Security Fundamentals

1)Use network security mechanisms (firewalls & ACLs)2)Require credentials (usernames & passwords)3)Encrypt traffic

1)Modifying the appearance of a corporate website2)Intercepting and altering and e-commerce transaction3)Modifying finacial records

1)Send improperly formatted data to create an unhandled exception error2)Flood network with a denial-of-service (DoS) attack

1)Have knowledge of network and available resources2)Some level of access granted b/c of job3)Traditional sec. mechanisms (i.e. IPS and firewalls) are ineffective against

Tend to be more technical (i.e ping sweeps or port scans)

Few or no privacy requirements

Could casue embarrassment but not a security threat

Reasonaable probability of causing damage if disclosed

Reasonalbe probability of casuing serious damage if disclosed

Reasonable probability of causing exceptionally grave damage if disclosed

How valuable the date is to the organization

How old is the data

How long is the data will be considered relevant

How personal the data is

1)Initally determines the classification level2)Routinely reviews documented procedures for classifying data3)Gives the custodian the resoponsibilty of protecting the data

1)Keeps up to date backups2)Verifies the intergrity of backups3)Restores data from backups4)Follows policy guidelines to maintain data

1)Accesses and uses data in accordance with an established security policy2)Takes reasonable measures to protect the data he or she has access to3)Uses data for only organizational purposes

1)Routine security awarness training2)Clearly defined security policies3)Logging config changes4)Properly screening potential employees

1)Security systems2)Physical security barriers3)Climate protection systems4)Security personnel

1)Security appliances (firewalls, IPS, VPN termination)2)Authorizations appliances (RADIUS or TACACS+ servers)