SlideShare uma empresa Scribd logo

Access control Week 1

Transferir como PPTX, PDF
J
jemtallon

StaridLabs CISSP Study slides for week 1

NegóciosTecnologia
1 de 21
Access Control Week 1 (pages 1-80) Jem Jensen
Overview Access Control - Only authorized users, programs, and systems are allowed to access resources Not surprisingly, the process for defining access control is: 1. Define Resources 2. Define Users 3. Specify Access between users and resources
Overview "Joining the CIA" Confidentiality - Is it secret? Integrity - Is it safe? Availability - Does Sauron have it?
Stances 1. Allow-By-Default 1. Easy to set up, hard to secure 2. Deny-By-Default 1. Easy to secure, hard to set up Defence in Depth • Layer different access control styles • Every layer reduced the chance that a single attacker will find a hole through all of the layers Overview
Separation Of Duties Separation of Duties - 2 keys to launch the nuke! Process/Concerns: • Element identity, importance and criticality • Identify areas at risk/prone to abuse • Add an "approval" step • Operational considerations • Efficiency • Cost vs. Risk • User skill/availability • Must be enough personnel
Least Privilege Only give enough access for users to perform their jobs Need to know • Simple way to implement least privilege • Only share information with a user if they "need" it Compartmentalization • Isolate groups from each other so information doesn't get leaked
Security Domain Set up a hierarchy of access PC user accounts example: 1. Guest 2. User 3. Power user 4. Admin
Information Classification Different security levels for different information Benefits: • Establish ownership of info • Reduce waste • Focus resources on the highest risk • Easier to find areas which are lacking • Can quickly reveal info's worth • Easier to raises awareness • Easier to train/retrain staff
Information Classification The Process: 1. Determine Objectives 1. This is a process, not a project! It will be ongoing forever 2. Defining objectives on each iteration helps you keep track of the work and celebrate the victories along the way 2. Establish Organizational Support 1. Get buy-in on the objectives from management 2. If they can't see the cost-to-benefit they may not you work 3. Develop Info Class Policy & Procedures 1. Requirements, scope, purpose, definitions (Mostly high-level up to this point)
Information Classification 4. Process Flows 1. Document the process, flow charts 5. Tools 1. Make sure everyone is speaking the same language 6. Identify Application Owners 1. Custodians of data. They can help identify stakeholders 7. Identify Info Owners 1. They know the data, decide who can access data 8. Distribute templates 1. Info owners fill them out to identify the data they manage (Mid-level up to this point)
Information Classification 9. Classify Info 1. Is it public? Internal only? Confidential? Restricted? 10. Develop Auditing 1. Perform this process again on new data 2. Do "spot" checks (check track, locked screens) 11. Load Classification Info Into A Repository 1. Allows analysis 12. Train 1. What classifications mean, importance, scenarios 13. Review and Update 1. Improve quality, keep the process ongoing
Labeling Use your classification system Create silos if it's easier: • Mark all backup tapes as "confidential" instead of separating out the confidential data to it's own tapes
Access Control Requirements 1. Reliability 2. Transparency 3. Scalability 4. Integrity 5. Maintainability 6. Auditability 7. Authentication Data Security
Access Control Types & Cats 2 Methods of defining Access Controls 1. By Type 1. What the control itself is doing 2. By Category 1. Who is implementing the control -or- 2. How the control is used
Access Control Categories Categories 1. Administrative 1. Management-style controls like firing people, holding employee reviews, performing trainings 2. Technical/Logical 1. Electronic controls like enforcing passwords, badges, logging 3. Physical 1. Locks, gates, guards, etc
Administrative Controls • Policies And Procedures • Personnel Evaluation/Clearance • Security Policies • Monitoring • User Access Management • Privilege Management
Logical Controls • Network Access • Remote Access • System Access • Application Access • Malware Control • Cryptography
Physical Controls Are apparently self-explanatory since the book skipped them :P
Next week: Pages 81 - 148

Recomendados

CISSP week 26
CISSP week 26CISSP week 26
CISSP week 26jemtallon
 
access-control-week-2
access-control-week-2access-control-week-2
access-control-week-2jemtallon
 
Cissp Week 23
Cissp Week 23Cissp Week 23
Cissp Week 23jemtallon
 
CISSP Week 12
CISSP Week 12CISSP Week 12
CISSP Week 12jemtallon
 
access-control-week-3
access-control-week-3access-control-week-3
access-control-week-3jemtallon
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9jemtallon
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 

Recomendados

CISSP week 26
CISSP week 26CISSP week 26
CISSP week 26jemtallon
 
access-control-week-2
access-control-week-2access-control-week-2
access-control-week-2jemtallon
 
Cissp Week 23
Cissp Week 23Cissp Week 23
Cissp Week 23jemtallon
 
CISSP Week 12
CISSP Week 12CISSP Week 12
CISSP Week 12jemtallon
 
access-control-week-3
access-control-week-3access-control-week-3
access-control-week-3jemtallon
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9jemtallon
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Controlidingolay
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
The Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationThe Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationHafiza Abas
 
2. access control
2. access control2. access control
2. access control7wounders
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security PresentationWajahat Rajab
 
CISSP Week 13
CISSP Week 13CISSP Week 13
CISSP Week 13jemtallon
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecuritySam Bowne
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2Kabul Education University
 
2. Asset Security
2. Asset Security2. Asset Security
2. Asset SecuritySam Bowne
 
Access-control-system
Access-control-systemAccess-control-system
Access-control-systemTechera Consultants
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Mandatory access control for information security
Mandatory access control for information securityMandatory access control for information security
Mandatory access control for information securityAjit Dadresa
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security AssessmentKarthikeyan Dhayalan
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and PracticeNabeel Yoosuf
 
Promocion 30-may-2013
Promocion 30-may-2013Promocion 30-may-2013
Promocion 30-may-2013Carlos Ojeda
 
Power de claudia (1)
Power de claudia (1)Power de claudia (1)
Power de claudia (1)AILENJIME
 

Mais conteúdo relacionado

Mais procurados

Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Controlidingolay
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
The Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationThe Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationHafiza Abas
 
2. access control
2. access control2. access control
2. access control7wounders
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security PresentationWajahat Rajab
 
CISSP Week 13
CISSP Week 13CISSP Week 13
CISSP Week 13jemtallon
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecuritySam Bowne
 
2. Asset Security
2. Asset Security2. Asset Security
2. Asset SecuritySam Bowne
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Mandatory access control for information security
Mandatory access control for information securityMandatory access control for information security
Mandatory access control for information securityAjit Dadresa
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and PracticeNabeel Yoosuf
 

Mais procurados (20)

Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
 
The Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationThe Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and Operation
 
2. access control
2. access control2. access control
2. access control
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security Presentation
 
CISSP Week 13
CISSP Week 13CISSP Week 13
CISSP Week 13
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
8. operations security
8. operations security8. operations security
8. operations security
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
 
2. Asset Security
2. Asset Security2. Asset Security
2. Asset Security
 
Access-control-system
Access-control-systemAccess-control-system
Access-control-system
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
Mandatory access control for information security
Mandatory access control for information securityMandatory access control for information security
Mandatory access control for information security
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security Assessment
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and Practice
 

Destaque

Promocion 30-may-2013
Promocion 30-may-2013Promocion 30-may-2013
Promocion 30-may-2013Carlos Ojeda
 
Power de claudia (1)
Power de claudia (1)Power de claudia (1)
Power de claudia (1)AILENJIME
 
2012 october-1-boe-child-abuse
2012 october-1-boe-child-abuse2012 october-1-boe-child-abuse
2012 october-1-boe-child-abuseLadystellas
 
Craig Charnock SAPA presentation
Craig Charnock SAPA presentationCraig Charnock SAPA presentation
Craig Charnock SAPA presentationCraig Charnock
 
Os gps.pptx.pptx
Os gps.pptx.pptxOs gps.pptx.pptx
Os gps.pptx.pptxsoraya1996
 
Capitulo ix.relación de la mente y el cerebro
Capitulo ix.relación de la mente y el cerebroCapitulo ix.relación de la mente y el cerebro
Capitulo ix.relación de la mente y el cerebroFrancisco Xavier
 
Dlmeng1q4t2f 130108134044-phpapp01
Dlmeng1q4t2f 130108134044-phpapp01Dlmeng1q4t2f 130108134044-phpapp01
Dlmeng1q4t2f 130108134044-phpapp01062270
 

Destaque (11)

Promocion 30-may-2013
Promocion 30-may-2013Promocion 30-may-2013
Promocion 30-may-2013
 
Power de claudia (1)
Power de claudia (1)Power de claudia (1)
Power de claudia (1)
 
2012 october-1-boe-child-abuse
2012 october-1-boe-child-abuse2012 october-1-boe-child-abuse
2012 october-1-boe-child-abuse
 
Craig Charnock SAPA presentation
Craig Charnock SAPA presentationCraig Charnock SAPA presentation
Craig Charnock SAPA presentation
 
Invest to get
Invest to getInvest to get
Invest to get
 
Os gps.pptx.pptx
Os gps.pptx.pptxOs gps.pptx.pptx
Os gps.pptx.pptx
 
Memories photos
Memories photosMemories photos
Memories photos
 
Capitulo ix.relación de la mente y el cerebro
Capitulo ix.relación de la mente y el cerebroCapitulo ix.relación de la mente y el cerebro
Capitulo ix.relación de la mente y el cerebro
 
Time Value of Money
Time Value of MoneyTime Value of Money
Time Value of Money
 
Compu
CompuCompu
Compu
 
Dlmeng1q4t2f 130108134044-phpapp01
Dlmeng1q4t2f 130108134044-phpapp01Dlmeng1q4t2f 130108134044-phpapp01
Dlmeng1q4t2f 130108134044-phpapp01
 

Semelhante a Access control Week 1

Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control FundamentalsSetiya Nugroho
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxdotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxTechnocracy2
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxImXaib
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Segregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSegregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSmart ERP Solutions, Inc.
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 
Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security Sammer Qader
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxechnrketan
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Unit-4-User-Authentication.pptx
Unit-4-User-Authentication.pptxUnit-4-User-Authentication.pptx
Unit-4-User-Authentication.pptxPuskar Bhandari
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Attackers process
Attackers processAttackers process
Attackers processbegmohsin
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security ResilienceJoel Aleburu
 

Semelhante a Access control Week 1 (20)

Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
 
Module 6.pptx
Module 6.pptxModule 6.pptx
Module 6.pptx
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Segregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSegregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a Service
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 
Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxe
 
OWASP_Training.pptx
OWASP_Training.pptxOWASP_Training.pptx
OWASP_Training.pptx
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Unit-4-User-Authentication.pptx
Unit-4-User-Authentication.pptxUnit-4-User-Authentication.pptx
Unit-4-User-Authentication.pptx
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
Attackers process
Attackers processAttackers process
Attackers process
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security Resilience
 

Mais de jemtallon

CISSP week 25
CISSP week 25CISSP week 25
CISSP week 25jemtallon
 
Cissp Week 24
Cissp Week 24Cissp Week 24
Cissp Week 24jemtallon
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22jemtallon
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21jemtallon
 
CISSP Week 20
CISSP Week 20CISSP Week 20
CISSP Week 20jemtallon
 
CISSP Week 18
CISSP Week 18CISSP Week 18
CISSP Week 18jemtallon
 
CISSP Week 16
CISSP Week 16CISSP Week 16
CISSP Week 16jemtallon
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14jemtallon
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
CISSP Week 6
CISSP Week 6CISSP Week 6
CISSP Week 6jemtallon
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5jemtallon
 
Access Control - Week 4
Access Control - Week 4Access Control - Week 4
Access Control - Week 4jemtallon
 
CISSP Proposal
CISSP ProposalCISSP Proposal
CISSP Proposaljemtallon
 

Mais de jemtallon (13)

CISSP week 25
CISSP week 25CISSP week 25
CISSP week 25
 
Cissp Week 24
Cissp Week 24Cissp Week 24
Cissp Week 24
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21
 
CISSP Week 20
CISSP Week 20CISSP Week 20
CISSP Week 20
 
CISSP Week 18
CISSP Week 18CISSP Week 18
CISSP Week 18
 
CISSP Week 16
CISSP Week 16CISSP Week 16
CISSP Week 16
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7
 
CISSP Week 6
CISSP Week 6CISSP Week 6
CISSP Week 6
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5
 
Access Control - Week 4
Access Control - Week 4Access Control - Week 4
Access Control - Week 4
 
CISSP Proposal
CISSP ProposalCISSP Proposal
CISSP Proposal
 

Último

FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noidadlhescort
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...allensay1
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1kcpayne
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 

Último (20)

FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 

Access control Week 1

  • 1. Access Control Week 1 (pages 1-80) Jem Jensen
  • 2. Overview Access Control - Only authorized users, programs, and systems are allowed to access resources Not surprisingly, the process for defining access control is: 1. Define Resources 2. Define Users 3. Specify Access between users and resources
  • 3. Overview "Joining the CIA" Confidentiality - Is it secret? Integrity - Is it safe? Availability - Does Sauron have it?
  • 4. Stances 1. Allow-By-Default 1. Easy to set up, hard to secure 2. Deny-By-Default 1. Easy to secure, hard to set up Defence in Depth • Layer different access control styles • Every layer reduced the chance that a single attacker will find a hole through all of the layers Overview
  • 5. Separation Of Duties Separation of Duties - 2 keys to launch the nuke! Process/Concerns: • Element identity, importance and criticality • Identify areas at risk/prone to abuse • Add an "approval" step • Operational considerations • Efficiency • Cost vs. Risk • User skill/availability • Must be enough personnel
  • 6. Least Privilege Only give enough access for users to perform their jobs Need to know • Simple way to implement least privilege • Only share information with a user if they "need" it Compartmentalization • Isolate groups from each other so information doesn't get leaked
  • 7. Security Domain Set up a hierarchy of access PC user accounts example: 1. Guest 2. User 3. Power user 4. Admin
  • 8. Information Classification Different security levels for different information Benefits: • Establish ownership of info • Reduce waste • Focus resources on the highest risk • Easier to find areas which are lacking • Can quickly reveal info's worth • Easier to raises awareness • Easier to train/retrain staff
  • 9. Information Classification The Process: 1. Determine Objectives 1. This is a process, not a project! It will be ongoing forever 2. Defining objectives on each iteration helps you keep track of the work and celebrate the victories along the way 2. Establish Organizational Support 1. Get buy-in on the objectives from management 2. If they can't see the cost-to-benefit they may not you work 3. Develop Info Class Policy & Procedures 1. Requirements, scope, purpose, definitions (Mostly high-level up to this point)
  • 10. Information Classification 4. Process Flows 1. Document the process, flow charts 5. Tools 1. Make sure everyone is speaking the same language 6. Identify Application Owners 1. Custodians of data. They can help identify stakeholders 7. Identify Info Owners 1. They know the data, decide who can access data 8. Distribute templates 1. Info owners fill them out to identify the data they manage (Mid-level up to this point)
  • 11. Information Classification 9. Classify Info 1. Is it public? Internal only? Confidential? Restricted? 10. Develop Auditing 1. Perform this process again on new data 2. Do "spot" checks (check track, locked screens) 11. Load Classification Info Into A Repository 1. Allows analysis 12. Train 1. What classifications mean, importance, scenarios 13. Review and Update 1. Improve quality, keep the process ongoing
  • 12. Labeling Use your classification system Create silos if it's easier: • Mark all backup tapes as "confidential" instead of separating out the confidential data to it's own tapes
  • 13. Access Control Requirements 1. Reliability 2. Transparency 3. Scalability 4. Integrity 5. Maintainability 6. Auditability 7. Authentication Data Security
  • 14. Access Control Types & Cats 2 Methods of defining Access Controls 1. By Type 1. What the control itself is doing 2. By Category 1. Who is implementing the control -or- 2. How the control is used
  • 15.
  • 16.
  • 17. Access Control Categories Categories 1. Administrative 1. Management-style controls like firing people, holding employee reviews, performing trainings 2. Technical/Logical 1. Electronic controls like enforcing passwords, badges, logging 3. Physical 1. Locks, gates, guards, etc
  • 18. Administrative Controls • Policies And Procedures • Personnel Evaluation/Clearance • Security Policies • Monitoring • User Access Management • Privilege Management
  • 19. Logical Controls • Network Access • Remote Access • System Access • Application Access • Malware Control • Cryptography
  • 20. Physical Controls Are apparently self-explanatory since the book skipped them :P