IT and Cyber Module 2
IT and Cyber Module 2
C.I.A. triangle
∙ Confidentiality, integrity, and availability
∙ Video: http://www.youtube.com/watch?v=j8FT9WqmuDY
Administrative Controls
Developing and
publishing of
Screening of
policies, standards,
personnel.
procedures, and
guidelines.
Conducting Implementing
security-awareness change control
training, and procedures.
Implementing
Password and
and maintaining
resource
access control
management.
mechanisms.
Security devices
Identification and
and
authentication
Configuration of
methods
the infrastructure.
Physical Controls
Monitoring for
Protecting the
intrusion and
perimeter of the
Environmental
facility
controls
Levels of Responsibilities
Senior management and other levels of management
∙ Understand the vision of the company, the business goals, and the
objectives.
Functional management
∙ Understand how their individual departments work, what roles
individuals play within the company, and how security affects their
department directly.
Operational managers and staff. These layers are closer to the
actual operations of the company.
∙ Know detailed information about the technical and procedural
requirements, the systems, and how the systems are used.
∙ Understand how security mechanisms integrate into systems, how to
configure them, and how they affect daily productivity.
http://www.youtube.com/watch?v=UIIY9AQSqbY&feature=endscreen&NR=1
Organizations have been actively using security technologies - security can not
be achieved through technological tools alone.
People are often the weakest link in the security chain. A large percentage of
documented data breaches can be traced back to human error and employees’
misuse of IT assets.
- Then, break that data down by departments and types of messages, to tailor training to problem areas.
- If an employee clicks on a simulated phishing attempt, share the results with that person.
- Invite victims of the attack to share the lessons they learned with their peer groups
Get buy in from the top: have line items in the annual budget for people,
hardware, and software
Reward employees that find malicious emails or malware, and share stories
about how employees helped thwart security issues
∙ Follow up with employees on their test results. Show every employee their results
and how each compares with the average.