PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd Parties
Download as PPTX, PDF0 likes320 views
The document discusses various risk mitigation strategies. Any change to a system represents a risk, so change management is implemented to evaluate changes and their effects on the system. Periodic reviews of user rights and permissions can also mitigate risk. Security audits should be performed regularly to reduce risks to systems and data. Effective incident management can limit damage from risk events and help prevent recurrences. Properly enforcing policies and procedures can prevent data loss or theft. Data loss prevention systems can further help prevent sensitive data from being lost or stolen.
PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd Parties
- 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certifications PC Hardware Network Administration IT Project Management Network Design User Training IT Troubleshooting Qualifications Summary Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
- 3. Page 3 – The why of taking risks. – Strategies for mitigating risk. PACE-IT.
- 4. Page 4 Risk mitigation strategies.
- 5. Page 5 It seems to be a law of nature, inflexible and inexorable, that those who will not risk cannot win. – John Paul Jones
- 6. Page 6 In the marketplace, there is no reward without taking on the risk of failure. This brings up an interesting quandary. Investors will often reward risk by increasing the value of a company. On the other hand, failure due to risk taking often leads to changes in management. Management will often take on risk to gain the rewards, while, at the same time, implementing strategies to mitigate the amount of risk that it is willing to assume. Risk mitigation strategies.
- 7. Page 7 Risk mitigation strategies.
- 8. Page 8 – Change management (CM). » All change represents a risk to systems—a small change in one system may have a ripple effect that multiplies through the whole system. • CM is implemented in order to evaluate changes for their effects on the system as a whole. • CM allows for changes to occur, while, at the same time, mitigating the risks associated with those changes. – Review of user rights and user permissions. » Users must be granted rights and permissions in order to function in their positions. These rights and permissions may, in fact, represent a security risk. • Periodic reviews should be conducted on user rights and permissions to ensure that the principle of least privilege is being followed—thus mitigating risk. • Periodic reviews should be conducted on user rights and permissions to ensure that unnecessary user accounts are removed from the system—also mitigating risk. Risk mitigation strategies.
- 9. Page 9 – Perform routine audits. » Audits (reviews) of systems should be conducted on a regular basis in order to reduce risks. • Security audits can be conducted on many different systems to evaluate different aspects of risk, including system configurations and vulnerability assessments. – Incident management. » A type of after-the-fact mitigation technique. • After a security incident has occurred, effective incident management can help to contain the damage. • After a security incident has occurred, effective incident management can help to prevent it from occurring again. – Enforcing policies and procedures. » Effective policies and procedures can reduce the chances of a risk event from ever taking place. • Proper enforcement of policies and procedures can help to prevent the loss or theft of data. Risk mitigation strategies.
- 10. Page 10 Data loss prevention (DLP) systems can be implemented as a type of technology control to mitigate the risk of loss or theft of data. DLP systems can be a software application or network appliance. They are designed to analyze information traversing the network to help ensure that sensitive data remains contained inside the established safe boundaries. DLP systems can monitor network links and review what is being transmitted through protocols associated with instant messaging, email, FTP, HTTP, etc. DLP systems may also be configured to scan storage systems to help ensure that data is being stored in the proper locations. Risk mitigation strategies.
- 11. Page 11 Risk mitigation strategies. John Paul Jones once said, “It seems to be a law of nature, inflexible and inexorable, that those who will not risk cannot win.” There is no reward in the marketplace without taking risks. Investors reward risk, while, at the same time, punishing failure. Management often takes on risk, while, at the same time, implementing strategies to mitigate risk and the effects of risk. Topic The why of taking risks. Summary Any change in a system represents a risk. CM is a mitigation strategy to reduce the risks associated with changes to systems. Periodic reviews of users rights and privileges can also mitigate risk. Security audits should be performed to reduce risks to systems and data. Effective incident management can restrict the damage that a risk event causes and help to prevent that event from occurring again. Properly enforcing policies and procedures can help to prevent the loss or theft of data. DLP systems can also be put in place to help prevent the loss or theft of sensitive data. Strategies for mitigating risk.
- 13. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.