• Like
Ferraz Itp368 Optmizing Information Security
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Ferraz Itp368 Optmizing Information Security



Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Optimizing Information Security IS 301
  • 2. Mark Ferraz
      • SolutionsMark
      • Houston, TX
      • www.solutionsmark.com mark@solutionsmark.com
      • President, SolutionsMark. Mark is an Senior Information Architect and Developer specializing in Information Management, Collaboration Tools, and Knowledge Management systems for medium to large enterprises. Mark has over ten years of experience designing, managing, and implementing complex technology projects involving application implementation, supporting infrastructure, custom development, and integration. Most recently Mark has been working with the team at Chevron as the Technical Development Lead for one of the largest SharePoint deployments to date.
  • 3. Tom Wisnowski
      • Microsoft
      • Phoenix, AR
      • www.microsoft.com [email_address]
      • Tom Wisnowski is a senior consultant with Microsoft Consulting Services specializing in Enterprise Architecture and Strategy, Information Worker Solutions, BI and analysis solutions, Enterprise Application Integration and Custom Application Development. Tom has utilized his range of expertise on numerous enterprise engagements during his 10 year career in IT and continues to play pivotal roles in solution delivery including architect, strategist, team lead and technology specialist. Tom is a Microsoft Certified Solution Developer, Microsoft Certified System Engineer, Microsoft Certified Database Administrator and holds a Bachelor's degree in computer science.
  • 4. Session Discussion
    • What is Information Security
    • Clarity on how information security relates to SharePoint implementation
    • Direction when and what elements of SharePoint help you Secure information appropriately
    • Confidence to direct and implement SharePoint Security
  • 5. *
  • 6.  
  • 7. Confidentiality
    • Value
    • Industrially sensitive
    • Proprietary
    • Concerns matter of security
    • Risk
    • Private
    • Shared with the expectation of privacy or confidentiality
    Losing Control of Information can be disastrous! The information must be managed and secured commensurate to its Risk and Value. *
  • 8. Information Classification
    • Schema
    • Public
    • Internal
    • Confidential
    • Secret
      • Considerations
      • Storage
      • Transmission
      • Disposal
    Definition here
  • 9. Information Classification
    • All information has an owner
    • All information is classified as confidential by default
    • Owner Responsibilities:
      • Updating the classification
      • Declaring who is allowed access to the information
      • Securing the information, or for seeing that it is properly secured by the administrator
  • 10. Best Practices
    • Design
      • Look to existing standards within your organization or the marketplace
      • Keep it simple (classification and implementation)
    • Implementation
      • Use site content types and site columns at the root of each site collection to implement information classification
      • Could be duplicated automatically using features
  • 11. Content Type
  • 12. Site Column
  • 13. User Created Library
  • 14.
    • Information Classification in Action
  • 15.  
  • 16. Integrity
    • Proper information integrity involves ensuring that data cannot be added, deleted, or changed without proper authorization.
    • The enforcement of integrity within information systems is generally provided via access control and permissions.
  • 17. SharePoint Groups vs Active Directory Groups The Million Dollar Question
  • 18. SharePoint Groups vs Active Directory Groups
    • SharePoint Groups
    • Native to SharePoint and setup within a site
    • Membership can be displayed and/or managed
    • Will not scale across site collections
    • Active Directory Groups
    • Provide additional manageability and scalability
    • Membership cannot be displayed and/or managed
    • Restricts specific functionality
  • 19. SharePoint Groups
  • 20. Default Groups
  • 21. Web Application Policy
  • 22. Common Audience / Usage Combinations Usage Audience Security Team Collaboration Workspaces Member Equal viewers/contributors SharePoint Groups Publishing Site Wide Many viewers, few contributors Active Directory Groups Records Center Managed Controlled, role-specific access Both
  • 23. Inheritance
  • 24. Inheritance Web Application Http://<web-application.fabrikam.com/ Web Application Security Policy Site Collection / -or- /<Site Collection>/ Top Site Security Permissions Sub-Site /<Sub Site> Sub Site Security Permissions
  • 25. Best Practices
    • Select your security approach based on:
      • Audience
      • Usage
    • Use SharePoint Groups to control member/contributor access when ever possible
    • Avoid break inheritance
    • Use web application policy where appropriate
  • 26.  
  • 27. Authenticity
    • Validity of user activity and information in the system is critical to ensuring authenticity.
    • Includes all information and communications into and out of the system, including both process and user identification.
    • Options are configured at the Farm and Web Application Level
  • 28. Best Practices
    • Use separate service accounts for each service/application pool
    • Separate dedicated clearing house for external data
    • Use Windows Integrated Authentication for internal users and services
  • 29.  
  • 30. Thank you for attending! Please be sure to fill out your session evaluation!
  • 31. Thank you for attending! Please be sure to fill out your session evaluation!
    • Post conference DVD with all slide decks
    Sponsored by