Definition of Security Management
the set of functions (a) that protects telecommunications networks and systems from unauthorized access by persons, acts, or influences and (b) that includes many subfunctions, such as creating, deleting, and controlling security services and mechanisms; distributing security-relevant information; reporting security-relevant events; controlling the distribution of cryptographic keying material; and authorizing subscriber access, rights, and privileges.
|
|
Security Management
|
|
Information Classification- Who, Why, and How?
This paper will clarify who should be determining appropriate company protection needs. It will also demonstrate why information classification is a necessary, efficient and effective means to convey business driven information protection requirements. Last, it will offer a method for classifying information to persuade readers from accepting that their company should implement a data classification system to recognizing that it can.
Read the Article
|
Implementing an effective IT Security Program
The purpose of this paper is to take the wide variety of federal government laws, regulations, and guidance combined with industry best practices and define the essential elements of an effective IT security program. An effective program includes many elements and the task seems impossible as you begin reading the literally thousands of pages of security documentation published by the National Institute of Standards and Technology (NIST), the Office of Management and Budget (OMB), the National Security Agency (NSA), and the General Accounting Office (GAO), just to name a few. This paper will highlight important elements in a short, easy to read guide. This paper is not intended to identify every security program element in detail, but should give the reader a good basis on how to implement an effective security program.
Read the Article
|
A Guide to Security Metrics
If increased security funding does indeed become a trend, this will obviously be welcomed by security managers, and it gives reason to hope that greater progress in addressing the threat of security breaches will follow. As with most concerns that achieve high priority status with executives, however, computer security will become a focal point not only for investment, but also scrutiny for return on that investment. Security managers will more than ever before be held accountable for demonstrating effectiveness of their security programs and the value of those programs to the organization. What means will managers use to meet this challenge? Some experts believe that key among these should be security metrics.2 This guide provides a definition of security metrics, explains their value, discusses the difficulties in generating them, and suggests a methodology for building a security metrics program.
Read the Article
|
An Introduction to Security Manual
This manual is an effort to assist law enforcement agencies and other computer crime investigators by providing a resource guide compiled from the vast pool of information on the Internet. This manual is not intended to replace any formal training or education. This manual should be used as a supplemental guide to reference too. It was not my intention to compile this manual to provide a specific solution for investigators. This was intended to provide a general overview, which would assist in helping to developing a solution. This solution does not have to be hardware or software based. Today policy-based protection can also be incorporated into hardware and software systems.
Read the Article
|
Centralized Network Security Management: Combining Defense In Depth with Manageable Security
Centralized network security management is the practice of funneling the vast amount of security-related data from the various sources in the network through a centralized process and personnel. This effort ensures a comprehensive view of the network security status. It promotes good communication and redundancy in analysis. Centralized network security management also provides the capability to have a comprehensive and real time awareness of network security by integrating all of the tools and knowledge base from the implementation of defense in depth practices. With a few careful considerations for data redundancy and archival, centralized network security management can take advantage of the full power and potential for defense in depth and a hardened security posture.
Read the Article
|
Retain control of Security (even in the wake of an IT Outsource)
Outsourcing Information Technology (IT) was once thought to be an exception; now it is considered the norm. Many enterprises would rather move away from the expensive and complex tasks of IT systems management to focus on aspects of the business they are expected to be good at, manage the core business. Enterprises expect that the contracted IT specialist company would have more experience of dealing with the ever-changing IT industry; have the ability to specify more apt solutions for the Enterprise, especially as IT products and platforms becomes more and more complex; and do it more efficiently and cheaper than if the Enterprise did it themselves. Many business-critical applications operate on IT systems that are outsourced, and the security of these systems is often paramount to the successful running of the Enterprise. How can the Enterprise evaluate the security posture of outsourced IT?
Read the Article
|
Achieving Executive Buy-in: The Case For Security
Not everyone thinks about security when they should. But with multi-user environments containing business critical data, security is a must. With all the great technology and the magnitude in which businesses and organizations of all sizes rely on information technology, they must also think clearly about security. In most environments network administrators or dedicated security staff have the responsibility of securing these dynamic infrastructures. That being said, many organizations often put security to the way side of higher priority projects or business objectives. This paper conveys a real world approach to selling security to upper management and creating a foundation to build security upon. In order to have a secure infrastructure one must be persistent and creative in making the executives aware of the necessity of having security processes, procedures and standards in place to prevent the organization from feeling the effects of a security breach.
Read the Article
|
Security Considerations in the Merger / Acquisition Process
Those who work for a firm that acquires other companies or have undergone a merger understand there are a multitude of issues to cover before the deal is done. However, once the deal has been closed, the push to get both businesses connected and integrated can be tremendous. This document will focus on the high-level security issues that if included in the due diligence process, can help facilitate integration of the companies involved. Before determining where security gaps are between the companies involved, an understanding of what the organization being acquired looks like is key, as well as knowing the basic strategy behind the purchase. Once the background and strategy is understood, the types of security concerns will be more easily determined and plans for addressing any gaps can be documented.
Read the Article
|
Distributed Security Management for the Enterprise
Managed security is the next step in the lifecycle of the network security industy. The information flow within an infrastructure today is unmanageable. Information comes from so many different sources and in such large quantities that identifying a potential security risk in real time is near impossible. The focus of this paper is on managed security, specifically one product that has been on the market for almost a year, Spectrum Security Manager. There has not been much mention of products like these in the SANS conferences that I have attended. It would be of great benefit for people in the security industry to know that there are some products that will actually help them with managing the piles of information they are forced to handle. I briefly describe the existing problem in the industry and then discuss the product, it's architecture and how it is implemented.
Read the Article
|
Mistakes People Make that Lead to Security Breaches
Technological holes account for a great number of the successful break-ins, but people do their share, as well. Here are the SANS Institute's lists of silly things people do that enable attackers to succeed.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7
Members currently browsing this category:
|
|
