Download - Week 13 – Advanced Topics on Security
![Page 1: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/1.jpg)
Week13–AdvancedTopicsonSecurity
26/11/2015 1COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 2: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/2.jpg)
ITServiceDelivery
26/11/2015 2COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 3: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/3.jpg)
ITILProcess
26/11/2015 3
http://www.mitsm.de/itil-wiki/process-descriptions-english/main-page
COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 4: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/4.jpg)
SecurityOperations
26/11/2015 75COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 5: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/5.jpg)
OperationsSecurityOperationsSecurityisusedtoidentifythecontrolsoverhardware,media,andtheoperatorswithaccessprivilegestoanyoftheseresources.
Auditandmonitoringisthemechanisms,tools andfacilitiesthatpermitstheidentificationofsecurityeventsforreportingtoappropriateparties. (ISC2 StudyGuide)
26/11/2015 76COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 6: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/6.jpg)
ITDepartmentOrganization
26/11/2015 77COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 7: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/7.jpg)
ITDepartmentOrganization
Programmer
Analyst/Programmer
System Analyst
IT Development Manager
Systems Programmer
Technical Manager
Operator
Shift Supervisor Production Support
IT Operations Manager
Chief Information Officer
26/11/2015 78COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 8: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/8.jpg)
OrganizationofComputerOperations1. ITOperationsManagement
2. Input/outputcontrol
3. Dataentry
4. Computeroperations
5. Productioncontrolandscheduling
6. Librarymanagementandchangemanagement
26/11/2015 79COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 9: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/9.jpg)
1.ITOperationsManagementITOperationsManagementhastheoverallresponsibilityfordevelopingcomputeroperationsstandardsandprocedures forefficientandeffective operations
ITManagementisalsoresponsible forensuringthattherearesufficientITresources tomeetthecurrentandfuturebusinessneeds
26/11/2015 80COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 10: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/10.jpg)
1.ITOperationsManagementMeanstomanageandcontrolIToperations◦ Recruitsufficientcomputeroperators◦ Organizecommunicationbetweenshifts◦ Provideoperationsdocumentationtosupportcomputeroperations◦ Setupprocessingchecklistsandpriorities
26/11/2015 81COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 11: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/11.jpg)
1.ITOperationsManagement◦ Obtainandreview:◦ Hardwareandsoftwareproblemreport◦ Statisticsofscheduledandunscheduledsystemdowntime
◦ Re-runjobsandthereasons◦ CPUutilization◦ Computerstorageutilization◦ SLAachievement
26/11/2015 82COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 12: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/12.jpg)
2.Input/Output ControlDataInputControl◦ Receivesourcedocumentsforbatchdataentry◦ Authenticatethesourcedocuments◦ Usebatchandcontroltotalstoensureallsourcedocumentsareprocessed◦ Inputthedatainatimelymanner
26/11/2015 83COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 13: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/13.jpg)
2.Input/Output ControlDataOutputControl◦ Outputisproducedintheproperformatanddistributedtotheappropriateusersinasecuremanner
◦ Controlofproductionreportdistribution◦ Predefinedreportrecipients◦ Checkcompletenessbeforedistribution◦ Recipientcheckallreportsreceived
26/11/2015 84COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 14: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/14.jpg)
2.Input/Output Control◦ Restrictaccesstospooledreportstoprevent
◦ Compromiseconfidentiality◦ Unauthorizedreportdeletion
◦ Computergenerationofnegotiableinstruments◦ Sequencecontrol◦ Detectionofmissingofnegotiableinstruments
◦ Inventoryofsensitive andcriticalstationaries◦ Keepinasecurelocation◦ Properlyrecorded◦ Stocktakingonaregularbasis
26/11/2015 85COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 15: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/15.jpg)
3.DataEntryEnterdatabyusingdataentrydevicetocreatedatafileforsubsequentprocessing
Keyverificationisacommoncontroltechniqueforverifyingtheaccuracyofinputteddata
Sufficientaudittrailforcheckingwhenrequired
26/11/2015 86COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 16: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/16.jpg)
4.ComputerOperationsCarryoutad-hocandscheduledcomputerjobs
Guidedbyoperationprocedurestoensurecomputeroperationsarecarriedinaefficientandeffectivemanner
Exampleofoperationprocedures◦ Systemstartupandshutdownprocedures◦ Errorhandlingprocedures◦ Databackupandrestoreprocedures
26/11/2015 87COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 17: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/17.jpg)
4.ComputerOperationsOperationtasks◦ Restartandshutdowncomputers◦ Runningandmonitoringcomputerjobs◦ Reportprinting◦ Backup/restoreofsystemanddatafiles◦ Housekeeping◦ Controlaccesstothedataprocessingcentreandcomputingfacilities◦ Participateindisasterrecoverytesting
26/11/2015 88COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 18: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/18.jpg)
4.ComputerOperations◦ Maintainregistersandoperationalstatistics formeasuringSLAachievement◦ Reportequipmentfailuresandoperatingerrors◦ Ensureanadequatesupplyofcomputerconsumables
26/11/2015 89COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 19: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/19.jpg)
5.ProductionControlandSchedulingSchedulecomputerjobsprocessingsequence, forbothad-hocandroutinejobs
Definetheconditionsforstarting/re-startingajob
Definejobdependencies
Ensurealljobsarecompletelyprocessed
Manualprocessingofscheduled joborusingjobschedulingsoftware
26/11/2015 90COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 20: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/20.jpg)
5.ProductionControlandSchedulingManual◦ Relyonoperatortorunajob◦ Usejobprocessingchecklistforcontrollingjobprocessing◦ Manualjobmonitoringandlogging◦ Jobprocessingrecordsreviewbysupervisortoensurecomputerjobsareaccuratelyandcompletelyprocess
◦ Effectiveforsimplebatchjobs
26/11/2015 91COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 21: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/21.jpg)
5.ProductionControlandScheduling◦ Automatic(JobScheduling Software)◦ Automaticprocessingofbatchjobs◦ Setuponce◦ Controljobdependence◦ Errordetectionandlogging
26/11/2015 92COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 22: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/22.jpg)
6.LibraryManagementandChangeManagementManagecomputertapes/cartridgesmovement◦ Recordingofreceiving,lending,removingofcomputertapes/cartridges◦ Regularstocktakingtodetectmissingofcomputertapes/cartridges◦ Properaudittrailofcomputertapes/cartridgesmovement
26/11/2015 93COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 23: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/23.jpg)
6.LibraryManagementandChangeManagementManageproductionsoftwareinventory◦ Softwareversioncontrol◦ Jobcontrollanguageandprocessingparametercontrol◦ Computersourceandobjectcontrol(e.g.synchronization)◦ Loggingofaddition,deletion andupdatingofsoftwareinventory
26/11/2015 94COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 24: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/24.jpg)
OperationsAdministration
26/11/2015 95COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 25: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/25.jpg)
OperationsAdministration1. Backgroundchecking
2. Segregationofduties
3. JobRotation
4. Leastprivilege
5. Needtoknow
26/11/2015 96COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 26: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/26.jpg)
1.BackgroundCheckVerificationchecksbeforeemployinganoperationsstafffor◦ HKID◦ Availabilityofsatisfactorycharacterreferences◦ Checkingoftheapplicant’scurriculumvitae◦ Confirmationofclaimedacademicandprofessionalqualifications
26/11/2015 97COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 27: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/27.jpg)
2.SegregationofDutiesEnsurecriticalstagesofaprocessarenotunderthecontrolofasingleindividual
Errorsandirregularitiesperformedbyoneusercanbedetectedbyanotheruser
Potentialdamagecanbeminimized
26/11/2015 98COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 28: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/28.jpg)
2.SegregationofDutiesAppropriatesegregationofdutiesbetween◦ Users◦ ITdevelopers◦ Datacenterstaff
Achievedby◦ Policies◦ Procedures◦ Organizationstructure
Sothatnooneindividualcanperformunauthorizedactivities
26/11/2015 99COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 29: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/29.jpg)
2.SegregationofDutiesIncomputeroperations,thefollowingdutiescanbedefined◦ ProductionControl◦ DataEntry◦ Librarian◦ Operator◦ SystemProgrammer
26/11/2015 100COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 30: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/30.jpg)
2.SegregationofDutiesInsoftwareprogramming,thefollowingfunctiongroupscanbedefined◦ SystemAnalyst◦ Programmer◦ DatabaseAdministrator◦ SecurityOfficer◦ QualityAssurance
26/11/2015 101COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 31: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/31.jpg)
2.SegregationofDuties
System Analyst IT Developer Data Entry Computer Operator LibrarianSystem Analyst X XIT Developer X X XData Entry X XComputer Operator X X XLibrarian X X
X means imcompatible duties
26/11/2015 102COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 32: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/32.jpg)
3.JobRotationAdetectivecontrol
Requireoperationsstafftorotatetheirjobdutiesonaregularbasisforallowinganotherstafftodetectanomalies
Havinghumanresourcespolicytorequireoperationsstafftotakeannualleaveforatleast2consecutiveweeks
26/11/2015 103COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 33: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/33.jpg)
4.LeastPrivilegePreventivecontrol
Onlytheminimumaccessprivilegeisgrantedtoperformatask
Purposeofleastprivilegeistoensurethatataskcanonlybeperformedbyauthorizeduser
Forexample◦ “SuperUser”privilegeisnotgrantedtoOperationsstaff
26/11/2015 104COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 34: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/34.jpg)
5.NeedToKnowPreventivecontrol
Onlythoseuserswhoneedtoperformataskisprovidedwiththeinformationandknowledgeforprocessingthetask
Thiscanbeachievedbyrestrictinguserstoaccessoperationsmanual,systemdocuments,etc.
Reducetheriskofunauthorisedsystemaccess
26/11/2015 105COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 35: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/35.jpg)
OperationsControlsChangecontrols
Problemmanagement
Capacitymanagement
Documentcontrols
Mediahandling
Operationsacceptancetest
Audittrails
Viruscontrols
26/11/2015 106COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 36: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/36.jpg)
Physical(Environmental)Security
26/11/2015 115COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 37: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/37.jpg)
PhysicalSecurityPhysicalfacilityisthebuildingorvehiclehousingthesystemandnetworkcomponents
Thephysicalcharacteristicsofthesestructuresandvehiclesdeterminethelevelofphysicalthreatssuchasfireandunauthorisedaccess
Thefacility’sgeographiclocationdeterminethecharacteristicsofnaturalthreatssuchasearthquakes andflooding
26/11/2015 116COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 38: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/38.jpg)
PhysicalSecurity
26/11/2015 117
NaturalEnvironmental
Threats
Floods,fire,earthquake…
SupplySystemThreats
Poweroutages,communicationinterruptions,…
ManmadeThreats
Explosions,disgruntledemployees,fraud,…
PoliticallyMotivatedThreats
Strikes,riots,civildisobedience,…
COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 39: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/39.jpg)
PhysicalSecurityElementforPhysicalSecurityMeasures
Determent◦ Convincepeoplenottoattack
Detection◦ Alarms,guards,andothermeansofdetectingattacks
Delay◦ Elementsthatslowdownanattacker,e.g. locks&safes
Response◦ Guardsoracalltothepolice
26/11/2015 118COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 40: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/40.jpg)
PhysicalSecurity- ControlsAdministrativecontrols◦ facilityselection,facilityconstructionandmanagement,personnelcontrol,evacuationprocedure,systemshutdownprocedure, firesuppressionprocedure,handlingproceduresforotherexceptionssuchashardwarefailure,bombthreats,etc.
Physicalcontrols◦ facilityconstructionmaterial,keyandlock,accesscardandreader,fence,lighting,etc.
Technicalcontrols◦ physicalaccesscontrolandmonitoring system,intrusiondetectionandalarmsystem,firedetectionandsuppressionsystem,uninterruptedpowersupply,heating/ventilation/airconditioningsystem(HVAC),diskmirroring,databackup,etc.
26/11/2015 119COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 41: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/41.jpg)
SecurityConsiderations0fPhysicalSecurity◦ Whatarethesecurityconsiderationsinprotecting theequipmentwhentheygointothecloud?
◦ AccessControl◦ Whohaveaccesstotheserversandstoragedevices?
◦ AgainstHazards◦ Fireandsmokesensors◦ Fireextinguishers◦ Watersensorandraisedfloors◦ UPS
◦ AgainstAttacks◦ Fastrecoveryatabackupsite
◦ RetiringDevices◦ Defineretirementprocessoffailedorusedstoragedevices
26/11/2015 120COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 42: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/42.jpg)
SecurityConsiderations0fPhysicalSecurity - AccessControlAccessControlandAuditing◦ Lockandkey◦ Accesscardandreader◦ Fence◦ Lighting◦ DoorwayandMan-trap
AccessMonitoringandIntrusionDetection◦ Patrolforce/securityguard◦ Technicalaccessmonitoringcontrols◦ AlarmSystem
26/11/2015 121COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 43: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/43.jpg)
PhysicalAccessSecurityAccesscontrolfacility◦ Fence,GateandTurnstile◦ Mantrap◦ Lighting◦ CCTV◦ Guards
26/11/2015 139COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 44: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/44.jpg)
Fence,GateandTurnstileFenceandgate◦ Marktheboundaryofafacilityfordeterringunauthorizedaccess◦ Mustbetallenoughforstoppingadetermined intruder
Turnstileisarevolvinggatethatrestrictthenumberofuserstoenterorleaveafacilityatatimeforpedestrian trafficcontrol
26/11/2015 140COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 45: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/45.jpg)
MantrapMantrapconsistsofasetofdoubledoorswhereoneofthedoorscanbeopenedatatimeforaccesscontrol
Foradditionalsecurity,personenteringandleavingafacilitycanbemonitoredandcontrolledbyaguard
26/11/2015 141COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 46: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/46.jpg)
LightingOneofthemostbasic(andcheapest) componentsofasecuritysystem
Carefullydesignedandcoordinatedinteriorandexteriorlightingsystemscanexertasignificantdeterrenteffect
26/11/2015 142COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 47: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/47.jpg)
ClosedCircuitTelevision(CCTV)
Forpreventinganddetectingofabnormalevents
LocateCCTVinstrategicpointssuchas:◦ EntriestoDataCentre◦ Unmannedmachinerooms
Liveevents shouldberecordedandretainedforfutureanalysisand/orprosecution
26/11/2015 143COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 48: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/48.jpg)
GuardsGoodforcontrollingphysicalaccessandperimeter security,e.g.registervisitors,escortingvisitors
Willbemoreeffective ifsupplementedbylockeddoorsandCCTV
Goodforsituation(e.g.duringemergency)whichrequiremakingimmediatelyjudgmentsanddecisions
Guardsmustbetrainedsothattheycanperformtheirworkeffectively
26/11/2015 144COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 49: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/49.jpg)
AccessControlSystemTherearethreetypesofuserauthenticationmethodsforcontrollinguseraccess:◦ Somethinganindividualknows(e.g.password)◦ somethinganindividualpossesses (e.g.smartcard)◦ somethinganindividualhas(e.g.fingerprint)
Thesemethodscanbeusedaloneorincombination
26/11/2015 145COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 50: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/50.jpg)
ProgrammableLockProgrammablelockrequireusertoenterapatternofdigits(lockcombination)onthenumerickeypadfordeterminingwhetheraccessisallowed
Programmablelockcanbemechanicallyorelectronicallybased
Suitableforareaswithlowaccesssecuritycontrolsaspasswordcanbeobtainedbyobservinganauthorised userenteringthelockcombination
26/11/2015 146COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 51: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/51.jpg)
MemoryCardMemorycardstore,butnotprocessinformation
Memorycardissignificantlymoresecurethanpassword,especiallyifmemorycardmustbepresented forenteringandleavingthecontrolledareas
Moreadministrativeoverhead formanagingthememorycards,e.g.lostcardshandling
26/11/2015 147COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 52: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/52.jpg)
BiometricsSystemsBiometricssystemidentifypeoplebyauniquehumancharacteristicssuchassizeandshapeofahand,fingerprint,voice,iris,etc.
BenefitsofBiometrics foraccesscontrol◦ Moresecureassharing/stealing ofaccesscardiseliminated◦ Administrativetimeforhandlinglostcardisreduce◦ Convenience
26/11/2015 148COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 53: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/53.jpg)
SecurityAccessControlHandGeometryReader
26/11/2015 151COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 54: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/54.jpg)
NetworkOperationCentreClosed-circuitTVSurveillanceSystem(CCTV)
26/11/2015 152COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 55: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/55.jpg)
SecurityOperationCenter
26/11/2015 153COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 56: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/56.jpg)
ComputerRoomAirConditioningCRAC
26/11/2015 154
Configuredwithafail-safeback-upsystemandwithtemperatureandhumiditycontrol
COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 57: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/57.jpg)
UninterruptiblePowerSupply(UPS)
26/11/2015 155COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 58: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/58.jpg)
FM200FireSuppressionSystemandPre-ActionSprinklerSystem
26/11/2015 156COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 59: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/59.jpg)
Cages,RacksandCabinets
26/11/2015 157COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 60: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/60.jpg)
CloudComputing
26/11/2015 158COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 61: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/61.jpg)
GridComputingGridcomputingisthefederationofcomputerresources frommultiplelocationstoreachacommongoal.
Thegridcanbethoughtofasadistributedsystemwithnon-interactiveworkloadsthatinvolvealargenumberoffiles.
USThastwosupercomputerduring1994- 1996
26/11/2015 159COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 62: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/62.jpg)
Top500Supercomputersites
26/11/2015 160COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 63: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/63.jpg)
WhatisCloudComputing?
26/11/2015 161COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 64: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/64.jpg)
LargeScaleCloudComputing
26/11/2015 162COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 65: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/65.jpg)
3ServiceModelsofCloudComputing
SaaS (Software-as-a-Service)◦ Theconsumerusestheprovider’sapplicationsonacloudinfrastructure◦ E.g.GoogleApps,Salesforce
PaaS(Platform-as-a-Service)◦ Theconsumerdeployconsumer-createdoracquiredapplicationsontothecloudinfrastructure◦ E.g.WindowsAzure,GoogleAppEngine
IaaS (Infrastructure-as-a-Service)◦ Theconsumerprovisionprocessing,storage,networks,andotherfundamentalcomputingresources◦ E.g.AmazonEC2,GoGrid
26/11/2015 163COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 66: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/66.jpg)
5EssentialCharacteristicsofCloudComputing
Broadnetworkaccess◦ Ubiquitous– canbeaccessedeverywhere
Rapidelasticity◦ Highlyscalable,evenappearedas“unlimited”totheusers
Measuredservice◦ Payperuse(“Taxi”metaphor)
On-demandself-services◦ Userscanrequest theserviceautomaticallywithouthumaninteractionwiththeserviceprovider
Resourcespooling◦ Sharedresourcepool,userhasnocontrolovertheexactlocationoftheprovidedresources
26/11/2015 164COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 67: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/67.jpg)
TerminologyofcloudcomputingPublicCloud◦ Thecloudinfrastructureisownedbyanorganizationsellingcloudservices
PrivateCloud◦ Thecloudinfrastructureisoperatedsolelyforasingleorganization
CommunityCloud◦ Thecloudinfrastructureissharedbyseveralorganizationshavingsimilarrequirements
HybridCloud◦ Thecloudinfrastructureisacompositionoftwoormoreclouds(private,community,orpublic)
26/11/2015 165COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 68: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/68.jpg)
Amazon
26/11/2015 166COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 69: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/69.jpg)
WindowsAzure
26/11/2015 167COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 70: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/70.jpg)
CloudrelatedthreatsIsolationrisk
De-perimeterization
Roles&responsibilities issues
26/11/2015 COPYRIGHT©RICCIIEONGFORUSTTRAINING2015 168
![Page 71: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/71.jpg)
De-perimeterizationForresterResearchproposedZero-Trustarchitecture◦ Nodefaulttrustforanyentityincludingusers,devices,applicationsandpackets
◦ Keeptheconceptofprotectingcompartmentalizedifferentsegments tothenetwork
VLAN(VirtualLocalAreaNetwork)canbeusedforsegmentthenetworkbutcannotenforcethecontrolbasedonthreatsordetectedprivilegedinformation
26/11/2015 COPYRIGHT©RICCIIEONGFORUSTTRAINING2015 169
![Page 72: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/72.jpg)
CloudSecurity
26/11/2015 170COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 73: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/73.jpg)
Finalwords
26/11/2015 COPYRIGHT©RICCIIEONGFORUSTTRAINING2015 171
![Page 74: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/74.jpg)
WhatelseyouhavetolearnITILProcess◦ OperationSecurity◦ ChangeManagement◦ ProblemManagement◦ CapacityManagement◦ …
SecureApplicationProgrammingPractices
ITSecurityPoliciesandSecurityManagement
PhysicalSecurity
26/11/2015 COPYRIGHT©RICCIIEONGFORUSTTRAINING2015 172
![Page 75: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/75.jpg)
Whatyoucanlearnfromexam?…
26/11/2015 COPYRIGHT©RICCIIEONGFORUSTTRAINING2015 173
![Page 76: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/76.jpg)
PrepareforFutureHottopicsinITSecurityField◦ IdentityManagement◦ OnlineFraudDetection◦ MobileandCloudSecurityArchitectureDesign◦ CloudSecurityimplementation◦ SoftwareDefinedNetwork◦ ApplicationSecurity◦ IoT Security
26/11/2015 174COPYRIGHT©RICCIIEONGFORUSTTRAINING2015
![Page 77: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/77.jpg)
PrepareforCertificateISC2◦ CISSP◦ SSCP◦ CSSLP◦ CCSP◦ CCFP
CSA◦ CCSK
ISACA◦ CISA◦ CSX
EC-Council◦ CEH
SANS◦ GCFA◦ GCFE◦ GREM◦ GWAPT◦ …
26/11/2015 COPYRIGHT©RICCIIEONGFORUSTTRAINING2015 175
![Page 78: Week 13 – Advanced Topics on Security](https://reader030.vdocument.in/reader030/viewer/2022013022/61d18c8fa7f50f21f80ff772/html5/thumbnails/78.jpg)
SecurityrelatedworkinHKindustry
• Security Administrator
• Security Assessor/ Security Auditor
• Security Applications Developer
• Security Architect
Design Implementation
OperationsReview
26/11/2015 176COPYRIGHT©RICCIIEONGFORUSTTRAINING2015