SlideShare a Scribd company logo

Security Policies and Implementation IssuesChapter 3U.S. Com.docx

Download as DOCX, PDF
J
jeffreye3

Security Policies and Implementation Issues Chapter 3 U.S. Compliance Laws and Information Security Policy Requirements © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Learning Objective Understand the relationship between regulatory compliance requirements and information system security policies. Define cyberterrorism and the nation-state threat Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 2 Key Concepts U.S. compliance laws and their importance Aligning security policies with regulations Industry self-regulation through leading practices Who is protected by regulations Benefits of using established security frameworks Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 3 Cyberterrorism and Nation-State Threats Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 4 Cyberterrorism: An attempt to cause fear or major disruptions in a society through computer hacking Attacks to government computers, major companies, or key areas of the economy Nation-states: Sovereign countries Attacks can come from terrorist groups, individuals, or nation-states Cyberterrorism often sponsored by nation-states Government Drivers for Regulations Three main drivers Consumer protection Stable economy Tax revenue Drivers are linked Concerned with economic benefits Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 5 Stable Economy Consumer Protection Tax Revenue Security Policy Competing Goals make money reduce threats protect public Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 6 Key Concepts Affecting Policies Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 7 Consumer Rights and Privacy General Data Privacy Public Interest Full Disclosure Limited Use of Data Informed Consent Opt-in/Opt-Out Examples of U.S. RegulationsRegulationApplies toRegulatesFederal Information Security Management Act (FISMA)Federal government Other organizations that process government dataInformation security for government agenciesHealth Insurance Portability and.

Education
1 of 28
Security Policies and Implementation Issues Chapter 3 U.S. Compliance Laws and Information Security Policy Requirements © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Learning Objective Understand the relationship between regulatory compliance requirements and information system security policies. Define cyberterrorism and the nation-state threat Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017
2 Key Concepts U.S. compliance laws and their importance Aligning security policies with regulations Industry self-regulation through leading practices Who is protected by regulations Benefits of using established security frameworks Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 3 Cyberterrorism and Nation-State Threats Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 4
Cyberterrorism: An attempt to cause fear or major disruptions in a society through computer hacking Attacks to government computers, major companies, or key areas of the economy Nation-states: Sovereign countries Attacks can come from terrorist groups, individuals, or nation- states Cyberterrorism often sponsored by nation-states Government Drivers for Regulations Three main drivers Consumer protection Stable economy Tax revenue Drivers are linked Concerned with economic benefits Page ‹#› Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 5 Stable Economy Consumer Protection Tax Revenue Security Policy Competing Goals make money reduce threats protect public Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
1/15/2017 6 Key Concepts Affecting Policies Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 7 Consumer Rights and Privacy General Data Privacy Public Interest Full Disclosure Limited Use of Data
Informed Consent Opt-in/Opt-Out Examples of U.S. RegulationsRegulationApplies toRegulatesFederal Information Security Management Act (FISMA)Federal government Other organizations that process government dataInformation security for government agenciesHealth Insurance Portability and Accountability Act (HIPAA)Health care providers Health plans Business associatesRegulates privacy of protected health information Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 8 Examples of U.S. RegulationsRegulationApplies
toRegulatesGramm-Leach- Bliley Act (GLBA)Banks Investment companies Other financial servicesCustomer data privacySarbanes-Oxley (SOX) ActPublic corporationsFinancial accuracy and public disclosure to investors Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 9 Examples of U.S. RegulationsRegulationApplies toRegulatesFamily Educational Rights and Privacy Act (FERPA)Educational institutionsPrivacy of student educational recordsChildren’s Internet Protection Act (CIPA)Schools and libraries that receive federal fundingAccess to sexually explicit material on computers Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 10
Regulations Protect Individuals Privacy Consumer rights Shareholders Investor trust promotes healthy economy Public Interest Obligation beyond self-interest Impact on industry or economy National Security Cyberterrorism threatens targeted company and country’s critical infrastructure Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 11 Align Security Policies with Regulations Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
1/15/2017 12 Map Business Processes to Security Policy Map Security Policy to Regulations Map Security Controls to Regulations Benefits of Using Established Security Frameworks Proven standards based on years of experience across multiple industries High-quality end product Evidence of proper risk management May suffice for compliance (e.g., COSO/COBIT for SOX) Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 13
Security Policies and Controls Mapping to Frameworks Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 14 Industry Self-Regulation Industries self-regulate to avoid government regulation Self-regulation is less costly and more flexible Industry standards may turn into Best practices Leading practices Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 15 Industry Self-Regulation Examples
PCI DSS Payment Card Industry Data Security Standards SSAE16 Statement on Standards for Attestation Engagements No. 16 (SSAE16) ITIL Information Technology Infrastructure Library Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 16 Roles and Responsibilities Government Agencies Regulate information handling at federal and state levels Privacy and/or Compliance Officer Determine requirements for inclusion in security policies. Auditors Review controls and measure compliance Regulators Enforce government regulations Page ‹#› Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 17 Summary Government drivers for regulations Aligning security policies with regulations Drivers behind industry self-regulation Best practices vs. leading practices Identifying who is protected by regulations Benefits of using established security frameworks Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 18 Security Policies and Implementation Issues Chapter 4 Business Challenges Within the Seven Domains of IT Responsibility © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company www.jblearning.com All rights reserved. Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 19 Learning Objective Analyze how security policies help mitigate risks and support business processes in various domains of a typical IT infrastructure. Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 20 Key Concepts Seven domains of a typical IT infrastructure Aligning security policies with business requirements Top business risks in each domain Common security controls for each domain
Mitigating risks within domains with security policies Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 21 Seven Domains of a Typical IT Infrastructure Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 22 Role of Security Policies Per Domain Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com
All rights reserved. 1/15/2017 23 User Workstation LAN WAN Remote Access How end users access information resources Management and security of computing devices used by end users Management and security of local area network infrastructure Management and security of Infrastructure controlling LAN to WAN communication
Security of data in the wide area network LAN-to-WAN How end users connect to the LAN System/Application Collecting, processing, and storing information Authorization and Access Control Determines who has access to what “Who” can be a user, a device, or a service Example: Role-Based Access Control (RBAC) Assign permissions to roles Assign individuals to roles Benefit: Reduces administrative overhead Improves compliance through reduced complexity Example: Attribute-Based Access Control (ABAC) Dynamic rather than static roles Roles expressed in business terms making them more
understandable Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 24 Role-Based Access Control Concept Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 25 Central Management System Enforces security policy through central management of controls and configuration
Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 26 Inventory Management Discovery (software, data) Patch Management Help Desk Log Management Security Management
Types of LANs: Flat vs. Segmented Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 27 Flat Segmented Uses network devices to restrict traffic No controls on network traffic All network traffic visible Less secure Adds more layers of security
Relies only on security of servers and workstations More secure Defense in depth LAN-to-WAN Topology with DMZ Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 28 Virtual Private Networks Types of WANs Public Internet Private WAN
VPNs provide encrypted tunnels through non-secure networks (e.g., Internet) Benefits Cheaper than private WANs Rapid deployment Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 29 Authentication Validation of credentials Something you know: User ID/password Something you have: Token (e.g., smartcard) Something you are: Biometrics Single-factor: 1 type of credential Two-factor: 2 different credentials Multi-factor: More than 1 type of credential Method must suit the business context Tokens + User ID/password to access Research & Development workstations User ID/password to access Web site Page ‹#›
Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 30 Basic Types of VPN Connectivity Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 31 Mitigate Risk Through Policy Each of the seven IT domains have different types of risks associated with them Policy can reduce or mitigate these risks Each policy must address as many risks in that domain as possible Policies may cross domains Page ‹#›
Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 32 Identify Business Risks Risks vary by industry and by organization Using business requirements, follow the data through the seven domains Map challenges and risks to domains Some challenges are common Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 33 Top Business Risks and MitigationsDomainChallengeMitigationUserGetting employees to comply with policiesTraining, enforcement, rewardWork- stationPreventing security breachesTechnical security controls and secure configurationsLANAvailability of the networkAcceptable use policies
Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 34 Top Business Risks and MitigationsDomainChallengeMitigationLAN-to-WANSecuring the DMZConfiguration, testing and monitoringWANReliable, fast, cost-effective, and secure access to the InternetConfiguration, technical security controls, roles and responsibilities Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 35 Top Business Risks and MitigationsDomainChallengeMitigationRemote AccessSecuring organization data on mobile devicesAddressing emerging technologies and personally owned devicesSystem/
ApplicationPreventing data breachesData loss prevention, regulation of data in storage and transit Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 36 Data Loss Protection Also called data leakage protection (DLP) Goal of DLP program is to prevent confidential information from leaving the organization accidentally or maliciously Layers of defense Inventory: Identification of data at rest Perimeter: Monitoring of data in motion Encryption: Encryption of data outside the network (e.g., mobile devices) Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
1/15/2017 37 Summary Role of each domain of a typical IT infrastructure Identification of business challenges and examples of common business challenges, risks and mitigations Mitigation of risk by policy, using domains Examples of domain security controls Rationale for organizing policies by domain Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 38 2 Factor Authentication (Okta) Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
Examples of Breaches http://www.informationisbeautiful.net/visualizations/worlds- biggest-data-breaches-hacks/ Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. HIPPA Policy Example https://docs.google.com/a/b- f.com/document/d/1DnpWjWeKMnMZfSG0tc6i5y1u- fWbOsXkA7_8sPBIeME/edit?usp=sharing Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. SOX project plan for SAP: Brown-Forman https://docs.google.com/a/b- f.com/presentation/d/1TKQlXPtCAakl0Dh-rruLaev8gfcb-
ShAciovtE0uI7k/edit?usp=sharing Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.

Recommended

Security Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docxSecurity Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docxjeffreye3
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Dr. Ahmed Al Zaidy
 
Security Policies and Implementation IssuesLecture 5How to D.docx
Security Policies and Implementation IssuesLecture 5How to D.docxSecurity Policies and Implementation IssuesLecture 5How to D.docx
Security Policies and Implementation IssuesLecture 5How to D.docxjeffreye3
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch07
Funsec3e ppt ch07Funsec3e ppt ch07
Funsec3e ppt ch07Skillspire LLC
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 

Recommended

Security Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docxSecurity Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docxjeffreye3
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Dr. Ahmed Al Zaidy
 
Security Policies and Implementation IssuesLecture 5How to D.docx
Security Policies and Implementation IssuesLecture 5How to D.docxSecurity Policies and Implementation IssuesLecture 5How to D.docx
Security Policies and Implementation IssuesLecture 5How to D.docxjeffreye3
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch07
Funsec3e ppt ch07Funsec3e ppt ch07
Funsec3e ppt ch07Skillspire LLC
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovEric Vanderburg
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationBradley Arant Boult Cummings LLP
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Enabling Big Data with IBM InfoSphere Optim
Enabling Big Data with IBM InfoSphere OptimEnabling Big Data with IBM InfoSphere Optim
Enabling Big Data with IBM InfoSphere OptimVineet
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
TechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinTechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinBrian D. Brown
 
CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ, Inc.
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
2019 11-13 how to comply with ccpa as part of a global privacy strategy
2019 11-13 how to comply with ccpa as part of a global privacy strategy2019 11-13 how to comply with ccpa as part of a global privacy strategy
2019 11-13 how to comply with ccpa as part of a global privacy strategyTrustArc
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor PrivacyRaymond Cunningham
 
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docxevonnehoggarth79783
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Dr. Ahmed Al Zaidy
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Dr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptxDr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptxMhndHTaani
 
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...IDERA Software
 
info-sys-security.pptx
info-sys-security.pptxinfo-sys-security.pptx
info-sys-security.pptxMhndHTaani
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03Skillspire LLC
 
Select 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docxSelect 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docxjeffreye3
 
Select 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docxSelect 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docxjeffreye3
 

More Related Content

Similar to Security Policies and Implementation IssuesChapter 3U.S. Com.docx

CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovEric Vanderburg
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Enabling Big Data with IBM InfoSphere Optim
Enabling Big Data with IBM InfoSphere OptimEnabling Big Data with IBM InfoSphere Optim
Enabling Big Data with IBM InfoSphere OptimVineet
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
TechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinTechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinBrian D. Brown
 
CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ, Inc.
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
2019 11-13 how to comply with ccpa as part of a global privacy strategy
2019 11-13 how to comply with ccpa as part of a global privacy strategy2019 11-13 how to comply with ccpa as part of a global privacy strategy
2019 11-13 how to comply with ccpa as part of a global privacy strategyTrustArc
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docxevonnehoggarth79783
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Dr. Ahmed Al Zaidy
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Dr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptxDr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptxMhndHTaani
 
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...IDERA Software
 
info-sys-security.pptx
info-sys-security.pptxinfo-sys-security.pptx
info-sys-security.pptxMhndHTaani
 

Similar to Security Policies and Implementation IssuesChapter 3U.S. Com.docx (20)

CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundation
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
Enabling Big Data with IBM InfoSphere Optim
Enabling Big Data with IBM InfoSphere OptimEnabling Big Data with IBM InfoSphere Optim
Enabling Big Data with IBM InfoSphere Optim
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
TechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinTechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedin
 
CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
2019 11-13 how to comply with ccpa as part of a global privacy strategy
2019 11-13 how to comply with ccpa as part of a global privacy strategy2019 11-13 how to comply with ccpa as part of a global privacy strategy
2019 11-13 how to comply with ccpa as part of a global privacy strategy
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Dr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptxDr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptx
 
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
 
info-sys-security.pptx
info-sys-security.pptxinfo-sys-security.pptx
info-sys-security.pptx
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03
 

More from jeffreye3

Select 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docxSelect 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docxjeffreye3
 
Select 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docxSelect 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docxjeffreye3
 
Select 1 alternative religion (e.g., Church of Scientology, Tr.docx
Select 1 alternative religion (e.g., Church of Scientology, Tr.docxSelect 1 alternative religion (e.g., Church of Scientology, Tr.docx
Select 1 alternative religion (e.g., Church of Scientology, Tr.docxjeffreye3
 
Select 1 existing or defunct magazine or newspaper, and research its.docx
Select 1 existing or defunct magazine or newspaper, and research its.docxSelect 1 existing or defunct magazine or newspaper, and research its.docx
Select 1 existing or defunct magazine or newspaper, and research its.docxjeffreye3
 
SeleccionarSelect the item that does not belong.¿Lógico o .docx
SeleccionarSelect the item that does not belong.¿Lógico o .docxSeleccionarSelect the item that does not belong.¿Lógico o .docx
SeleccionarSelect the item that does not belong.¿Lógico o .docxjeffreye3
 
SeleccionarSelecciona la respuesta que mejor completa cada oración.docx
SeleccionarSelecciona la respuesta que mejor completa cada oración.docxSeleccionarSelecciona la respuesta que mejor completa cada oración.docx
SeleccionarSelecciona la respuesta que mejor completa cada oración.docxjeffreye3
 
Segmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docxSegmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docxjeffreye3
 
Seeking your ability to think about criminalsocial issues .docx
Seeking your ability to think about criminalsocial issues .docxSeeking your ability to think about criminalsocial issues .docx
Seeking your ability to think about criminalsocial issues .docxjeffreye3
 
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docx
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docxSeeking help with week 4 UOP PSY525 team assignment.  Only one.docx
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docxjeffreye3
 
Seeking a minimin of one page with scholarly in-text references with.docx
Seeking a minimin of one page with scholarly in-text references with.docxSeeking a minimin of one page with scholarly in-text references with.docx
Seeking a minimin of one page with scholarly in-text references with.docxjeffreye3
 
Seeking a 500 word document that outlines(A) who most commonly .docx
Seeking a 500 word document that outlines(A) who most commonly .docxSeeking a 500 word document that outlines(A) who most commonly .docx
Seeking a 500 word document that outlines(A) who most commonly .docxjeffreye3
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxjeffreye3
 
seek limited’s group report &meetingiiTable of C.docx
seek limited’s group report &meetingiiTable of C.docxseek limited’s group report &meetingiiTable of C.docx
seek limited’s group report &meetingiiTable of C.docxjeffreye3
 
Seediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docxSeediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docxjeffreye3
 
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docx
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docxSEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docx
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docxjeffreye3
 
See ENF450 Search Strategies and the Student Resources links and sup.docx
See ENF450 Search Strategies and the Student Resources links and sup.docxSee ENF450 Search Strategies and the Student Resources links and sup.docx
See ENF450 Search Strategies and the Student Resources links and sup.docxjeffreye3
 
Seed TagsCollect a variety of seed tags. Take photos of the .docx
Seed TagsCollect a variety of seed tags. Take photos of the .docxSeed TagsCollect a variety of seed tags. Take photos of the .docx
Seed TagsCollect a variety of seed tags. Take photos of the .docxjeffreye3
 
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docx
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docxsee videohttpsyoutu.be-O5gsF5oylsconsider how hist.docx
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docxjeffreye3
 
See Topic on the project 1 paperTarget- Casemanager and care.docx
See Topic on the project 1 paperTarget- Casemanager and care.docxSee Topic on the project 1 paperTarget- Casemanager and care.docx
See Topic on the project 1 paperTarget- Casemanager and care.docxjeffreye3
 
See attachments for information.Looking for assistance on an assig.docx
See attachments for information.Looking for assistance on an assig.docxSee attachments for information.Looking for assistance on an assig.docx
See attachments for information.Looking for assistance on an assig.docxjeffreye3
 

More from jeffreye3 (20)

Select 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docxSelect 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docx
 
Select 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docxSelect 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docx
 
Select 1 alternative religion (e.g., Church of Scientology, Tr.docx
Select 1 alternative religion (e.g., Church of Scientology, Tr.docxSelect 1 alternative religion (e.g., Church of Scientology, Tr.docx
Select 1 alternative religion (e.g., Church of Scientology, Tr.docx
 
Select 1 existing or defunct magazine or newspaper, and research its.docx
Select 1 existing or defunct magazine or newspaper, and research its.docxSelect 1 existing or defunct magazine or newspaper, and research its.docx
Select 1 existing or defunct magazine or newspaper, and research its.docx
 
SeleccionarSelect the item that does not belong.¿Lógico o .docx
SeleccionarSelect the item that does not belong.¿Lógico o .docxSeleccionarSelect the item that does not belong.¿Lógico o .docx
SeleccionarSelect the item that does not belong.¿Lógico o .docx
 
SeleccionarSelecciona la respuesta que mejor completa cada oración.docx
SeleccionarSelecciona la respuesta que mejor completa cada oración.docxSeleccionarSelecciona la respuesta que mejor completa cada oración.docx
SeleccionarSelecciona la respuesta que mejor completa cada oración.docx
 
Segmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docxSegmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docx
 
Seeking your ability to think about criminalsocial issues .docx
Seeking your ability to think about criminalsocial issues .docxSeeking your ability to think about criminalsocial issues .docx
Seeking your ability to think about criminalsocial issues .docx
 
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docx
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docxSeeking help with week 4 UOP PSY525 team assignment.  Only one.docx
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docx
 
Seeking a minimin of one page with scholarly in-text references with.docx
Seeking a minimin of one page with scholarly in-text references with.docxSeeking a minimin of one page with scholarly in-text references with.docx
Seeking a minimin of one page with scholarly in-text references with.docx
 
Seeking a 500 word document that outlines(A) who most commonly .docx
Seeking a 500 word document that outlines(A) who most commonly .docxSeeking a 500 word document that outlines(A) who most commonly .docx
Seeking a 500 word document that outlines(A) who most commonly .docx
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
 
seek limited’s group report &meetingiiTable of C.docx
seek limited’s group report &meetingiiTable of C.docxseek limited’s group report &meetingiiTable of C.docx
seek limited’s group report &meetingiiTable of C.docx
 
Seediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docxSeediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docx
 
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docx
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docxSEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docx
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docx
 
See ENF450 Search Strategies and the Student Resources links and sup.docx
See ENF450 Search Strategies and the Student Resources links and sup.docxSee ENF450 Search Strategies and the Student Resources links and sup.docx
See ENF450 Search Strategies and the Student Resources links and sup.docx
 
Seed TagsCollect a variety of seed tags. Take photos of the .docx
Seed TagsCollect a variety of seed tags. Take photos of the .docxSeed TagsCollect a variety of seed tags. Take photos of the .docx
Seed TagsCollect a variety of seed tags. Take photos of the .docx
 
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docx
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docxsee videohttpsyoutu.be-O5gsF5oylsconsider how hist.docx
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docx
 
See Topic on the project 1 paperTarget- Casemanager and care.docx
See Topic on the project 1 paperTarget- Casemanager and care.docxSee Topic on the project 1 paperTarget- Casemanager and care.docx
See Topic on the project 1 paperTarget- Casemanager and care.docx
 
See attachments for information.Looking for assistance on an assig.docx
See attachments for information.Looking for assistance on an assig.docxSee attachments for information.Looking for assistance on an assig.docx
See attachments for information.Looking for assistance on an assig.docx
 

Recently uploaded

Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 

Recently uploaded (20)

Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 

Security Policies and Implementation IssuesChapter 3U.S. Com.docx

  • 1. Security Policies and Implementation Issues Chapter 3 U.S. Compliance Laws and Information Security Policy Requirements © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Learning Objective Understand the relationship between regulatory compliance requirements and information system security policies. Define cyberterrorism and the nation-state threat Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017
  • 2. 2 Key Concepts U.S. compliance laws and their importance Aligning security policies with regulations Industry self-regulation through leading practices Who is protected by regulations Benefits of using established security frameworks Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 3 Cyberterrorism and Nation-State Threats Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 4
  • 3. Cyberterrorism: An attempt to cause fear or major disruptions in a society through computer hacking Attacks to government computers, major companies, or key areas of the economy Nation-states: Sovereign countries Attacks can come from terrorist groups, individuals, or nation- states Cyberterrorism often sponsored by nation-states Government Drivers for Regulations Three main drivers Consumer protection Stable economy Tax revenue Drivers are linked Concerned with economic benefits Page ‹#› Security Policies and Implementation Issues
  • 4. © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 5 Stable Economy Consumer Protection Tax Revenue Security Policy Competing Goals make money reduce threats protect public Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 5. 1/15/2017 6 Key Concepts Affecting Policies Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 7 Consumer Rights and Privacy General Data Privacy Public Interest Full Disclosure Limited Use of Data
  • 6. Informed Consent Opt-in/Opt-Out Examples of U.S. RegulationsRegulationApplies toRegulatesFederal Information Security Management Act (FISMA)Federal government Other organizations that process government dataInformation security for government agenciesHealth Insurance Portability and Accountability Act (HIPAA)Health care providers Health plans Business associatesRegulates privacy of protected health information Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 8 Examples of U.S. RegulationsRegulationApplies
  • 7. toRegulatesGramm-Leach- Bliley Act (GLBA)Banks Investment companies Other financial servicesCustomer data privacySarbanes-Oxley (SOX) ActPublic corporationsFinancial accuracy and public disclosure to investors Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 9 Examples of U.S. RegulationsRegulationApplies toRegulatesFamily Educational Rights and Privacy Act (FERPA)Educational institutionsPrivacy of student educational recordsChildren’s Internet Protection Act (CIPA)Schools and libraries that receive federal fundingAccess to sexually explicit material on computers Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 10
  • 8. Regulations Protect Individuals Privacy Consumer rights Shareholders Investor trust promotes healthy economy Public Interest Obligation beyond self-interest Impact on industry or economy National Security Cyberterrorism threatens targeted company and country’s critical infrastructure Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 11 Align Security Policies with Regulations Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 9. 1/15/2017 12 Map Business Processes to Security Policy Map Security Policy to Regulations Map Security Controls to Regulations Benefits of Using Established Security Frameworks Proven standards based on years of experience across multiple industries High-quality end product Evidence of proper risk management May suffice for compliance (e.g., COSO/COBIT for SOX) Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 13
  • 10. Security Policies and Controls Mapping to Frameworks Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 14 Industry Self-Regulation Industries self-regulate to avoid government regulation Self-regulation is less costly and more flexible Industry standards may turn into Best practices Leading practices Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 15 Industry Self-Regulation Examples
  • 11. PCI DSS Payment Card Industry Data Security Standards SSAE16 Statement on Standards for Attestation Engagements No. 16 (SSAE16) ITIL Information Technology Infrastructure Library Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 16 Roles and Responsibilities Government Agencies Regulate information handling at federal and state levels Privacy and/or Compliance Officer Determine requirements for inclusion in security policies. Auditors Review controls and measure compliance Regulators Enforce government regulations Page ‹#› Security Policies and Implementation Issues
  • 12. © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 17 Summary Government drivers for regulations Aligning security policies with regulations Drivers behind industry self-regulation Best practices vs. leading practices Identifying who is protected by regulations Benefits of using established security frameworks Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 18 Security Policies and Implementation Issues Chapter 4 Business Challenges Within the Seven Domains of IT Responsibility © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
  • 13. Company www.jblearning.com All rights reserved. Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 19 Learning Objective Analyze how security policies help mitigate risks and support business processes in various domains of a typical IT infrastructure. Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 20 Key Concepts Seven domains of a typical IT infrastructure Aligning security policies with business requirements Top business risks in each domain Common security controls for each domain
  • 14. Mitigating risks within domains with security policies Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 21 Seven Domains of a Typical IT Infrastructure Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 22 Role of Security Policies Per Domain Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com
  • 15. All rights reserved. 1/15/2017 23 User Workstation LAN WAN Remote Access How end users access information resources Management and security of computing devices used by end users Management and security of local area network infrastructure Management and security of Infrastructure controlling LAN to WAN communication
  • 16. Security of data in the wide area network LAN-to-WAN How end users connect to the LAN System/Application Collecting, processing, and storing information Authorization and Access Control Determines who has access to what “Who” can be a user, a device, or a service Example: Role-Based Access Control (RBAC) Assign permissions to roles Assign individuals to roles Benefit: Reduces administrative overhead Improves compliance through reduced complexity Example: Attribute-Based Access Control (ABAC) Dynamic rather than static roles Roles expressed in business terms making them more
  • 17. understandable Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 24 Role-Based Access Control Concept Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 25 Central Management System Enforces security policy through central management of controls and configuration
  • 18. Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 26 Inventory Management Discovery (software, data) Patch Management Help Desk Log Management Security Management
  • 19. Types of LANs: Flat vs. Segmented Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 27 Flat Segmented Uses network devices to restrict traffic No controls on network traffic All network traffic visible Less secure Adds more layers of security
  • 20. Relies only on security of servers and workstations More secure Defense in depth LAN-to-WAN Topology with DMZ Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 28 Virtual Private Networks Types of WANs Public Internet Private WAN
  • 21. VPNs provide encrypted tunnels through non-secure networks (e.g., Internet) Benefits Cheaper than private WANs Rapid deployment Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 29 Authentication Validation of credentials Something you know: User ID/password Something you have: Token (e.g., smartcard) Something you are: Biometrics Single-factor: 1 type of credential Two-factor: 2 different credentials Multi-factor: More than 1 type of credential Method must suit the business context Tokens + User ID/password to access Research & Development workstations User ID/password to access Web site Page ‹#›
  • 22. Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 30 Basic Types of VPN Connectivity Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 31 Mitigate Risk Through Policy Each of the seven IT domains have different types of risks associated with them Policy can reduce or mitigate these risks Each policy must address as many risks in that domain as possible Policies may cross domains Page ‹#›
  • 23. Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 32 Identify Business Risks Risks vary by industry and by organization Using business requirements, follow the data through the seven domains Map challenges and risks to domains Some challenges are common Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 33 Top Business Risks and MitigationsDomainChallengeMitigationUserGetting employees to comply with policiesTraining, enforcement, rewardWork- stationPreventing security breachesTechnical security controls and secure configurationsLANAvailability of the networkAcceptable use policies
  • 24. Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 34 Top Business Risks and MitigationsDomainChallengeMitigationLAN-to-WANSecuring the DMZConfiguration, testing and monitoringWANReliable, fast, cost-effective, and secure access to the InternetConfiguration, technical security controls, roles and responsibilities Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 35 Top Business Risks and MitigationsDomainChallengeMitigationRemote AccessSecuring organization data on mobile devicesAddressing emerging technologies and personally owned devicesSystem/
  • 25. ApplicationPreventing data breachesData loss prevention, regulation of data in storage and transit Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 36 Data Loss Protection Also called data leakage protection (DLP) Goal of DLP program is to prevent confidential information from leaving the organization accidentally or maliciously Layers of defense Inventory: Identification of data at rest Perimeter: Monitoring of data in motion Encryption: Encryption of data outside the network (e.g., mobile devices) Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 26. 1/15/2017 37 Summary Role of each domain of a typical IT infrastructure Identification of business challenges and examples of common business challenges, risks and mitigations Mitigation of risk by policy, using domains Examples of domain security controls Rationale for organizing policies by domain Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1/15/2017 38 2 Factor Authentication (Okta) Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 27. Examples of Breaches http://www.informationisbeautiful.net/visualizations/worlds- biggest-data-breaches-hacks/ Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. HIPPA Policy Example https://docs.google.com/a/b- f.com/document/d/1DnpWjWeKMnMZfSG0tc6i5y1u- fWbOsXkA7_8sPBIeME/edit?usp=sharing Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. SOX project plan for SAP: Brown-Forman https://docs.google.com/a/b- f.com/presentation/d/1TKQlXPtCAakl0Dh-rruLaev8gfcb-
  • 28. ShAciovtE0uI7k/edit?usp=sharing Page ‹#› Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.