information security domains computer operations security by: shafi alassmi instructor: francis g....
TRANSCRIPT
![Page 1: Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010](https://reader036.vdocument.in/reader036/viewer/2022062618/5513d34c55034679748b4ddc/html5/thumbnails/1.jpg)
Information Security DomainsComputer Operations Security
By: Shafi AlassmiInstructor: Francis G.Date: Sep 22, 2010
![Page 2: Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010](https://reader036.vdocument.in/reader036/viewer/2022062618/5513d34c55034679748b4ddc/html5/thumbnails/2.jpg)
IntroductionEasy to define but hard to masterCovers everything that can go wrong while computers are runningIt mainly examines the following controls:OperatorsHardwareMediaWho should be involved with computer operations security?Every person interact with the system internally or externallyEvery technology that is part of the system
![Page 3: Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010](https://reader036.vdocument.in/reader036/viewer/2022062618/5513d34c55034679748b4ddc/html5/thumbnails/3.jpg)
How to plan?The plan should be derived by asking right questions such as:How many security events were identified?How to control access privileges?
Plan should show the ROI by asking the right questions such as:What will be the losses if not implemented.How much will it cost?
![Page 4: Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010](https://reader036.vdocument.in/reader036/viewer/2022062618/5513d34c55034679748b4ddc/html5/thumbnails/4.jpg)
Critical O. S. ControlsOperation controls focus on the following aspects:Resources protection
Accountability, violation processing and user access authorities
Access-Privileges Hardware, storage, I/O operations and activity logs
Change Management Scheduling, applying, implementing and reporting
Hardware
![Page 5: Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010](https://reader036.vdocument.in/reader036/viewer/2022062618/5513d34c55034679748b4ddc/html5/thumbnails/5.jpg)
Resource ProtectionSecurely guard the organization’sComputing resources
Loss Compromise Communication
Balance of the security implementation depends on:Value of informationBusiness need for the informationBenefits are:Decrease possibility of damage to dataLimit disclosure and misuse of data
![Page 6: Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010](https://reader036.vdocument.in/reader036/viewer/2022062618/5513d34c55034679748b4ddc/html5/thumbnails/6.jpg)
Resource ProtectionAccess given to individual usersAt a specific timeTrack access logPractices to enhance accountability and authority can be via:Users understanding the importance of passwordsUsers understanding the privacy regulations and its importance to avoid legal issuesPlans for management changes must be in place
![Page 7: Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010](https://reader036.vdocument.in/reader036/viewer/2022062618/5513d34c55034679748b4ddc/html5/thumbnails/7.jpg)
Access PrivilegesHardware accessIsolation between unrelated storagesEnables controlling unauthorized accessI/O operations and devicesShould be verified before execution of privilege programActivity logsAuditing
![Page 8: Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010](https://reader036.vdocument.in/reader036/viewer/2022062618/5513d34c55034679748b4ddc/html5/thumbnails/8.jpg)
Change ManagementManaging change steps:Introduce changeChange logScheduling changeImplementing changeReporting changeWhy following those steps?Reduce the impact of change on services
![Page 9: Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010](https://reader036.vdocument.in/reader036/viewer/2022062618/5513d34c55034679748b4ddc/html5/thumbnails/9.jpg)
HardwareHardware access is via operating system software.Physical security of hardwareStorage Unauthorized access