it securiy
TRANSCRIPT
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 1/32
ITINFRASTRUCTURE
SECURITY
SachinHarsh
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 2/32
1.TRANSITIONHEADLINE
Let’sthe
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 3/32
AGENDAIT Infrasstructure in CBS
Security rinci!"eSecurity C#ntr#"s
$ysica" Security
L#%ica" Security
Net&#r' Security
Ne(t Generati#n De)icesE C$anne"s
Ris' Assess*ent
+eti%atin% Ris's
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 4/32
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 5/32
IT INFRASTRUCTURE CBS
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 6/32
Physical Security
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 7/32
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 8/32
BIG CONCETBrin the attention o yo!r a!dience o"er a #eyconce$t !sin icons or ill!strations
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 9/32
,$iteIs the color o %il# and
resh snow& the color$rod!ced 'y theco%'ination o all thecolors o the "isi'les$ectr!%(
YOU CAN ALSO SLIT YOUR CONTENT
B"ac' Is the color o coal&
e'ony& and o o!ters$ace( It is the dar#estcolor& the res!lt o thea'sence o or co%$letea'sor$tion o liht(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 10/32
IN T,O OR THREE COLU+NS
Ye""#&Is the color o old&
'!tter and ri$ele%ons( In thes$ectr!% o "isi'le
liht& yellow iso!nd 'etween
reen and orane(
B"ueIs the colo!r o the
clear s#y and thedee$ sea( It islocated 'etween
"iolet and reen onthe o$tical
s$ectr!%(
Re-Is the color o
'lood& and 'eca!seo this it hashistorically 'een
associated withsacrifce& daner
and co!rae(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 11/32
A ICTURE IS ,ORTH ATHOUSAND ,ORDS
A co%$le) idea can 'econ"eyed with *!st a sinlestill i%ae& na%ely %a#in it$ossi'le to a'sor' larea%o!nts o data +!ic#ly(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 12/32
,ANT BIG I+ACT
Use 'ii%ae(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 13/32
USE CHARTS TOE/LAIN YOURIDEAS
,HITE B.RA/
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 14/32
OR USE DIAGRA+S TO E/LAIN CO+LE/ IDEAS
Sa%$le Te)t
Sa%$le Te)t
Sa%$le Te)t
Sa%$le Te)t
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 15/32
AND TABLES TO CO+ARE DATA
A B C
/ellow 13 43 5
Bl!e 63 17 13
0rane 7 48 19
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 16/32
+AS
o!ro1ce
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 17/32
:;<749<1,hoa2 That’s a 'i n!%'er& aren’t yo! $ro!d3
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 18/32
:;<749<148= That’s a lot o %oney
133> Total s!ccess2
1:7<488 users
And a lot o !sers
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 19/32
OUR ROCESS IS EASY
First
Second
Last
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 20/32
LET?S RE@IE, SO+E CONCETS
Ye""#&Is the color o old& '!tterand ri$e le%ons( In thes$ectr!% o "isi'le liht&yellow is o!nd 'etween
reen and orane(
B"ueIs the colo!r o the clear s#yand the dee$ sea( It islocated 'etween "iolet andreen on the o$tical
s$ectr!%(
Re-Is the color o 'lood& and'eca!se o this it hashistorically 'een associatedwith sacrifce& daner and
co!rae(
Ye""#&Is the color o old& '!tterand ri$e le%ons( In thes$ectr!% o "isi'le liht&yellow is o!nd 'etweenreen and orane(
B"ueIs the colo!r o the clear s#yand the dee$ sea( It islocated 'etween "iolet andreen on the o$ticals$ectr!%(
Re-Is the color o 'lood& and'eca!se o this it hashistorically 'een associatedwith sacrifce& daner andco!rae(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 21/32
/o! can co$y4$aste ra$hs ro% .oole Sheets
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 22/32
5lace yo!r screhere
ANDROID ROECT
Show and e)$lain yo!r we'&a$$ or sotware $ro*ects!sin these adette%$lates(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 23/32
5lace yo!r screehere
IHONE ROECT
Show and e)$lain yo!r we'&a$$ or sotware $ro*ects!sin these adet
te%$lates(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 24/32
5lace yo!r screens
TABLET ROECT
Show and e)$lain yo!r we'&a$$ or sotware $ro*ects!sin these adet
te%$lates(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 25/32
5lace yo!r screenshot here
DESTO ROECT
Show and e)$lainyo!r we'& a$$ orsotware $ro*ects
!sin these adette%$lates(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 26/32
THANS
Any +!estions3 /o! can fnd %e at 6!serna%e 4!ser6%ail(%e
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 27/32
+eti%atin% Ris's
7Ba"ance r#tecti#n ,it$ Uti"ityCo%$!ters in an o1ce co!ld 'e co%$letely $rotected i all the %ode%s weretorn o!t and e"eryone was #ic#ed o!t o the roo% 9 '!t then they wo!ldn’t 'eo !se to anyone( This is why one o the 'iest challenes in IT sec!rity isfndin a 'alance 'etween reso!rce a"aila'ility and the confdentiality andinterity o the reso!rces(
Rather than tryin to $rotect aainst all #inds o threats& %ost IT de$art%entsoc!s on ins!latin the %ost "ital syste%s frst and then fndin acce$ta'leways to $rotect the rest witho!t %a#in the% !seless( So%e o the lower9$riority syste%s %ay 'e candidates or a!to%ated analysis& so that the %osti%$ortant syste%s re%ain the oc!s(
7S!"it u! t$e Users an- Res#urcesFor an inor%ation sec!rity syste% to wor#& it %!st #now who is allowed to see
and do $artic!lar thins( So%eone in acco!ntin& or e)a%$le& doesn’t need tosee all the na%es in a client data'ase& '!t he %iht need to see the f!resco%in o!t o sales( This %eans that a syste% ad%inistrator needs to assinaccess 'y a $erson’s *o' ty$e& and %ay need to !rther refne those li%itsaccordin to orani:ational se$arations( This will ens!re that the chie fnancialo1cer will ideally 'e a'le to access %ore data and reso!rces than a *!nioracco!ntant(
That said& ran# doesn’t %ean !ll access( A co%$any;s CE0 %ay need to see%ore data than other indi"id!als& '!t he doesn’t a!to%atically need !ll accessto the syste%( This 'rins !s to the ne)t $oint(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 28/32
+eti%atin% Ris's
Assi%n +ini*u* ri)i"e%esAn indi"id!al sho!ld 'e assined the %ini%!% $ri"ilees neededto carry o!t his or her res$onsi'ilities( I a $erson’s res$onsi'ilities
chane& so will the $ri"ilees( Assinin %ini%!% $ri"ileesred!ces the chances that <oe ro% desin will wal# o!t the door with
all the %ar#etin data(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 29/32
+eti%atin% Ris's
7Use In-e!en-ent Defenses This is a %ilitary $rinci$le as %!ch as an IT sec!rity one( Usin onereally ood deense& s!ch as a!thentication $rotocols& is only ood!ntil so%eone 'reaches it( ,hen se"eral inde$endent deenses
are e%$loyed& an attac#er %!st !se se"eral di=erent strateies toet thro!h the%( Introd!cin this ty$e o co%$le)ity doesn’t$ro"ide >?? $ercent $rotection aainst attac#s& '!t it does red!cethe chances o a s!ccess!l attac#(7"an f#r Fai"ure5lannin or ail!re will hel$ %ini%i:e its act!al conse+!encessho!ld it occ!r( Ha"in 'ac#!$ syste%s in $lace 'eorehand allows
the IT de$art%ent to constantly %onitor sec!rity %eas!res andreact +!ic#ly to a 'reach( I the 'reach is not serio!s& the '!siness
or orani:ation can #ee$ o$eratin on 'ac#!$ while the $ro'le% isaddressed( IT sec!rity is as %!ch a'o!t li%itin the da%ae ro%'reaches as it is a'o!t $re"entin the%(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 30/32
+eti%atin% Ris's
7Rec#r-< Rec#r-< Rec#r-Ideally& a sec!rity syste% will ne"er 'e 'reached& '!t when asec!rity 'reach does ta#e $lace& the e"ent sho!ld 'e recorded( Inact& IT sta= oten record as %!ch as they can& e"en when a
'reach isn;t ha$$enin( So%eti%es the ca!ses o 'reaches aren’ta$$arent ater the act& so it;s i%$ortant to ha"e data to trac#'ac#wards( @ata ro% 'reaches will e"ent!ally hel$ to i%$ro"e thesyste% and $re"ent !t!re attac#s 9 e"en i it doesn’t initially %a#esense(
7Run Freuent TestsHac#ers are constantly i%$ro"in their crat& which %eansinor%ation sec!rity %!st e"ol"e to #ee$ !$( IT $roessionals r!n
tests& cond!ct ris# assess%ents& reread the disaster reco"ery $lan&chec# the '!siness contin!ity $lan in case o attac#& and then do itall o"er aain(
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 31/32
7/24/2019 IT SECURIY
http://slidepdf.com/reader/full/it-securiy 32/32
S"i-esCarni)a" s$a!es(
This %eans that Resi:e the% wiChane line co
Isn’t that nice3 D
E)a%$les