Shawn Tovey Security Roadmap ppt

33 %
67 %
Information about Shawn Tovey Security Roadmap ppt
News-Reports

Published on September 14, 2007

Author: Naples

Source: authorstream.com

Building a Security Roadmap:  Building a Security Roadmap Introduction:  My Background Company Background Introduction Today’s Discussion:  The Business Problem SB 1386 Typical Internet Transaction Security Touch Points andamp; Risks Security Countermeasures SAS 70 Qandamp;A Today’s Discussion The Business Problem:  Security Breach Identity theft Costs Public Relations High Profile lawsuits The Business Problem Typical Internet Transaction:  Consumer Website – Loan Application Assisted Channel – Loan Officer / Broker Loan Registration andamp; Locking Internet or Intranet Confidential information Social Security # Bank Account #’s Borrower Name andamp; Address Typical Internet Transaction Typical Internet Transaction:  Typical Internet Transaction Internet/ Intranet Loan App Loan Lock Database Product/Pricing/Eligibility Engine Credit Repository Security Touch Points:  Desktop Threats Internet Threats DMZ/Firewall Threats Webserver / Application Server Threats Database Threats 3rd Party Service Providers Security Touch Points Desktop Threats:  Password security Instant Messaging Non –secure connections Email security (inboundandamp;outbound) Wireless connectivity Virus propogation Elevated Application Access Photo Cell Phones Desktop Threats Desktop Countermeasures:  Corporate computing policy's Virus Protection End User License Agreements Patch Management Network computing rules/ Policy servers End user education andamp; training Limit controls/need to know application access Desktop Countermeasures Internet Threats:  Session hijacking Site Spoofing Social Engineering Internet Threats Internet Countermeasures:  HTTPS Leased Lines VPN's IPSec Internet Countermeasures DMZ/Firewall Threats:  Denial of Service Port Scanning Firewall hacking DMZ/Firewall Threats DMZ/Firewall Countermeasures:  Intrusion detection Cisco IDS, scans for known signatures (port scanning, DOS, authentication attempts) Truesecure Penetration Testing Looking for known vulnerabilities Firewall Web servers FTP servers Site Monitoring – System Health, DOS External – Mercury Interactive Internal – Sitescope Monitoring DMZ/Firewall Countermeasures Webserver/Appserver Threats:  Buffer overruns Username/Password Hacking Known vulnerabilities SQL injection Webserver/Appserver Threats Webserver/Appserver Countermeasures:  HTTPS 128 bit Verisign SSL Server Certificates (40 bit is less expensive, also less secure) Secure FTP services (‘Secure FTP’ product name) Identify Management – storing authentication credentials in secure format (SiteMinder, ActiveDirectory, SiteServer, Commerce Server, etc.) Single Signon Application Intrusion Detection Account lockout Policy (ie, 6x, lockout for 3min) IP Blacklisting Web log monitoring Application field level edits Webserver/Appserver Countermeasures Database Server Threats:  Buffer overruns Username/Password Hacking Known vulnerabilities Database Server Threats Database Server Countermeasures:  Store sensitive information encrypted Read Only accounts Remove sensitive information from logs Database Server Countermeasures 3rd Party Service Provider Threats:  Repudiation – being able to prove who requested transaction 3rd Party Service Provider Threats 3rd Party Service Provider Countermeasures:  Client side certificates Private Leased Lines VPN/IPSEC 3rd Party Service Provider Countermeasures SAS 70 Certification:  SAS 70 Overview Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).  A SAS 70 audit or examination is widely recognized, because it represents that a service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes.  In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. SAS No. 70 is the authoritative guidance that allows service organizations to disclose their control activities and processes to their customers and their customers' auditors in a uniform reporting format.  A SAS 70 examination signifies that a service organization has had its control objectives and control activities examined by an independent accounting and auditing firm.  A formal report including the auditor's opinion ('Service Auditor's Report') is issued to the service organization at the conclusion of a SAS 70 examination SAS 70 Certification SAS 70 Certification:  Type I Audit – Independent service auditor's report (i.e. opinion) andamp; description of controls. Type II Audit – Includes a description of the service auditor's tests of operating effectiveness and the results of those tests SAS 70 Certification Q&A:  Qandamp;A

Add a comment

Related presentations

Related pages

ROADMAP PPT DOWNLOAD - melauspartners.com

Tovey security roadmap ppt and power point background ... Processes of a full featured robust shawn tovey security. Powerpoint ppt template we show on map ...
Read more

ROADMAP PPT DOWNLOAD - futuresbeginning.com

Shawn tovey security roadmap ppt template ppt rules of show. ... Seven rules of tovey security roadmap ppt royaltyfree download project roadmap .
Read more

Loot.co.za: Sitemap

9780819170842 0819170844 American Security in an Interdependent World, ... - A Couple's Roadmap, ... Shawn Levy 5027035003498 Man ...
Read more

Article Search - Automotive Industries

Highly Integrated V2X Security Trusted V2X Signing Firmware on ... Standardization Roadmap for U.S. Electric ... Automotive Industries spoke to ...
Read more

ATHLETIC TRAINING EDUCATION PROGRAM SELF-STUDY Cover - Paperzz

ATHLETIC TRAINING EDUCATION PROGRAM SELF-STUDY Cover Sheet Name of ... Advertising Security fo Anatomy Lab Education & Office Supplies Background ...
Read more

Loot.co.za: Sitemap

9786611198657 6611198652 Pension Security in the 21st Century - Redrawing the Public-Private Debate, Gordon L. Clark, Noel Whiteside
Read more

Article Search - Automotive Industries

Read Automotive Industries; 32. 100 Year Library; 33. ... Standardization Roadmap for U.S. Electric Vehicle ... AI caught up with Professor Mike Tovey, ...
Read more