Threats to the System<br />
Threats to the System<br /><ul><li>It is the system administrator’s responsibility to ensure that a system operates smooth...
An administrator must regularly monitor systems and correct any problems that may arise, and also maintain these systems t...
The main areas that a system administrator is responsible for are users, hardware, software, server operating systems and ...
Threats to the System<br /><ul><li>The user is the most important aspect of a system administrator’s daily work.
The administrator is dedicated to looking after one or more systems.
Each system will have a number of users who access it daily.
For the most part, their day-to-day use of the system will run smoothly.
There will be instances, however, where the system administrator’s help may be required.</li></li></ul><li>Threats to the ...
A help desk may have been established to field telephone queries and attempt to solve them before they reach the system ad...
This allows the system administrator to shift their focus from customer service to maintenance and monitoring.</li></li></...
Threats to the System<br /><ul><li>There is a wide range of computer hardware that a system administrator may be asked to ...
Most organisations will have different types of PC workstations and servers, but it is not unusually to find an organisati...
Threats to the System<br /><ul><li>Most organizations store their business data on computer systems.
Much of this data is both confidential and valuable.
System security ensures that the data is not damaged, modified or disclosed to unauthorized people.</li></li></ul><li>Thre...
Damage to the data itself, such as system malfunction or virus infection
Unauthorised users breaking into the system
Legitimate users operating beyond their authorised boundaries within the system</li></li></ul><li>Threats to the System<br...
At the higher security levels, many operating systems are able to support advanced features such as data encryption.
A more basic level of security may simply require user authentication using a username and password.</li></li></ul><li>Thr...
Files system access control (file permissions)
Files system usage control (disk quotas)
Device access control
Network access control</li></li></ul><li>Threats to the System<br />Establishing Organisational Security Requirements<br />
Threats to the System<br />To determine the basic security requires of an organisation, the following issues need to be co...
How can the organisation educate users on good security practise?
Does the organisation have an effective system backup and storage plan?
Is system security regularly monitored and maintained?</li></li></ul><li>Threats to the System<br />What needs to be prote...
Threats to the System<br /><ul><li>It will be necessary to work closely with the management and staff to determine the dat...
Program code
Customer information
Operations information (job-tracking database)</li></li></ul><li>Threats to the System<br /><ul><li>A level of importance,...
Any resources that might be required during implementation (such as tape drives, security consultants) should also be outl...
Upcoming SlideShare
Loading in …5
×

Threats To The System

6,602 views

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,602
On SlideShare
0
From Embeds
0
Number of Embeds
47
Actions
Shares
0
Downloads
65
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Threats To The System

  1. 1. Threats to the System<br />
  2. 2. Threats to the System<br /><ul><li>It is the system administrator’s responsibility to ensure that a system operates smoothly and efficiently.
  3. 3. An administrator must regularly monitor systems and correct any problems that may arise, and also maintain these systems to ensure that each user can access the most up-to-date software on a daily basis.
  4. 4. The main areas that a system administrator is responsible for are users, hardware, software, server operating systems and network administration.</li></li></ul><li>Threats to the System<br />Users<br />
  5. 5. Threats to the System<br /><ul><li>The user is the most important aspect of a system administrator’s daily work.
  6. 6. The administrator is dedicated to looking after one or more systems.
  7. 7. Each system will have a number of users who access it daily.
  8. 8. For the most part, their day-to-day use of the system will run smoothly.
  9. 9. There will be instances, however, where the system administrator’s help may be required.</li></li></ul><li>Threats to the System<br /><ul><li>Depending on the size of the organisation, the system administrator might not communicate with users directly.
  10. 10. A help desk may have been established to field telephone queries and attempt to solve them before they reach the system administrator.
  11. 11. This allows the system administrator to shift their focus from customer service to maintenance and monitoring.</li></li></ul><li>Threats to the System<br /><ul><li>The users of a system are not always people with little or no technical knowledge - some require access to certain areas of the system.</li></li></ul><li>Threats to the System<br />Hardware<br />
  12. 12. Threats to the System<br /><ul><li>There is a wide range of computer hardware that a system administrator may be asked to look after.
  13. 13. Most organisations will have different types of PC workstations and servers, but it is not unusually to find an organisation that has a policy of buying servers and workstations from a single manufacturer.</li></li></ul><li>Threats to the System<br /><ul><li>If a system requires an upgrade, or a new system is to be purchased, the system administrator will need to work with the hardware reseller to determine the correct hardware configuration for the job.</li></li></ul><li>Threats to the System<br />What is System Security<br />
  14. 14. Threats to the System<br /><ul><li>Most organizations store their business data on computer systems.
  15. 15. Much of this data is both confidential and valuable.
  16. 16. System security ensures that the data is not damaged, modified or disclosed to unauthorized people.</li></li></ul><li>Threats to the System<br />Data can be inadvertently damaged, modified or disclosed through:<br /><ul><li>Physical damage to the computer system, such as that caused by fire or flood
  17. 17. Damage to the data itself, such as system malfunction or virus infection
  18. 18. Unauthorised users breaking into the system
  19. 19. Legitimate users operating beyond their authorised boundaries within the system</li></li></ul><li>Threats to the System<br /><ul><li>Different operating systems offer different facilities for securing the system.
  20. 20. At the higher security levels, many operating systems are able to support advanced features such as data encryption.
  21. 21. A more basic level of security may simply require user authentication using a username and password.</li></li></ul><li>Threats to the System<br /><ul><li>The level of security implemented on any system is largely going to depend on the sensitivity and importance of data stored on that system.</li></li></ul><li>Threats to the System<br />To offer a basic level of operating system security, these facilities are required:<br /><ul><li>User level authentication (usernames and passwords)
  22. 22. Files system access control (file permissions)
  23. 23. Files system usage control (disk quotas)
  24. 24. Device access control
  25. 25. Network access control</li></li></ul><li>Threats to the System<br />Establishing Organisational Security Requirements<br />
  26. 26. Threats to the System<br />To determine the basic security requires of an organisation, the following issues need to be considered:<br /><ul><li>What needs to be protected?
  27. 27. How can the organisation educate users on good security practise?
  28. 28. Does the organisation have an effective system backup and storage plan?
  29. 29. Is system security regularly monitored and maintained?</li></li></ul><li>Threats to the System<br />What needs to be protected?<br />
  30. 30. Threats to the System<br /><ul><li>It will be necessary to work closely with the management and staff to determine the data on the system that can be considered irreplaceable, or could result in a significant loss of income or business if lost. </li></li></ul><li>Threats to the System<br />Examples of important data could include:<br /><ul><li>Accounts information
  31. 31. Program code
  32. 32. Customer information
  33. 33. Operations information (job-tracking database)</li></li></ul><li>Threats to the System<br /><ul><li>A level of importance, based on this information should be recommended to management.
  34. 34. Any resources that might be required during implementation (such as tape drives, security consultants) should also be outlined.</li></li></ul><li>Threats to the System<br />User Education<br />
  35. 35. Threats to the System<br /><ul><li>Even the most rigid security system can be laid to waste if users keep their passwords written on post-it notes attached to their workstation monitors.
  36. 36. This kind of security flaw is common in many organisations and should be considered the first order of business when designing computer security policies.</li></li></ul><li>Threats to the System<br /><ul><li>To keep track of security and user education, organise a contact for users who think a security breach has occurred.
  37. 37. While most reports are false alarms, it is still important to ensure the user is satisfied that security is a going concern.
  38. 38. Keeping a record of these reports will also enable a system administrator to determine just how effective security and user education is within an organisation.</li></li></ul><li>Threats to the System<br />Delivery of this education can be done in a number of different ways:<br /><ul><li>Regular workshops
  39. 39. Newsletters
  40. 40. Intranet websites
  41. 41. One-on-one tutorials</li></li></ul><li>Threats to the System<br /><ul><li>Intranet websites have become popular as a means of user education in medium to large organisations.
  42. 42. They are cheap and easy to set up, and the software infrastructure already exists within most of the modern server operating systems.</li></li></ul><li>Threats to the System<br />System Backups<br />
  43. 43. Threats to the System<br /><ul><li>Full system backups need to be regularly performed and then stored off site.
  44. 44. In the event of a major disaster (fire, flood, earthquake), the system can be reconstructed with new hardware.
  45. 45. When choosing an offsite location, ensure that physical security is adequate.
  46. 46. It may be easier to steal the system backup tapes from that location than to attempt to access the system directly.</li></li></ul><li>Threats to the System<br />Monitoring Security<br />
  47. 47. Threats to the System<br /><ul><li>To maintain system security, it is necessary to monitor it closely to ensure that the right people are accessing the right resources.
  48. 48. The integrity of the operating system must also be maintained.
  49. 49. This can be a difficult process if the system administrator is not an expert in computer security.</li></li></ul><li>Threats to the System<br />There are two ways in which the system administrator can monitor security:<br />Keeping up to date with all the operating system updates and being aware of what services those updates affect.<br />Subscribing to a security advisory organisation such as AusCERT (www.auscert.org.au), an organisation dedicated to informing system administrators of vulnerable points in the security of their systems<br />
  50. 50. Threats to the System<br />User Productive and Security<br />
  51. 51. Threats to the System<br /><ul><li>Heaving security can impose a burden on users.
  52. 52. People are becoming accustomed to accessing computer systems with ease.
  53. 53. If you must impose heavy restrictions, be prepared to explain why.
  54. 54. The best approach is to try to create a culture of security awareness, where users know the risks of unsafe practices.</li></li></ul><li>Threats to the System<br /><ul><li>In responding positively, they will police the system themselves because they appreciate its value to them.</li>

×