Internet Security fo Cuber Security Hymes.ppt
RioGunturUtomo
13 views
12 slides
Sep 24, 2024
Slide 1 of 12
1
2
3
4
5
6
7
8
9
10
11
12
About This Presentation
Internet Security
Slide Content
System SecuritySystem Security
Compliance Monitoring Compliance Monitoring
ProgramProgram
Monitoring compliance to
corporate information security
standards
Pat Hymes
First Union Corp.
Compliance Monitoring Compliance Monitoring
ProgramProgram
Monitoring compliance to
corporate information security
standards
Pat Hymes
First Union Corp.
Information Security Information Security
Policies, Standards and Policies, Standards and
GuidelinesGuidelines
Standards - support corporate policies and
define what controls are needed
Guidelines - describes how to implement
controls on a particular platform (e.g.,
AS/400, Unix, Novell, NT)
Policies, Standards and Policies, Standards and
GuidelinesGuidelines
Standards - support corporate policies and
define what controls are needed
Guidelines - describes how to implement
controls on a particular platform (e.g.,
AS/400, Unix, Novell, NT)
The ChallengeThe Challenge
Are people following the standards?
How compliant are our systems with
the
standards/guidelines?
Are weaknesses being identified and
addressed?
How do we improve the security of
our distributed environment?
Are people following the standards?
How compliant are our systems with
the
standards/guidelines?
Are weaknesses being identified and
addressed?
How do we improve the security of
our distributed environment?
Why Monitor Compliance?Why Monitor Compliance?
We have better data to do our job
Enterprises with weak information security
controls suffer more than twice as many
incidents than Best in Class organizations
(1)
Supports proactive identification of weak
controls (for correction or sign-off)
Helps satisfy OCC concerns regarding
technology risk
(1) - European Security Forum, 1998/99 Information Security Status Survey
We have better data to do our job
Enterprises with weak information security
controls suffer more than twice as many
incidents than Best in Class organizations
(1)
Supports proactive identification of weak
controls (for correction or sign-off)
Helps satisfy OCC concerns regarding
technology risk
(1) - European Security Forum, 1998/99 Information Security Status Survey
ConsiderationsConsiderations
Thousands of Systems
Multiple IT Departments
Low Security Awareness
Technological Evolution, Complexity
Time to Market Pressures
Immature and Proprietary Controls
First Union
Enterprise
AS/400AS/400
The Money Store Wheat First UnionEveren
Corp/I&O Cap Markets
Evergreen
NT
UNIX
AS/400
NT
UNIX
AS/400
NT
UNIX
Novell
NT
UNIX
Novell
NT
UNIX
Novell
AS/400
Tandem
VMS
Mainframe
NT
UNIX
Novell
AS/400
Corp Dial-In
Thousands of Systems
Multiple IT Departments
Low Security Awareness
Technological Evolution, Complexity
Time to Market Pressures
Immature and Proprietary Controls
First Union
Enterprise
AS/400AS/400
The Money Store Wheat First UnionEveren
Corp/I&O Cap Markets
Evergreen
NT
UNIX
AS/400
NT
UNIX
AS/400
NT
UNIX
Novell
NT
UNIX
Novell
NT
UNIX
Novell
AS/400
Tandem
VMS
Mainframe
NT
UNIX
Novell
AS/400
Corp Dial-In
ApproachApproach
Implement automated tools to assess compliance
Use published security guidelines as criteria
Assign weight to each test (scale: 1-10)
Compute system compliance score
–Based on points earned vs. total possible
Pull results to central compliance database
Provide multiple levels of reporting
Re-assess on a regular basis
Assist and support SAs wherever possible
“If you don’t know where you’re going,
you’ll never know when you get there.”
Yogi Berra
Implement automated tools to assess compliance
Use published security guidelines as criteria
Assign weight to each test (scale: 1-10)
Compute system compliance score
–Based on points earned vs. total possible
Pull results to central compliance database
Provide multiple levels of reporting
Re-assess on a regular basis
Assist and support SAs wherever possible
“If you don’t know where you’re going,
you’ll never know when you get there.”
Yogi Berra
Program EvolutionProgram Evolution
6/98 9/98 12/983/99 6/99 9/99 12/993/00 6/00
Unix AS/400 Novell NT
Tandem VMS
Current State
• Compliance tools deployed on over 1200 systems
• Monthly reporting to IT management
• High level compliance average include in “key
management metrics” database
• NT rollout just beginning
6/98 9/98 12/983/99 6/99 9/99 12/993/00 6/00
Unix AS/400 Novell NT
Tandem VMS
Current State
• Compliance tools deployed on over 1200 systems
• Monthly reporting to IT management
• High level compliance average include in “key
management metrics” database
• NT rollout just beginning
Benefits to DateBenefits to Date
Average (overall) compliance score has increased
from 62% to 86%
Lockdown tools & processes have been established
Security awareness and acceptance of accountability
of SAs, IT management has increased significantly
Security compliance part of performance reviews
Good relationships established
A foundation for future security initiatives has been
established
Average (overall) compliance score has increased
from 62% to 86%
Lockdown tools & processes have been established
Security awareness and acceptance of accountability
of SAs, IT management has increased significantly
Security compliance part of performance reviews
Good relationships established
A foundation for future security initiatives has been
established
Sample Chart From Sample Chart From
Monthly Compliance ReportMonthly Compliance Report
AS/400 Security Compliance
91%
91%
90%91%91%
79%
74%
88%
85%
94%94%
91% 97%
95%
95%
81%
96%95% 96% 95%
91%
88%
94%
93%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
J un-
99
J ul-99Aug-
99
Sep-
99
Oct-
99
Nov-
99
Dec-
99
J an-
00
Feb-
00
Mar-
00
Apr-
00
May-
00
TMS
FUSI East
(Beta/ILX
Systems)
TMS
FUSI
East*
Compliance
target = 90%
• News….
• Key issues needing attention...
Monthly Compliance ReportMonthly Compliance Report
AS/400 Security Compliance
91%
91%
90%91%91%
79%
74%
88%
85%
94%94%
91% 97%
95%
95%
81%
96%95% 96% 95%
91%
88%
94%
93%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
J un-
99
J ul-99Aug-
99
Sep-
99
Oct-
99
Nov-
99
Dec-
99
J an-
00
Feb-
00
Mar-
00
Apr-
00
May-
00
TMS
FUSI East
(Beta/ILX
Systems)
TMS
FUSI
East*
Compliance
target = 90%
• News….
• Key issues needing attention...
Pains, Gains & By-ProductsPains, Gains & By-Products
• Compliance monitoring is more than a tool
- Technology +
- People
- Process
• It’s okay to start small and build, refine
• Set achievable goals
• Only use “the hammer” when needed
• Measurable results boosts ISD staff morale
• Compliance monitoring is more than a tool
- Technology +
- People
- Process
• It’s okay to start small and build, refine
• Set achievable goals
• Only use “the hammer” when needed
• Measurable results boosts ISD staff morale
Other Metrics ReportedOther Metrics Reported
Virus Related
–Percentage of file servers, mail servers and desktops with current
pattern files
–# virus related help desk calls
–Future: # viruses cleaned/blocked/eliminated
Laptop Theft
–# of unsecured laptops observed by property mgmt guards
Future: Network device security compliance
Future: Unsecured modem metrics
Future: Technology Risk Scorecard for the Director of e-
Commerce
Virus Related
–Percentage of file servers, mail servers and desktops with current
pattern files
–# virus related help desk calls
–Future: # viruses cleaned/blocked/eliminated
Laptop Theft
–# of unsecured laptops observed by property mgmt guards
Future: Network device security compliance
Future: Unsecured modem metrics
Future: Technology Risk Scorecard for the Director of e-
Commerce
Improving System SecurityImproving System Security
Information
Security
Division
Platform Security Guidelines
Security Education
Consulting/Assistance
Compliance Monitoring/Enforcement
System
Administrators
Key Components
Change
Behavior
Change
Culture
Information
Security
Division
Platform Security Guidelines
Security Education
Consulting/Assistance
Compliance Monitoring/Enforcement
System
Administrators
Key Components
Change
Behavior
Change
Culture
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 13
- Slides 12
- Age 434 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views