  • 27. Assigning a Priority โ€ข Emergency โ€ข Expedited โ€ข Normal
  • 28. Assessment โ€ข The impact assessor make their risk analysis typically by answering a set of questions concerning risk, both to the business and to the IT estate, and follow this by making a judgment on who or whom should carry out the change.
  • 29. Build and Test โ€ข Plan their change in detail, and also construct a regression plan, if it all goes wrong โ€ข The plan should be checked out by an independent reviewer โ€ข Build the solution, which will then be tested โ€ข Seek approval and maybe a review and request a time and date to carry out the implementation phase.
  • 30. Implementation โ€ข The Change Manager approves the change with an โ€œAuthority to Implementโ€ flag โ€ข The change can then be implemented but only at the time and date agreed โ€ข Following Implementation, it is usual to carry out a โ€œPost Implementation Reviewโ€ โ€ข When the client agrees all is OK, the change can be closed.
  • 31. Outsourcing Related Security Issues โ€ข Two main issues with collaborative design (outsourcing) revolve around TRUST: โ€“ Confidentiality (of product design data in storage or in transit) โ€“ Access Control (read, write, delete privileges) โ€ข Suppliers can be competitors, or have close relationships with competitors
  • 32. Potential Threats of Outsourcing โ€ข Theft of trade secrets, or intellectual property โ€ข Introduction of viruses/malware to the network โ€ข Lack of understanding of corporate systems could result in damage or data loss โ€ข Loss of control over sharing of sensitive data
  • 33. Potential Threats of Outsourcing โ€ข Spoofing: A competitor uses managerโ€™s or outsourcerโ€™s ID to gain access to valuable product data to use in their own designs โ€ข Tampering: Changing the product information in the database to ruin the final product design. Changing access controls allowing competing companies access to each otherโ€™s information โ€ข Repudiation: User goes in and performs a malicious act (submits false product data) and says that it was not him who did it
  • 34. Countermeasures โ€ข Electronic Vault โ€ข Engineering Change Control โ€ข Release-Management Process โ€ข Flexible Access Control โ€ข Data Set Access Control โ€ข Scheduled Access Control
  • 35. Electronic Vault โ€ข Keeps files in native form while still encrypting files โ€ข End-to-end security โ€“ Encryption โ€“ Access Control โ€ข Creates tamper-evident audit trails (any and all access to a document is logged)
  • 36. Electronic Vault Advantages ๏ฌ Document accuracy โ€“ Maintains print streams in native format โ€ข Document quality โ€“ Streams are compressed in electronic vault without loss of resolution โ€ข Flexibility โ€“ Easy to enhance, modify, combine, engineer streams
  • 37. Electronic Vault Advantages (cont.) ๏ฌSpeed โ€“ Loaded into vault with almost no disruption of operations ๏ฌLong-term viability โ€“ Since native format is allowed, electronic vault can be used in the future
  • 38. Engineering Change Control โ€ข Defines and controls the process of reviewing and approving changes to the product data โ€ข Prevents tampering with accountability factor โ€ข New version of data is released in database to allow for reversal if necessary
  • 39. Release-Management Process โ€ข Data released when approved โ€ข Access based on project, password, and other controls that user defines โ€ข Allows for auditing and tracking of information โ€ข Creates relationships among product data โ€ข Prevents information leaking of competing suppliers actions
  • 40. Flexible Access Control โ€ข Role-based โ€ข Allows for project to have users change groups and roles โ€ข Enables distributed design data access and sharing
  • 41. Scheduled Access Control โ€ข Schedule for suppliers to work on certain resources โ€ข Privileges granted at certain periods when they are needed in the design process โ€ข Revoked when not needed
  • 42. Data Set Access Control โ€ข Data are assigned roles โ€ข Different views of data based on how organizations and individuals behave in a task โ€ข Least Privilege Security Principle
  • 44. Security Principles Applied โ€ข Practice defense in depth โ€“ Role based access control, data based access control, electronic vault, release management โ€ข Follow the principle of least privilege โ€“ Access controls only allow privileges to those who need it
  • 45. Security Principles Applied (cont.) โ€ข Compartmentalize โ€“ Various versions of data. Information split up based on part of design for users who will need access to it โ€ข Promote privacy โ€“ Accountability so users will want to keep passwords and information secret โ€ข Be reluctant to trust โ€“ System is based on least privilege and does not disclose information until necessary