ferraz itp368 optmizing information security
TRANSCRIPT
Optimizing Information Security
IS 301
Mark FerrazSolutionsMark
Houston, TX
www.solutionsmark.com [email protected]
President, SolutionsMark. Mark is an Senior Information Architect and Developer specializing in Information Management, Collaboration Tools, and Knowledge Management systems for medium to large enterprises. Mark has over ten years of experience designing, managing, and implementing complex technology projects involving application implementation, supporting infrastructure, custom development, and integration. Most recently Mark has been working with the team at Chevron as the Technical Development Lead for one of the largest SharePoint deployments to date.
Tom WisnowskiMicrosoft
Phoenix, AR
www.microsoft.com [email protected]
Tom Wisnowski is a senior consultant with Microsoft Consulting Services specializing in Enterprise Architecture and Strategy, Information Worker Solutions, BI and analysis solutions, Enterprise Application Integration and Custom Application Development. Tom has utilized his range of expertise on numerous enterprise engagements during his 10 year career in IT and continues to play pivotal roles in solution delivery including architect, strategist, team lead and technology specialist. Tom is a Microsoft Certified Solution Developer, Microsoft Certified System Engineer, Microsoft Certified Database Administrator and holds a Bachelor's degree in computer science.
Session DiscussionSession Discussion
What is Information Security
Clarity on how information security relates to SharePoint implementation
Direction when and what elements of SharePoint help you Secure information appropriately
Confidence to direct and implement SharePoint Security
*
ConfidentialityConfidentiality
Value
Industrially sensitive
Proprietary
Concerns matter of security
Risk
Private
Shared with the expectation of privacy or confidentiality
Losing Control of Information can be disastrous!
The information must be managed and secured commensurate to its Risk and Value.
*
Information Classification
Schema
2. Public
3. Internal
4. Confidential
5. Secret
Considerations Storage Transmission Disposal
D e f in it io n h e r e
Information ClassificationInformation Classification
All information has an owner
All information is classified as confidential by default
Owner Responsibilities: Updating the classification Declaring who is allowed access to the information Securing the information, or for seeing that it is properly
secured by the administrator
Best Practices Best Practices
Design Look to existing standards within your organization or the marketplace
Keep it simple (classification and implementation)
Implementation Use site content types and site columns at the root of each site
collection to implement information classification
Could be duplicated automatically using features
Content TypeContent Type
Site ColumnSite Column
UserUserCreated Created LibraryLibrary
Information Information Classification in ActionClassification in Action
IntegrityIntegrity
Proper information integrity involves ensuring that data cannot be added, deleted, or changed without proper authorization.
The enforcement of integrity within information systems is generally provided via access control and permissions.
SharePoint GroupsSharePoint Groups vs vs
Active Directory GroupsActive Directory Groups
The Million Dollar Question The Million Dollar Question
SharePoint Groups vs Active Directory GroupsSharePoint Groups vs Active Directory Groups
SharePoint Groups
Native to SharePoint and setup within a site
Membership can be displayed and/or managed
Will not scale across site collections
Active Directory Groups
Provide additional manageability and scalability
Membership cannot be displayed and/or managed
Restricts specific functionality
IT DEPENDS
SharePoint GroupsSharePoint Groups
Default GroupsDefault Groups
Web Application Policy Web Application Policy
Common Audience / Usage CombinationsCommon Audience / Usage Combinations
Usage Audience Security
Team Collaboration
Workspaces
Member
Equal viewers/contributorsSharePoint Groups
Publishing SiteWide
Many viewers, few contributorsActive Directory Groups
Records CenterManaged
Controlled, role-specific accessBoth
InheritanceInheritance
InheritanceInheritance
We b Ap p lic a t io n We b Ap p lic a t io n
://< -H t t p w e b://< -H t t p w e b. .a p p lic a t io n f a b r ik a m c o. .a p p lic a t io n f a b r ik a m c o
/m /mWeb Application Security PolicyWeb Application Security Policy
S it e C o lle c t io n S it e C o lle c t io n
/ - - /< >/o r S it e C o lle c t io n/ - - /< >/o r S it e C o lle c t io nTop Site Security PermissionsTop Site Security Permissions
-S u b S it e-S u b S it e
/< >S u b S it e/< >S u b S it eSub Site Security PermissionsSub Site Security Permissions
Best PracticesBest Practices
Select your security approach based on: Audience Usage
Use SharePoint Groups to control member/contributor access when ever possible
Avoid break inheritance Use web application policy where appropriate
AuthenticityAuthenticity
Validity of user activity and information in the system is critical to ensuring authenticity.
Includes all information and communications into and out of the system, including both process and user identification.
Options are configured at the Farm and Web Application Level
Best PracticesBest Practices
Use separate service accounts for each service/application pool
Separate dedicated clearing house for external data
Use Windows Integrated Authentication for internal users and services
Thank you for attending!Thank you for attending!
Please be sure to fill out your session evaluation!
Thank you for attending!Thank you for attending!Please be sure to fill out your session Please be sure to fill out your session
evaluation!evaluation!
Post conference DVD with all slide decks
Sponsored bySponsored by