Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (19)
Semelhante a IT Security Guest Lecture
Semelhante a IT Security Guest Lecture (20)
Último
Último (20)
IT Security Guest Lecture
- 1. Internal I.T. Security Security within an organization’s network
- 2. Contents 4/5/2010 Soumitri 2
- 3. Overview • Brief introduction to what this niche segment is all about • IT Security comprises: o People, Processes & Technologies o Network, Application, Database, Endpoint, Messaging o Policy definition, Policy enforcement, Monitoring & Reporting 4/5/2010 Soumitri 3
- 4. Industry Perspective - People • Identity and Access Management – Identity Management • Enterprise Employee Directory – Access Management • Single Sign On, Web Sign On, Tokens, Smart Cards, etc – Privilege Management • Layered solutions, Segregation of Duties – Audit & Reporting – Education & Training 4/5/2010 Soumitri 4
- 5. Industry Perspective - Process • Risk Management – Risk Modeling Tools • Policy Design & Development – Templates, External Consultants, etc • Business Continuity & Disaster Recovery – Multiple Geographic Storage Sites • Incident & Threat Management – Incident Response Platforms 4/5/2010 Soumitri 5
- 6. Industry Perspective - Process (2) • Information Asset Management – Inventory of Assets (includes People) • Systems Development – Architecture – Modeling Tools – Coding Standards • Operations Management – Monitoring Tools 4/5/2010 Soumitri 6
- 7. Industry Perspective - Technology • Network – Perimeter security: Firewalls, WLAN, VPN, NIDPS • Application – Coding standards: Static Analysis Tools, Monitoring • Database – Privilege Management: Encryption, Monitoring • Endpoint – Desktops & Servers: Anti-Virus, DLP Suites, Encryption • Messaging – Anti-Spam/Virus/Malware, Encryption • Data – Disk & File encryption, Monitoring & Management, DRM 4/5/2010 Soumitri 7
- 8. What is DLP? • Data Leak Protection: “Systems that identify, monitor, and protect data in use, data in motion, and data at rest through deep content inspection, contextual security analysis of transaction and with a centralized management framework” • Data at Rest – Endpoint actions • Data in Motion – Network actions • Data in Use – Data storage • Systems are designed to detect and prevent the unauthorized use and transmission of confidential information 4/5/2010 Soumitri 8
- 9. DLP Process 1) Define Confidential Policy 2) Discover Exposed Data 3) Enforce Policy 4) Feedback & Corrective Mechanism 5) Report Generation and Management 4/5/2010 Soumitri 9
- 10. Usage & Benefits • Demonstrates Regulatory Compliance – HIPAA, GLBA, PCI, BASEL II, SOX • Helps prevent Identity Theft • Seamless integration in PMO • Protects Brand & Reputation 4/5/2010 Soumitri 10
- 11. Conclusion • Internal IT Security is an evolving technology • It is a niche area requiring domain & technical expertise • Compliance: PCI, SOX, BASEL II, GLBA – At least one compliance knowledge is needed • Certifications: SSCP, CISSP • More Info: International Information Systems Security Certification Consortium website 4/5/2010 Soumitri 11
- 12. Conclusion (2) • Career Path: External Security Consultants, IT Security Officer, CISO • Management & Communication skills are required • Firm Knowledge of: – Organization’s strategic objectives – Management issues – Impact of Security policies on Business functions – Comprehensive Technical Info – Future Trends 4/5/2010 Soumitri 12
- 13. Thank You & Best Wishes 4/5/2010 Soumitri 13