bảo mật hệ thống mạng part 40

... mainframe may then become a primary target for a hacker seeking to cause the target serious harm Part of the business model for any organization will be the location of employees and how they perform ... an e-mail that executes and installs itself when the attachment is opened Programs like this are particularly effective if the employee uses a Windows system Physical Attack Methods TE AM FL Y ... extended to include the home computers of employees who are allowed to telecommute or a business partner that is allowed to connect to the network A burglar alarm is designed to detect any attempted...

Ngày tải lên: 02/07/2014, 18:20

... classification, access would be denied This concept of modeling eventually lead to United States Department of Defense Standard 5200.28, The Trusted Computing System Evaluation Criteria (TCSEC, also ... as well as assurance requirements Thus, in order for a system to meet the qualifications for a particular level of certification it had to meet the functional and the assurance requirements The ... cannot be the all-encompassing solution Anti-Virus Software TE 10 Anti-virus software is a necessary part of a good security program If properly implemented and configured, it can reduce an organization’s...

Ngày tải lên: 02/07/2014, 18:20

... individuals Vulnerability Scanning Scanning computer systems for vulnerabilities is an important part of a good security program Such scanning will help an organization to identify potential entry ... information is found Eavesdropping When someone listens in on a conversation that they are not a part of, that is eavesdropping To gain unauthorized access to information, an attacker must position...

Ngày tải lên: 02/07/2014, 18:20

... information is found Eavesdropping When someone listens in on a conversation that they are not a part of, that is eavesdropping To gain unauthorized access to information, an attacker must position...

Ngày tải lên: 02/07/2014, 18:20

Ngày tải lên: 02/07/2014, 18:20

... exists For paper files, the physical paper file must be protected The physical file must exist at a particular location; therefore, access to this location must be controlled The confidentiality service ... pages difficult Making multiple copies of the information and distributing the copies to interested parties makes it difficult to successfully change all of the documents at the same time 31 32 Network ... system or a network within the control of the organization What if the file is to be copied to other parties or organizations? In this case, it is clear that the access controls on a single computer...

Ngày tải lên: 02/07/2014, 18:20

... conjunction with other services to make them more effective Accountability by itself is the worst part of security; it adds complications without adding value Accountability adds cost and it reduces ... facility Handprint scanners are also often used to authenticate individuals who wish to enter certain parts of facilities The authentication mechanism is directly tied to the physical presence and identity ... authenticated user so that the events can be reconstructed 37 This page intentionally left blank PART II Ground Work Copyright 2001 The McGraw-Hill Companies, Inc Click Here for Terms of Use 39...

Ngày tải lên: 02/07/2014, 18:20

... sections discuss the statutes that are most often used For the applicability of these statutes to a particular situation or organization, please consult your organization’s general counsel Computer ... defines the crime as the intentional access of a computer without authorization to so A second part of the statute adds that the individual accessing the computer has to obtain information that ... computer crime is an area of continued research and development If you have specific questions about a particular statute, consult your organization’s general counsel or local law enforcement Figure...

Ngày tải lên: 02/07/2014, 18:20

Ngày tải lên: 02/07/2014, 18:20

... computers is a crime punishable by six months in jail (see Commonwealth Laws, Crimes Act 1914, Part VIA— Offences Relating to Computers) The punishment goes up to two years if the intent was ... if any of the information from the victim can be used in the prosecution There are actually two parts to the correct information regarding this situation First, if normal business procedures are ... consultant to perform a forensic examination of the system, you are now taking actions that are not part of normal business practices In this case, your organization should take appropriate precautions...

Ngày tải lên: 02/07/2014, 18:20

... 58 Network Security: A Beginner’s Guide erhaps the most uninteresting part of an information security professional’s job is that of policy The development of policy takes ... important to an organization and may be the most important job that the Information Security department of an organization can complete P POLICY IS IMPORTANT Policy provides the rules that govern ... during the incident Putting Everyone on the Same Page Rules are great and having them is a necessary part of running a security program for an organization However, it is just as important that everyone...

Ngày tải lên: 02/07/2014, 18:20

... These users may not be known to the Human Resources department The organization should identify who will know about such employees and make them a part of the procedure as well 67 68 Network Security: ... to this part of the procedure is to identify the organization’s objectives before an incident occurs Event Identification The identification of an incident is perhaps the most difficult part of ... situation Authority An important part of the IRP is defining who within the organization and the incident response team has the authority to take action This part of the procedure should define...

Ngày tải lên: 02/07/2014, 18:20

... the creation of the policy You can show the department managers that someone from their part of the organization was involved and voiced that department’s concerns It also helps if management ... the most damaging to an organization For a DRP to plan for such events, every department of the organization must participate in its creation The first step is for the organization to identify ... easy part In order to create it, you only had to get a small number of people involved To effectively deploy the policy, you need to work with the whole organization Gaining Buy-In Every department...

Ngày tải lên: 02/07/2014, 18:20

... Audits Many organizations have internal audit departments that periodically audit systems for compliance with policy Security should approach the Audit department about new policies and work with them ... existing security policies and design procedures should be followed This allows Security to be a part of the design phase of the project and allows for security requirements to be identified early ... be made to comply with the policy Security should work with the system administrators and the department that uses the system to make the appropriate changes This may entail some development changes...

Ngày tải lên: 02/07/2014, 18:20

... provides a basis for valuing of information assets By identifying risk, you learn the value of particular types of information and the value of the systems that contain that information S WHAT ... people and would only allow the attacker to gain access to information that was not considered particularly sensitive would be considered a low-value vulnerability Team-Fly® Chapter 6: Figure ... Agents The agents of threat are the people who may wish to harm to an organization To be a credible part of a threat, an agent must have three characteristics: M Access I Knowledge The level and type...

Ngày tải lên: 02/07/2014, 18:20

... useful However, we may not necessarily have knowledge of a directed or specific threat against some part of the organization If we assume a generic threat (somebody probably has the access, knowledge, ... replace systems I Cost of experts to assist L Employee overtime AM FL Y As you can see from just this partial list, the costs of a successful penetration can be large Some of these costs will be unknown ... work that could have been done when the systems were down? Hopefully, the accounting or finance department of an organization can assist in identifying some of these costs In many cases, however,...

Ngày tải lên: 02/07/2014, 18:20

... only those documents that are complete Documents in draft form should also be examined The last part of information gathering is a physical inspection of the organization’s facility If possible,...

Ngày tải lên: 02/07/2014, 18:20

... organization, between departments, between sites, within departments, and to other organizations Attempt to identify how each link in the chain treats information and how each part of the organization ... the organization Another part of the attitude equation is how management communicates their commitment to employees The communication of a security commitment has two parts: management attitude ... link in the chain treats information and how each part of the organization depends on other parts As part of an assessment, attempts should be made to identify which systems and networks are important...

Ngày tải lên: 02/07/2014, 18:20

... security department should choose a small document with a small number of interested parties to begin with This is most likely to create the opportunity for a quick success and for the security department ... policy, and so on In this case, the security department becomes a moderator and facilitator in the construction of the documents The security department should come to the first meeting with ... require updating If the security department had a hand in creating the original document, the first thing that should be done is to reassemble the interested parties who contributed to the previous...

Ngày tải lên: 02/07/2014, 18:20

... department Updates such as these could be included in regular administrator staff meetings to reduce the time necessary for administrators In addition to the periodic meetings, the security department ... and the proper understanding of the security department’s role during the development process For all new development projects, the security department should be involved in the design phase ... Security: A Beginner’s Guide Executives Presentations to executives of an organization are part education and part marketing Without the support of organization management, the security program will...

Ngày tải lên: 02/07/2014, 18:20