Your SlideShare is downloading. ×
0
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ferraz Itp368 Optmizing Information Security

479

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
479
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transcript

    • 1. Optimizing Information Security IS 301
    • 2. Mark Ferraz <ul><ul><li>SolutionsMark </li></ul></ul><ul><ul><li>Houston, TX </li></ul></ul><ul><ul><li>www.solutionsmark.com mark@solutionsmark.com </li></ul></ul><ul><ul><li>President, SolutionsMark. Mark is an Senior Information Architect and Developer specializing in Information Management, Collaboration Tools, and Knowledge Management systems for medium to large enterprises. Mark has over ten years of experience designing, managing, and implementing complex technology projects involving application implementation, supporting infrastructure, custom development, and integration. Most recently Mark has been working with the team at Chevron as the Technical Development Lead for one of the largest SharePoint deployments to date. </li></ul></ul>
    • 3. Tom Wisnowski <ul><ul><li>Microsoft </li></ul></ul><ul><ul><li>Phoenix, AR </li></ul></ul><ul><ul><li>www.microsoft.com [email_address] </li></ul></ul><ul><ul><li>Tom Wisnowski is a senior consultant with Microsoft Consulting Services specializing in Enterprise Architecture and Strategy, Information Worker Solutions, BI and analysis solutions, Enterprise Application Integration and Custom Application Development. Tom has utilized his range of expertise on numerous enterprise engagements during his 10 year career in IT and continues to play pivotal roles in solution delivery including architect, strategist, team lead and technology specialist. Tom is a Microsoft Certified Solution Developer, Microsoft Certified System Engineer, Microsoft Certified Database Administrator and holds a Bachelor&apos;s degree in computer science. </li></ul></ul>
    • 4. Session Discussion <ul><li>What is Information Security </li></ul><ul><li>Clarity on how information security relates to SharePoint implementation </li></ul><ul><li>Direction when and what elements of SharePoint help you Secure information appropriately </li></ul><ul><li>Confidence to direct and implement SharePoint Security </li></ul>
    • 5. *
    • 6. &nbsp;
    • 7. Confidentiality <ul><li>Value </li></ul><ul><li>Industrially sensitive </li></ul><ul><li>Proprietary </li></ul><ul><li>Concerns matter of security </li></ul><ul><li>Risk </li></ul><ul><li>Private </li></ul><ul><li>Shared with the expectation of privacy or confidentiality </li></ul>Losing Control of Information can be disastrous! The information must be managed and secured commensurate to its Risk and Value. *
    • 8. Information Classification <ul><li>Schema </li></ul><ul><li>Public </li></ul><ul><li>Internal </li></ul><ul><li>Confidential </li></ul><ul><li>Secret </li></ul><ul><ul><li>Considerations </li></ul></ul><ul><ul><li>Storage </li></ul></ul><ul><ul><li>Transmission </li></ul></ul><ul><ul><li>Disposal </li></ul></ul>Definition here
    • 9. Information Classification <ul><li>All information has an owner </li></ul><ul><li>All information is classified as confidential by default </li></ul><ul><li>Owner Responsibilities: </li></ul><ul><ul><li>Updating the classification </li></ul></ul><ul><ul><li>Declaring who is allowed access to the information </li></ul></ul><ul><ul><li>Securing the information, or for seeing that it is properly secured by the administrator </li></ul></ul>
    • 10. Best Practices <ul><li>Design </li></ul><ul><ul><li>Look to existing standards within your organization or the marketplace </li></ul></ul><ul><ul><li>Keep it simple (classification and implementation) </li></ul></ul><ul><li>Implementation </li></ul><ul><ul><li>Use site content types and site columns at the root of each site collection to implement information classification </li></ul></ul><ul><ul><li>Could be duplicated automatically using features </li></ul></ul>
    • 11. Content Type
    • 12. Site Column
    • 13. User Created Library
    • 14. <ul><li>Information Classification in Action </li></ul>
    • 15. &nbsp;
    • 16. Integrity <ul><li>Proper information integrity involves ensuring that data cannot be added, deleted, or changed without proper authorization. </li></ul><ul><li>The enforcement of integrity within information systems is generally provided via access control and permissions. </li></ul>
    • 17. SharePoint Groups vs Active Directory Groups The Million Dollar Question
    • 18. SharePoint Groups vs Active Directory Groups <ul><li>SharePoint Groups </li></ul><ul><li>Native to SharePoint and setup within a site </li></ul><ul><li>Membership can be displayed and/or managed </li></ul><ul><li>Will not scale across site collections </li></ul><ul><li>Active Directory Groups </li></ul><ul><li>Provide additional manageability and scalability </li></ul><ul><li>Membership cannot be displayed and/or managed </li></ul><ul><li>Restricts specific functionality </li></ul>IT DEPENDS
    • 19. SharePoint Groups
    • 20. Default Groups
    • 21. Web Application Policy
    • 22. Common Audience / Usage Combinations Usage Audience Security Team Collaboration Workspaces Member Equal viewers/contributors SharePoint Groups Publishing Site Wide Many viewers, few contributors Active Directory Groups Records Center Managed Controlled, role-specific access Both
    • 23. Inheritance
    • 24. Inheritance Web Application Http://&lt;web-application.fabrikam.com/ Web Application Security Policy Site Collection / -or- /&lt;Site Collection&gt;/ Top Site Security Permissions Sub-Site /&lt;Sub Site&gt; Sub Site Security Permissions
    • 25. Best Practices <ul><li>Select your security approach based on: </li></ul><ul><ul><li>Audience </li></ul></ul><ul><ul><li>Usage </li></ul></ul><ul><li>Use SharePoint Groups to control member/contributor access when ever possible </li></ul><ul><li>Avoid break inheritance </li></ul><ul><li>Use web application policy where appropriate </li></ul>
    • 26. &nbsp;
    • 27. Authenticity <ul><li>Validity of user activity and information in the system is critical to ensuring authenticity. </li></ul><ul><li>Includes all information and communications into and out of the system, including both process and user identification. </li></ul><ul><li>Options are configured at the Farm and Web Application Level </li></ul>
    • 28. Best Practices <ul><li>Use separate service accounts for each service/application pool </li></ul><ul><li>Separate dedicated clearing house for external data </li></ul><ul><li>Use Windows Integrated Authentication for internal users and services </li></ul>
    • 29. &nbsp;
    • 30. Thank you for attending! Please be sure to fill out your session evaluation!
    • 31. Thank you for attending! Please be sure to fill out your session evaluation! <ul><li>Post conference DVD with all slide decks </li></ul>Sponsored by

    ×