SlideShare a Scribd company logo

IT Security and Management - Prelim Lessons by Mark John Lado

Download as PPTX, PDF
Mark John Lado, MIT, profile picture
Mark John Lado, MIT

The document covers essential topics in IT security management including access control, asset management, and business continuity. It defines various types of access control mechanisms, explains the importance of asset management in optimizing IT resources, and outlines the steps for developing an effective business continuity plan. Additionally, it highlights strategies for mitigating risks and maintaining operational resilience in the face of potential disruptions.

Education
Related topics:
Access Control OverviewAsset Management Insights Business Continuity Information Security
1 of 134
Downloaded 15 times
1
2
Most read
3
Most read
4
5
6
Most read
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
ACCESS CONTROL ASSET MANAGEMENT BUSINESS CONTINUITY IT SECURITY AND MANAGEMENT BSIS 2 SECURITY POLICIES
At the end of the first chapter, learners will be able to; 1. Know about access control. 2. Differentiate the physical and logical access control. 3. Engage with different examples of access control. 4. Apply the role of access control in their future projects. LESSON OBJECTIVES
Access control. Physical and logical access control. Examples of access control. Role of access control in their future projects. LEARNING TOPICS
IT Security and Management - Prelim Lessons by Mark John Lado
1. What is the main purpose of access control? 2. Why is access control important? LEARNING ACTIVITY
A security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization. ACCESS CONTROL
ACCESS CONTROL
To secure a facility, organizations use electronic access control systems that rely on user credentials, accesss card reader, auditing and reports track employee access to restricted business locations and proprietary areas, such as data centers. ACCESS CONTROL
ACCESS CONTROL
Protecting a corporate using biometric authentication system. Use biometric access system instead of passwords for access to offices. ACCESS CONTROL
Use 3D face recognition instead of passwords for access to corporate. ACCESS CONTROL
1. Physical Access Control - limits access to campuses, buildings, rooms and physical IT assets. 2. Logical Access Control - limits connections to computer networks, system files and data. TWO TYPES OF ACCESS CONTROL
TWO TYPES OF ACCESS CONTROL Physical Access Control
TWO TYPES OF ACCESS CONTROL Logical Access Control
1.Discretionary Access Control 2.Mandatory Access Control 3.Role-based Access Control EXAMPLES OF ACCESS CONTROL SYSTEM
In a system, every object has an owner. With DAC, access control is determined by the owner of the object who decides who will have access and what privileges they will have. Permission management in DAC can be very difficult to maintain. Discretionary Access Control
Discretionary Access Control
Access policy is determined by the system and is implemented by sensitivity labels, which are assigned to each subject and object. A subject's label specifies its level of trust, and an object's label specifies the level of trust that is required to access it. Mandatory Access Control
Mandatory Access Control MAC is a pre-defined set of capabilities and access to information. (who can share what to who)
User works in a company and company decides how data should be shared. Example. “Hospital owns patient records and limits their sharing.” Mandatory Access Control
Access policy is determined by the system. Where with MAC access is based on subject trust or clearance, with RBAC access is based on the role of the subject. A subject can access an object or execute a function only if their set of permissions —or role— allows it. Role-based Access Control
Role-based Access Control Access rights are associated with roles.
1.Rule-based Access Control 2.Attribute-based Access Control TWO TYPES OF ROLE-BASED ACCESS CONTROL
A security model in which the system administrator defines the rules that to govern access to resource objects. Often these rules are based on conditions, such as time of day, position or the location site. RULE-BASED ACCESS CONTROL
RULE-BASED ACCESS CONTROL
A methodology that manages access rights by evaluating a set of rules, policies and relationships using the attributes of users, systems and environmental conditions. ATTRIBUTE-BASED ACCESS CONTROL
RBAC and ABAC are two types of access control methods. The main difference between RBAC and ABAC is that the RBAC provides access rights depending on the user roles while the ABAC provides access rights considering user, resource, and environment attributes. RBAC AND ABAC
To minimize the risk of unauthorized access to physical and logical systems. Access control is a fundamental component of security compliance programs that ensures security technology and access control policies are in place to protect confidential information, such as customer data. THE GOAL OF ACCESS CONTROL
QUESTIONS?
Why we need to be secure? What is data privacy? WRAPPING UP..!
1. How would you prevent spam? 2. How would you fight unauthorized access? 3. How could you keep your data secured? 4. How could you maintain confidentiality? ½ CROSS WISE CLEAN PAPER
ASSET MANAGEMENT IT SECURITY AND MANAGEMENT BSIS 2 SECURITY POLICIES
ASSET MANAGEMENT
At the end of the second chapter, learners will be able to; 1. Recognize about asset management. 2. Distinguish the three goals of an asset management program. 3. Engage with different types of IT asset Management. LESSON OBJECTIVES
Asset management. The three goals of an asset management program. Different types of it asset management. LEARNING TOPIC
Oral 1. What is an asset? LEARNING ACTIVITY
Oral 2. How would you manage your assets? LEARNING ACTIVITY
Oral 3. How would you secure your assets? LEARNING ACTIVITY
Oral 4. What is information technology asset management LEARNING ACTIVITY
IT asset management (information technology asset management, or ITAM) is a set of business practices that combines financial, inventory and contractual functions to optimize spending and support lifecycle management and strategic decision-making within the IT environment . ASSET MANAGEMENT
ITAM is about more than creating an asset inventory. It's about continually using the captured asset data to maximize returns, minimize risk and drive increased business value. WHY ITAM IS IMPORTANT?
By avoiding unnecessary asset purchases and making the best use of current resources, IT asset managers can cut software licensing and support costs, eliminate waste and improve efficiency. WHY ITAM IS IMPORTANT?
ITAM also helps increase the company-wide understanding of IT's business value, improves communications and understanding between IT and other departments, enforces compliance with cyber-security policies and regulatory requirements, improves productivity through technology support, and limits overhead costs of managing the IT environment. WHY ITAM IS IMPORTANT?
IT ASSET LIFECYCLE MANAGEMENT
3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
1. PLAN AND ORGANIZE YOUR DEVICES 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
1. PLAN AND ORGANIZE YOUR DEVICES Setup your asset management tools to reflect your organization’s plan. Consider all of your devices no matter whether they are on or off your corporate network. Then, document the purpose of each device. Also, document the expected lifespan of each device including the refresh cycles, lease date or end of life warranty. 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
2. KEEP DEVICES VISIBLE AND HEALTHY 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
2. KEEP DEVICES VISIBLE AND HEALTHY Developing and implementing your IT asset management plan ensures that you have a living baseline to measure your population against. With this knowledge, you can effectively monitor your devices’ performance, health, and risk exposure, and make informed decisions about changes to your environment. 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
3. RETIRE DEVICES 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
3. RETIRE DEVICES To have an effective IT asset management plan and a capable information security practice, you need to trust your data and ensure that the devices important to you are monitored and protected. This means that your devices need a retirement plan. 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
3. RETIRE DEVICES Establishing a process for your devices’ end of life from the time they first enter your environment means that your devices are collected, secured, sanitized, and removed from your environment when the time comes. 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
3. RETIRE DEVICES It also means that the information you rely on to make critical information security and IT operations decisions is accurate and the alerts you receive when something unexpected happens are real. 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
What are the types of IT asset Management? IT ASSET MANAGEMENT
1. SOFTWARE IT ASSET MANAGEMENT
1. SOFTWARE Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization. IT ASSET MANAGEMENT
2. HARDWARE IT ASSET MANAGEMENT
2. HARDWARE Hardware asset management (HAM) is the process of managing the physical components of computers, computer networks and systems. This begins with acquisition and continues through maintenance until the hardware's ultimate disposal. IT ASSET MANAGEMENT
3. MOBILE DEVICES IT ASSET MANAGEMENT
3. MOBILE DEVICES Mobile devices should certainly be treated as an asset; therefore it falls under the ITAM remit. Mobile devices should be treated like any other asset; it needs constant monitoring and management throughout its lifecycle. IT ASSET MANAGEMENT
3. MOBILE DEVICES The challenge with mobile devices however is the fact that they are mobile. They can be moved from location to location a lot easier than a desktop, and some are small enough to get lost. IT ASSET MANAGEMENT
4. CLOUD DATABASE IT ASSET MANAGEMENT
4. CLOUD DATABASE IT ASSET MANAGEMENT
4. CLOUD DATABASE Cloud asset management (CAM) is a component of cloud management services focused exclusively on the management of a business’s physical cloud environment, such as the products or services they use. IT ASSET MANAGEMENT
4. CLOUD DATABASE Put simply, CAM keeps track of every aspect of your cloud estate, managing the maintenance, compliance, upgrading, and disposal of cloud assets. IT ASSET MANAGEMENT
What does an IT asset manager do? WRAPPING UP!
The IT Asset Manager is responsible for the daily and long-term strategic management of software and technology-related hardware within the organization. This includes planning, monitoring, and recording software license and/or hardware assets to ensure compliance with vendor contracts. WHAT DOES AN IT ASSET MANAGER DO?
Why is IT asset management important? WRAPPING UP!
Asset management is important because it helps a company monitor and manage their assets using a systemized approach. Managed effectively, the benefits include improvements to productivity and efficiency which places a business in a better position to increase their return on investment. WHY IS IT ASSET MANAGEMENT IMPORTANT?
Why is an asset? WRAPPING UP!
An asset is anything of value or a resource of value that can be converted into cash. Individuals, companies, and governments own assets. WRAPPING UP!
QUESTIONS?
½ CROSS WISE CLEAN PAPER
1.Give a dialog about asset management. 2. Distinguish and discuss the three goals of an asset management program. 3. Give the different types of IT asset Management and write a brief dialog. ½ CROSS WISE CLEAN PAPER
BUSINESS CONTINUITY IT SECURITY AND MANAGEMENT BSIS 2 SECURITY POLICIES
At the end of the third chapter, learners will be able to; 1. Elaborate about business continuity. 2. Engage with the types of business continuity. 3. Know about the steps for building and executing of business continuity. 4. Familiarize the business continuity strategy. LEARNING OBJECTIVES
Introduction to Business Continuity Types of Business Continuity Steps for Building and Executing of Business Continuity Business Continuity Strategy LEARNING TOPICS
What is Business? LEARNING ACTIVITY
What is Business Continuity? LEARNING ACTIVITY
How to maintain the good performance of the business? LEARNING ACTIVITY
How to prevent your business from risks? LEARNING ACTIVITY
BUSINESS CONTINUITY
Business continuity is an organization’s ability to ensure operations and core business functions are not severely impacted by a disaster or unplanned incident that take critical systems offline. BUSINESS CONTINUITY
BUSINESS CONTINUITY
BUSINESS CONTINUITY
A variety of events cause digital business disruptions. Just because you’re not at risk of one particular cataclysmic disaster doesn’t mean many other incidents can’t take you offline: TYPES OF BUSINESS CONTINUITY
1. Disasters: Natural and Local TYPES OF BUSINESS CONTINUITY
1. Disasters: Natural and Local Data loss and system failure can obviously be caused by natural disasters such as floods, earthquakes and fires, but even a simple electronic malfunction could destroy valuable information. When it comes to data, putting all your eggs in one basket is a perilous risk. TYPES OF BUSINESS CONTINUITY
2. Network Disruptions TYPES OF BUSINESS CONTINUITY
2. Network Disruptions Third party internet networks can fail. Fiber can get cut. Your in-house local area network can be disabled. If your business needs continuous connectivity, make sure network availability is a top priority. TYPES OF BUSINESS CONTINUITY
3. Cyber security TYPES OF BUSINESS CONTINUITY
3. Cyber security The prevalence of cyber security threats are a global phenomenon that no business, large or small, can ignore. New threats such as Ransom ware are predicted to be on the rise. Backing up your data with high frequency is crucial to ensuring such attacks don’t bring your business down plan against data breach is paramount. TYPES OF BUSINESS CONTINUITY
4. Human error TYPES OF BUSINESS CONTINUITY
4. Human error Vulnerability points are often located right in the cubicle next to you. Employees or vendors can cause outages simply out of ignorance, due to innocent mistakes, or even as a result of ill intent. TYPES OF BUSINESS CONTINUITY
Steps for Building And Executing Your Business Continuity Plan BUSINESS CONTINUITY
If your business is behind in disaster planning, you don’t have to catch up alone. Whether taking on business continuity planning alone or with a third party, follow these three steps to start protecting your company from unplanned downtime. STEPS FOR BUILDING AND EXECUTING YOUR BUSINESS CONTINUITY PLAN
Step 1: Perform a Business Impact Analysis STEPS FOR BUILDING AND EXECUTING YOUR BUSINESS CONTINUITY PLAN
A business impact analysis defines what data your company cannot live without and the amount of downtime acceptable in a given period of time. PERFORM A BUSINESS IMPACT ANALYSIS
Finding a hosting provider that promises 100% uptime will help with this, but you’ll also need to determine two important numbers key to disaster recovery: Recovery Time Objective Recovery Point Objective PERFORM A BUSINESS IMPACT ANALYSIS
The Recovery Time Objective (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity. RECOVERY TIME OBJECTIVE
The recovery point objective (RPO) is the age of files that must be recovered from backup storage for normal operations to resume if a computer, system, or network goes down as a result of a hardware, program, or communications failure. RECOVERY POINT OBJECTIVE
Step 2: Perform a Risk Assessment STEPS FOR BUILDING AND EXECUTING YOUR BUSINESS CONTINUITY PLAN
This step is critical if you manage your own infrastructure. Risk assessments are all about identifying potential points of failure. PERFORM A RISK ASSESSMENT.
For example, if you have your data stored in only one location and the location dies, you will lose your data. If a hosting provider is in charge of your servers and data within a data center, ideally you will have everything stored and replicated in more than one location. PERFORM A RISK ASSESSMENT.
Step 3: Manage Your Risks STEPS FOR BUILDING AND EXECUTING YOUR BUSINESS CONTINUITY PLAN
Once you’ve assessed the risks, you must manage them — whether your data and infrastructure lives in house, with a hosting provider, or a combination of both. MANAGE YOUR RISKS
Regularly backup your data offsite as specified by your business continuity plan and go a step beyond by adding redundant, offsite infrastructure to your network to ensure 100 percent uptime. MANAGE YOUR RISKS
6 STRATEGIES OF BUSINESS CONTINUITY
1. Personalized File Backups 6 STRATEGIES OF BUSINESS CONTINUITY
Server-level backups are an important component of any company’s business continuity strategy. Whether your files are stored 100% in the cloud or your company embraces a hybrid cloud and on-site server strategy, 1. PERSONALIZED FILE BACKUPS
most companies are regularly backing up information like client data, financial information and other critical information. Often, physical versions of your most important files are kept at another location. 1. PERSONALIZED FILE BACKUPS
2. Email Continuity Solutions 6 STRATEGIES OF BUSINESS CONTINUITY
Email Continuity acts as a backup email system that can temporarily take the place of your mail server when it goes down. There are many reasons that an email system might go temporarily offline. Email Continuity allows you to continue receiving and sending emails using your normal email address. 2. EMAIL CONTINUITY SOLUTIONS
3. Cross-Device Continuity Solutions 6 STRATEGIES OF BUSINESS CONTINUITY
Whether you’re facing a server outage or a physical issue like a major storm, downtime can have critical consequences for your business. Employee communications get cut off, critical systems aren’t processing transactions and customers see that your website is offline. 3. CROSS-DEVICE CONTINUITY SOLUTIONS
An important tactical part of any small or mid-sized business continuity plan is thinking about cross-device continuity solutions. One set of devices that is probably still working is your employees’ mobile devices. 3. CROSS-DEVICE CONTINUITY SOLUTIONS
4. Collaboration and Communication Software 6 STRATEGIES OF BUSINESS CONTINUITY
In order to access communications from any device no matter where they are, companies of all sizes are increasingly relying on unified messaging approach, which means integrating all texts, emails, faxes etc. onto a single interface. 4. COLLABORATION AND COMMUNICATION SOFTWARE
Whether you’ve got in-house teams on opposite coasts or contractors on a different continent, the right tools enable efficient collaboration and communication. 4. COLLABORATION AND COMMUNICATION SOFTWARE
5. Allocating Your Technology Budget and Resources 6 STRATEGIES OF BUSINESS CONTINUITY
Add a line item for business continuity to your IT budget. Companies typically spend between 4 and 6% of their budgets on IT. Whether it’s investing in the right systems or ensuring you have the on-demand IT talent needed for fast responses, every company needs funds set aside for business continuity and disaster response. 5. ALLOCATING YOUR TECHNOLOGY BUDGET AND RESOURCES
Yet it’s critical to realize that the most complex and efficient plans are useless without the resources to execute. 5. ALLOCATING YOUR TECHNOLOGY BUDGET AND RESOURCES
6. Empowering Staff 6 STRATEGIES OF BUSINESS CONTINUITY
It’s important to empower employees to take action in the case of a disaster. For example, by having clear decision rights outlined in your recovery plan, you’re enabling your team to take action and more quickly resolve any issues. 6. EMPOWERING STAFF
When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential. BUSINESS CONTINUITY
How to prevent your business from risks? WRAPPING UP!
Give a dialog about business continuity. WRAPPING UP!
Cite the types of business continuity. WRAPPING UP!
Enumerate the steps for building and executing of business continuity. WRAPPING UP!
Give the 6 business continuity strategy. WRAPPING UP!
QUESTIONS?
½ CROSS WISE CLEAN PAPER
1. Give a dialog about business continuity. 2. Cite the types of business continuity. 3. Enumerate the steps for building and executing of business continuity. 4. Give the 6 business continuity strategy. ½ CROSS WISE CLEAN PAPER
You learned about; 1.ACCESS CONTROL 2.ASSET MANAGEMENT 3.BUSINESS CONTINUITY END OF THE TERM

More Related Content

PPT
Computer Pioneers
Florizel Vargas
 
PPT
Education and the Internet of Things
Leo Gaggl
 
PPTX
Introduction to Internet of Things (IoT)
Amarjeetsingh Thakur
 
PPTX
Computer history timeline
Udara Sandaruwan
 
PDF
Makalah prakerin Merakit pc dan instalasi windows xp dan windows 7
handrian123
 
PDF
Machine Learning-Unit1Machine Learning-Machine Learning-.pdf
SsdSsd5
 
PPT
Computer generations (1950–present)
AJAL A J
 
PPTX
History of computer
shahab zebari
 
Computer Pioneers
Florizel Vargas
 
Education and the Internet of Things
Leo Gaggl
 
Introduction to Internet of Things (IoT)
Amarjeetsingh Thakur
 
Computer history timeline
Udara Sandaruwan
 
Makalah prakerin Merakit pc dan instalasi windows xp dan windows 7
handrian123
 
Machine Learning-Unit1Machine Learning-Machine Learning-.pdf
SsdSsd5
 
Computer generations (1950–present)
AJAL A J
 
History of computer
shahab zebari
 

What's hot (20)

PPTX
The future of mobile computing
Rashid Shahariar
 
PPTX
Computer Education Curriculum in Nursery and Primary School
Onasanya2014
 
PPT
A brief history of computers
Vivaldo Jose Breternitz
 
PPTX
ICT in schools presentation
Lisa
 
PDF
ML
Arumugam90
 
PDF
How to Install ESP8266 WiFi Web Server using Arduino IDE
Naoto MATSUMOTO
 
PDF
Teknologi Jaringan Berbasis Luas (WAN)
seolangit
 
DOC
Application Of Computers To Society
LUZ PINGOL
 
PDF
Internet of Things(IOT)_Seminar_Dr.G.Rajeshkumar
RAJESHKUMARG12
 
DOC
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT 1)
Muhammad Zaini
 
PPTX
Tugas instalasi debian
Qory Oktary
 
PPTX
Mobile computing
Udara Seneviratne
 
PPTX
The evolution of pervasive computing towards a Web of Things
Andreas Kamilaris
 
PPT
Usage of ict in daily life
Tina Lokman
 
PPTX
Introduction to ict
Maricrs Alfarö
 
PPTX
Konsep Routing - v2.pptx
HasobrBlank
 
PDF
Modern Trends in Engineering, Science and Technology
Dr. Sanjay Shitole
 
PPTX
Application of information technology in everyday life
Esteem Learning Centre
 
PPTX
Computer advancement and History
Syed Taimoor Hussain Shah
 
PPTX
COMUTER PPT.pptx
VanshuMugvana
 
The future of mobile computing
Rashid Shahariar
 
Computer Education Curriculum in Nursery and Primary School
Onasanya2014
 
A brief history of computers
Vivaldo Jose Breternitz
 
ICT in schools presentation
Lisa
 
ML
Arumugam90
 
How to Install ESP8266 WiFi Web Server using Arduino IDE
Naoto MATSUMOTO
 
Teknologi Jaringan Berbasis Luas (WAN)
seolangit
 
Application Of Computers To Society
LUZ PINGOL
 
Internet of Things(IOT)_Seminar_Dr.G.Rajeshkumar
RAJESHKUMARG12
 
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT 1)
Muhammad Zaini
 
Tugas instalasi debian
Qory Oktary
 
Mobile computing
Udara Seneviratne
 
The evolution of pervasive computing towards a Web of Things
Andreas Kamilaris
 
Usage of ict in daily life
Tina Lokman
 
Introduction to ict
Maricrs Alfarö
 
Konsep Routing - v2.pptx
HasobrBlank
 
Modern Trends in Engineering, Science and Technology
Dr. Sanjay Shitole
 
Application of information technology in everyday life
Esteem Learning Centre
 
Computer advancement and History
Syed Taimoor Hussain Shah
 
COMUTER PPT.pptx
VanshuMugvana
 
Ad

Similar to IT Security and Management - Prelim Lessons by Mark John Lado (20)

DOCX
Comprehensive Analysis of Contemporary Information Security Challenges
sidraasif9090
 
DOCX
Essay QuestionsAnswer all questions below in a single document, pr.docx
jenkinsmandie
 
PPTX
Access Control and Maintenance.pptx
Kinetic Potential
 
PPTX
Privileged Access Management (PAM) Compliance in IT Security
Bert Blevins
 
PDF
7 Practices To Safeguard Your Business From Security Breaches!
Caroline Johnson
 
PDF
Cybersecurity_Security_architecture_2023.pdf
abacusgtuc
 
DOCX
11What is Security 1.1 Introduction The central role of co.docx
moggdede
 
PPTX
gkkSecurity essentials domain 1
Anne Starr
 
PPTX
Cybertopic_1security
Anne Starr
 
PDF
Stop the Evil, Protect the Endpoint
BeyondTrust
 
PDF
The Ultimate Guide to Access Control Systems_ Enhancing Security and Efficien...
honeycombdigital123
 
PPTX
)k
Anne Starr
 
PPTX
Optimizing Desktop Management with Privileged Access Management (PAM)
Bert Blevins
 
PPT
Bis Chapter15
Chun Hoi Lam
 
PPTX
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
hamzaalkhairi802
 
PPTX
Funda mental of information CHAPTER TWO.pptx
jamsibro140
 
PDF
Audit Controls Paper
Jennifer Lopez
 
PDF
Remote Access Policy Is A Normal Thing
Karen Oliver
 
PPTX
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 
DOCX
Enterprise Se.docx
gertrudebellgrove
 
Comprehensive Analysis of Contemporary Information Security Challenges
sidraasif9090
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
jenkinsmandie
 
Access Control and Maintenance.pptx
Kinetic Potential
 
Privileged Access Management (PAM) Compliance in IT Security
Bert Blevins
 
7 Practices To Safeguard Your Business From Security Breaches!
Caroline Johnson
 
Cybersecurity_Security_architecture_2023.pdf
abacusgtuc
 
11What is Security 1.1 Introduction The central role of co.docx
moggdede
 
gkkSecurity essentials domain 1
Anne Starr
 
Cybertopic_1security
Anne Starr
 
Stop the Evil, Protect the Endpoint
BeyondTrust
 
The Ultimate Guide to Access Control Systems_ Enhancing Security and Efficien...
honeycombdigital123
 
)k
Anne Starr
 
Optimizing Desktop Management with Privileged Access Management (PAM)
Bert Blevins
 
Bis Chapter15
Chun Hoi Lam
 
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
hamzaalkhairi802
 
Funda mental of information CHAPTER TWO.pptx
jamsibro140
 
Audit Controls Paper
Jennifer Lopez
 
Remote Access Policy Is A Normal Thing
Karen Oliver
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 
Enterprise Se.docx
gertrudebellgrove
 
Ad

More from Mark John Lado, MIT (20)

PDF
Exploring Parts of Speech, Creating Strong Objectives, and Choosing the Right...
Mark John Lado, MIT
 
PDF
Optimizing Embedded System Device Communication with Network Topology Design
Mark John Lado, MIT
 
PDF
Embedded Systems IO Peripherals Wireless Communication.pdf
Mark John Lado, MIT
 
PDF
Implementing the 6S Lean Methodology for Streamlined Computer System Maintena...
Mark John Lado, MIT
 
PDF
ISO IEC 25010 2011 Systems and Software Quality Requirements and Evaluation S...
Mark John Lado, MIT
 
PDF
4 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
PDF
3 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
PDF
1 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
PDF
2 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
PPSX
PART 1 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
PPSX
PART 2 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
PPSX
PART 3 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
PPSX
Dart Programming Language by Mark John Lado
Mark John Lado, MIT
 
PPTX
What is CRUD in TPS?
Mark John Lado, MIT
 
PPSX
Computer hacking and security - Social Responsibility of IT Professional by M...
Mark John Lado, MIT
 
PDF
A WIRELESS DIGITAL PUBLIC ADDRESS WITH VOICE ALARM AND TEXT-TO-SPEECH FEATURE...
Mark John Lado, MIT
 
PPTX
IT Security and Management - Semi Finals by Mark John Lado
Mark John Lado, MIT
 
PPTX
IT Security and Management - Security Policies
Mark John Lado, MIT
 
PPTX
Systems Administration - MARK JOHN LADO
Mark John Lado, MIT
 
PPTX
Introduction to Networks and Programming Language
Mark John Lado, MIT
 
Exploring Parts of Speech, Creating Strong Objectives, and Choosing the Right...
Mark John Lado, MIT
 
Optimizing Embedded System Device Communication with Network Topology Design
Mark John Lado, MIT
 
Embedded Systems IO Peripherals Wireless Communication.pdf
Mark John Lado, MIT
 
Implementing the 6S Lean Methodology for Streamlined Computer System Maintena...
Mark John Lado, MIT
 
ISO IEC 25010 2011 Systems and Software Quality Requirements and Evaluation S...
Mark John Lado, MIT
 
4 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
3 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
1 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
2 Module - Operating Systems Configuration and Use by Mark John Lado
Mark John Lado, MIT
 
PART 1 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
PART 2 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
PART 3 CT-318-Microprocessor-Systems Lesson 3 - LED Display by Mark John Lado...
Mark John Lado, MIT
 
Dart Programming Language by Mark John Lado
Mark John Lado, MIT
 
What is CRUD in TPS?
Mark John Lado, MIT
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Mark John Lado, MIT
 
A WIRELESS DIGITAL PUBLIC ADDRESS WITH VOICE ALARM AND TEXT-TO-SPEECH FEATURE...
Mark John Lado, MIT
 
IT Security and Management - Semi Finals by Mark John Lado
Mark John Lado, MIT
 
IT Security and Management - Security Policies
Mark John Lado, MIT
 
Systems Administration - MARK JOHN LADO
Mark John Lado, MIT
 
Introduction to Networks and Programming Language
Mark John Lado, MIT
 

Recently uploaded (20)

PPTX
Share_Module_2_Power_conflict_and_negotiation.pptx
Lavanyaj33
 
PDF
FOISHS ANNUAL IMPLEMENTATION PLAN 2025.pdf
EllenJoyCaniya2
 
PDF
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
PPTX
Virtual and Augmented Reality in Current Scenario
Shruti Dalela
 
PDF
Indian roads congress 037 - 2012 Flexible pavement
offersjackpot
 
PDF
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
PDF
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
PDF
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
PDF
FORM 1 BIOLOGY MIND MAPS and their schemes
arcade5
 
PPTX
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PDF
David L Page_DCI Research Study Journey_how Methodology can inform one's prac...
David L Page
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PPTX
Introduction to Building Materials
Mrunali Vasava
 
PDF
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
PDF
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
PPTX
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
PDF
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
PDF
HVAC Specification 2024 according to central public works department
amitrobanipl
 
PPTX
20th Century Theater, Methods, History.pptx
cpadilla9
 
Share_Module_2_Power_conflict_and_negotiation.pptx
Lavanyaj33
 
FOISHS ANNUAL IMPLEMENTATION PLAN 2025.pdf
EllenJoyCaniya2
 
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
Virtual and Augmented Reality in Current Scenario
Shruti Dalela
 
Indian roads congress 037 - 2012 Flexible pavement
offersjackpot
 
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
FORM 1 BIOLOGY MIND MAPS and their schemes
arcade5
 
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
David L Page_DCI Research Study Journey_how Methodology can inform one's prac...
David L Page
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
Introduction to Building Materials
Mrunali Vasava
 
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
HVAC Specification 2024 according to central public works department
amitrobanipl
 
20th Century Theater, Methods, History.pptx
cpadilla9
 

IT Security and Management - Prelim Lessons by Mark John Lado

  • 1. ACCESS CONTROL ASSET MANAGEMENT BUSINESS CONTINUITY IT SECURITY AND MANAGEMENT BSIS 2 SECURITY POLICIES
  • 2. At the end of the first chapter, learners will be able to; 1. Know about access control. 2. Differentiate the physical and logical access control. 3. Engage with different examples of access control. 4. Apply the role of access control in their future projects. LESSON OBJECTIVES
  • 3. Access control. Physical and logical access control. Examples of access control. Role of access control in their future projects. LEARNING TOPICS
  • 5. 1. What is the main purpose of access control? 2. Why is access control important? LEARNING ACTIVITY
  • 6. A security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization. ACCESS CONTROL
  • 8. To secure a facility, organizations use electronic access control systems that rely on user credentials, accesss card reader, auditing and reports track employee access to restricted business locations and proprietary areas, such as data centers. ACCESS CONTROL
  • 10. Protecting a corporate using biometric authentication system. Use biometric access system instead of passwords for access to offices. ACCESS CONTROL
  • 11. Use 3D face recognition instead of passwords for access to corporate. ACCESS CONTROL
  • 12. 1. Physical Access Control - limits access to campuses, buildings, rooms and physical IT assets. 2. Logical Access Control - limits connections to computer networks, system files and data. TWO TYPES OF ACCESS CONTROL
  • 13. TWO TYPES OF ACCESS CONTROL Physical Access Control
  • 14. TWO TYPES OF ACCESS CONTROL Logical Access Control
  • 15. 1.Discretionary Access Control 2.Mandatory Access Control 3.Role-based Access Control EXAMPLES OF ACCESS CONTROL SYSTEM
  • 16. In a system, every object has an owner. With DAC, access control is determined by the owner of the object who decides who will have access and what privileges they will have. Permission management in DAC can be very difficult to maintain. Discretionary Access Control
  • 18. Access policy is determined by the system and is implemented by sensitivity labels, which are assigned to each subject and object. A subject's label specifies its level of trust, and an object's label specifies the level of trust that is required to access it. Mandatory Access Control
  • 19. Mandatory Access Control MAC is a pre-defined set of capabilities and access to information. (who can share what to who)
  • 20. User works in a company and company decides how data should be shared. Example. “Hospital owns patient records and limits their sharing.” Mandatory Access Control
  • 21. Access policy is determined by the system. Where with MAC access is based on subject trust or clearance, with RBAC access is based on the role of the subject. A subject can access an object or execute a function only if their set of permissions —or role— allows it. Role-based Access Control
  • 22. Role-based Access Control Access rights are associated with roles.
  • 23. 1.Rule-based Access Control 2.Attribute-based Access Control TWO TYPES OF ROLE-BASED ACCESS CONTROL
  • 24. A security model in which the system administrator defines the rules that to govern access to resource objects. Often these rules are based on conditions, such as time of day, position or the location site. RULE-BASED ACCESS CONTROL
  • 26. A methodology that manages access rights by evaluating a set of rules, policies and relationships using the attributes of users, systems and environmental conditions. ATTRIBUTE-BASED ACCESS CONTROL
  • 27. RBAC and ABAC are two types of access control methods. The main difference between RBAC and ABAC is that the RBAC provides access rights depending on the user roles while the ABAC provides access rights considering user, resource, and environment attributes. RBAC AND ABAC
  • 28. To minimize the risk of unauthorized access to physical and logical systems. Access control is a fundamental component of security compliance programs that ensures security technology and access control policies are in place to protect confidential information, such as customer data. THE GOAL OF ACCESS CONTROL
  • 30. Why we need to be secure? What is data privacy? WRAPPING UP..!
  • 31. 1. How would you prevent spam? 2. How would you fight unauthorized access? 3. How could you keep your data secured? 4. How could you maintain confidentiality? ½ CROSS WISE CLEAN PAPER
  • 32. ASSET MANAGEMENT IT SECURITY AND MANAGEMENT BSIS 2 SECURITY POLICIES
  • 34. At the end of the second chapter, learners will be able to; 1. Recognize about asset management. 2. Distinguish the three goals of an asset management program. 3. Engage with different types of IT asset Management. LESSON OBJECTIVES
  • 35. Asset management. The three goals of an asset management program. Different types of it asset management. LEARNING TOPIC
  • 36. Oral 1. What is an asset? LEARNING ACTIVITY
  • 37. Oral 2. How would you manage your assets? LEARNING ACTIVITY
  • 38. Oral 3. How would you secure your assets? LEARNING ACTIVITY
  • 39. Oral 4. What is information technology asset management LEARNING ACTIVITY
  • 40. IT asset management (information technology asset management, or ITAM) is a set of business practices that combines financial, inventory and contractual functions to optimize spending and support lifecycle management and strategic decision-making within the IT environment . ASSET MANAGEMENT
  • 41. ITAM is about more than creating an asset inventory. It's about continually using the captured asset data to maximize returns, minimize risk and drive increased business value. WHY ITAM IS IMPORTANT?
  • 42. By avoiding unnecessary asset purchases and making the best use of current resources, IT asset managers can cut software licensing and support costs, eliminate waste and improve efficiency. WHY ITAM IS IMPORTANT?
  • 43. ITAM also helps increase the company-wide understanding of IT's business value, improves communications and understanding between IT and other departments, enforces compliance with cyber-security policies and regulatory requirements, improves productivity through technology support, and limits overhead costs of managing the IT environment. WHY ITAM IS IMPORTANT?
  • 44. IT ASSET LIFECYCLE MANAGEMENT
  • 45. 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
  • 46. 1. PLAN AND ORGANIZE YOUR DEVICES 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
  • 47. 1. PLAN AND ORGANIZE YOUR DEVICES Setup your asset management tools to reflect your organization’s plan. Consider all of your devices no matter whether they are on or off your corporate network. Then, document the purpose of each device. Also, document the expected lifespan of each device including the refresh cycles, lease date or end of life warranty. 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
  • 48. 2. KEEP DEVICES VISIBLE AND HEALTHY 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
  • 49. 2. KEEP DEVICES VISIBLE AND HEALTHY Developing and implementing your IT asset management plan ensures that you have a living baseline to measure your population against. With this knowledge, you can effectively monitor your devices’ performance, health, and risk exposure, and make informed decisions about changes to your environment. 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
  • 50. 3. RETIRE DEVICES 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
  • 51. 3. RETIRE DEVICES To have an effective IT asset management plan and a capable information security practice, you need to trust your data and ensure that the devices important to you are monitored and protected. This means that your devices need a retirement plan. 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
  • 52. 3. RETIRE DEVICES Establishing a process for your devices’ end of life from the time they first enter your environment means that your devices are collected, secured, sanitized, and removed from your environment when the time comes. 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
  • 53. 3. RETIRE DEVICES It also means that the information you rely on to make critical information security and IT operations decisions is accurate and the alerts you receive when something unexpected happens are real. 3 OBJECTIVES OF AN ASSET MANAGEMENT PROGRAM
  • 54. What are the types of IT asset Management? IT ASSET MANAGEMENT
  • 55. 1. SOFTWARE IT ASSET MANAGEMENT
  • 56. 1. SOFTWARE Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization. IT ASSET MANAGEMENT
  • 57. 2. HARDWARE IT ASSET MANAGEMENT
  • 58. 2. HARDWARE Hardware asset management (HAM) is the process of managing the physical components of computers, computer networks and systems. This begins with acquisition and continues through maintenance until the hardware's ultimate disposal. IT ASSET MANAGEMENT
  • 59. 3. MOBILE DEVICES IT ASSET MANAGEMENT
  • 60. 3. MOBILE DEVICES Mobile devices should certainly be treated as an asset; therefore it falls under the ITAM remit. Mobile devices should be treated like any other asset; it needs constant monitoring and management throughout its lifecycle. IT ASSET MANAGEMENT
  • 61. 3. MOBILE DEVICES The challenge with mobile devices however is the fact that they are mobile. They can be moved from location to location a lot easier than a desktop, and some are small enough to get lost. IT ASSET MANAGEMENT
  • 62. 4. CLOUD DATABASE IT ASSET MANAGEMENT
  • 63. 4. CLOUD DATABASE IT ASSET MANAGEMENT
  • 64. 4. CLOUD DATABASE Cloud asset management (CAM) is a component of cloud management services focused exclusively on the management of a business’s physical cloud environment, such as the products or services they use. IT ASSET MANAGEMENT
  • 65. 4. CLOUD DATABASE Put simply, CAM keeps track of every aspect of your cloud estate, managing the maintenance, compliance, upgrading, and disposal of cloud assets. IT ASSET MANAGEMENT
  • 66. What does an IT asset manager do? WRAPPING UP!
  • 67. The IT Asset Manager is responsible for the daily and long-term strategic management of software and technology-related hardware within the organization. This includes planning, monitoring, and recording software license and/or hardware assets to ensure compliance with vendor contracts. WHAT DOES AN IT ASSET MANAGER DO?
  • 68. Why is IT asset management important? WRAPPING UP!
  • 69. Asset management is important because it helps a company monitor and manage their assets using a systemized approach. Managed effectively, the benefits include improvements to productivity and efficiency which places a business in a better position to increase their return on investment. WHY IS IT ASSET MANAGEMENT IMPORTANT?
  • 70. Why is an asset? WRAPPING UP!
  • 71. An asset is anything of value or a resource of value that can be converted into cash. Individuals, companies, and governments own assets. WRAPPING UP!
  • 73. ½ CROSS WISE CLEAN PAPER
  • 74. 1.Give a dialog about asset management. 2. Distinguish and discuss the three goals of an asset management program. 3. Give the different types of IT asset Management and write a brief dialog. ½ CROSS WISE CLEAN PAPER
  • 75. BUSINESS CONTINUITY IT SECURITY AND MANAGEMENT BSIS 2 SECURITY POLICIES
  • 76. At the end of the third chapter, learners will be able to; 1. Elaborate about business continuity. 2. Engage with the types of business continuity. 3. Know about the steps for building and executing of business continuity. 4. Familiarize the business continuity strategy. LEARNING OBJECTIVES
  • 77. Introduction to Business Continuity Types of Business Continuity Steps for Building and Executing of Business Continuity Business Continuity Strategy LEARNING TOPICS
  • 79. What is Business Continuity? LEARNING ACTIVITY
  • 80. How to maintain the good performance of the business? LEARNING ACTIVITY
  • 81. How to prevent your business from risks? LEARNING ACTIVITY
  • 83. Business continuity is an organization’s ability to ensure operations and core business functions are not severely impacted by a disaster or unplanned incident that take critical systems offline. BUSINESS CONTINUITY
  • 86. A variety of events cause digital business disruptions. Just because you’re not at risk of one particular cataclysmic disaster doesn’t mean many other incidents can’t take you offline: TYPES OF BUSINESS CONTINUITY
  • 87. 1. Disasters: Natural and Local TYPES OF BUSINESS CONTINUITY
  • 88. 1. Disasters: Natural and Local Data loss and system failure can obviously be caused by natural disasters such as floods, earthquakes and fires, but even a simple electronic malfunction could destroy valuable information. When it comes to data, putting all your eggs in one basket is a perilous risk. TYPES OF BUSINESS CONTINUITY
  • 89. 2. Network Disruptions TYPES OF BUSINESS CONTINUITY
  • 90. 2. Network Disruptions Third party internet networks can fail. Fiber can get cut. Your in-house local area network can be disabled. If your business needs continuous connectivity, make sure network availability is a top priority. TYPES OF BUSINESS CONTINUITY
  • 91. 3. Cyber security TYPES OF BUSINESS CONTINUITY
  • 92. 3. Cyber security The prevalence of cyber security threats are a global phenomenon that no business, large or small, can ignore. New threats such as Ransom ware are predicted to be on the rise. Backing up your data with high frequency is crucial to ensuring such attacks don’t bring your business down plan against data breach is paramount. TYPES OF BUSINESS CONTINUITY
  • 93. 4. Human error TYPES OF BUSINESS CONTINUITY
  • 94. 4. Human error Vulnerability points are often located right in the cubicle next to you. Employees or vendors can cause outages simply out of ignorance, due to innocent mistakes, or even as a result of ill intent. TYPES OF BUSINESS CONTINUITY
  • 95. Steps for Building And Executing Your Business Continuity Plan BUSINESS CONTINUITY
  • 96. If your business is behind in disaster planning, you don’t have to catch up alone. Whether taking on business continuity planning alone or with a third party, follow these three steps to start protecting your company from unplanned downtime. STEPS FOR BUILDING AND EXECUTING YOUR BUSINESS CONTINUITY PLAN
  • 97. Step 1: Perform a Business Impact Analysis STEPS FOR BUILDING AND EXECUTING YOUR BUSINESS CONTINUITY PLAN
  • 98. A business impact analysis defines what data your company cannot live without and the amount of downtime acceptable in a given period of time. PERFORM A BUSINESS IMPACT ANALYSIS
  • 99. Finding a hosting provider that promises 100% uptime will help with this, but you’ll also need to determine two important numbers key to disaster recovery: Recovery Time Objective Recovery Point Objective PERFORM A BUSINESS IMPACT ANALYSIS
  • 100. The Recovery Time Objective (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity. RECOVERY TIME OBJECTIVE
  • 101. The recovery point objective (RPO) is the age of files that must be recovered from backup storage for normal operations to resume if a computer, system, or network goes down as a result of a hardware, program, or communications failure. RECOVERY POINT OBJECTIVE
  • 102. Step 2: Perform a Risk Assessment STEPS FOR BUILDING AND EXECUTING YOUR BUSINESS CONTINUITY PLAN
  • 103. This step is critical if you manage your own infrastructure. Risk assessments are all about identifying potential points of failure. PERFORM A RISK ASSESSMENT.
  • 104. For example, if you have your data stored in only one location and the location dies, you will lose your data. If a hosting provider is in charge of your servers and data within a data center, ideally you will have everything stored and replicated in more than one location. PERFORM A RISK ASSESSMENT.
  • 105. Step 3: Manage Your Risks STEPS FOR BUILDING AND EXECUTING YOUR BUSINESS CONTINUITY PLAN
  • 106. Once you’ve assessed the risks, you must manage them — whether your data and infrastructure lives in house, with a hosting provider, or a combination of both. MANAGE YOUR RISKS
  • 107. Regularly backup your data offsite as specified by your business continuity plan and go a step beyond by adding redundant, offsite infrastructure to your network to ensure 100 percent uptime. MANAGE YOUR RISKS
  • 108. 6 STRATEGIES OF BUSINESS CONTINUITY
  • 109. 1. Personalized File Backups 6 STRATEGIES OF BUSINESS CONTINUITY
  • 110. Server-level backups are an important component of any company’s business continuity strategy. Whether your files are stored 100% in the cloud or your company embraces a hybrid cloud and on-site server strategy, 1. PERSONALIZED FILE BACKUPS
  • 111. most companies are regularly backing up information like client data, financial information and other critical information. Often, physical versions of your most important files are kept at another location. 1. PERSONALIZED FILE BACKUPS
  • 112. 2. Email Continuity Solutions 6 STRATEGIES OF BUSINESS CONTINUITY
  • 113. Email Continuity acts as a backup email system that can temporarily take the place of your mail server when it goes down. There are many reasons that an email system might go temporarily offline. Email Continuity allows you to continue receiving and sending emails using your normal email address. 2. EMAIL CONTINUITY SOLUTIONS
  • 114. 3. Cross-Device Continuity Solutions 6 STRATEGIES OF BUSINESS CONTINUITY
  • 115. Whether you’re facing a server outage or a physical issue like a major storm, downtime can have critical consequences for your business. Employee communications get cut off, critical systems aren’t processing transactions and customers see that your website is offline. 3. CROSS-DEVICE CONTINUITY SOLUTIONS
  • 116. An important tactical part of any small or mid-sized business continuity plan is thinking about cross-device continuity solutions. One set of devices that is probably still working is your employees’ mobile devices. 3. CROSS-DEVICE CONTINUITY SOLUTIONS
  • 117. 4. Collaboration and Communication Software 6 STRATEGIES OF BUSINESS CONTINUITY
  • 118. In order to access communications from any device no matter where they are, companies of all sizes are increasingly relying on unified messaging approach, which means integrating all texts, emails, faxes etc. onto a single interface. 4. COLLABORATION AND COMMUNICATION SOFTWARE
  • 119. Whether you’ve got in-house teams on opposite coasts or contractors on a different continent, the right tools enable efficient collaboration and communication. 4. COLLABORATION AND COMMUNICATION SOFTWARE
  • 120. 5. Allocating Your Technology Budget and Resources 6 STRATEGIES OF BUSINESS CONTINUITY
  • 121. Add a line item for business continuity to your IT budget. Companies typically spend between 4 and 6% of their budgets on IT. Whether it’s investing in the right systems or ensuring you have the on-demand IT talent needed for fast responses, every company needs funds set aside for business continuity and disaster response. 5. ALLOCATING YOUR TECHNOLOGY BUDGET AND RESOURCES
  • 122. Yet it’s critical to realize that the most complex and efficient plans are useless without the resources to execute. 5. ALLOCATING YOUR TECHNOLOGY BUDGET AND RESOURCES
  • 123. 6. Empowering Staff 6 STRATEGIES OF BUSINESS CONTINUITY
  • 124. It’s important to empower employees to take action in the case of a disaster. For example, by having clear decision rights outlined in your recovery plan, you’re enabling your team to take action and more quickly resolve any issues. 6. EMPOWERING STAFF
  • 125. When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential. BUSINESS CONTINUITY
  • 126. How to prevent your business from risks? WRAPPING UP!
  • 127. Give a dialog about business continuity. WRAPPING UP!
  • 128. Cite the types of business continuity. WRAPPING UP!
  • 129. Enumerate the steps for building and executing of business continuity. WRAPPING UP!
  • 130. Give the 6 business continuity strategy. WRAPPING UP!
  • 132. ½ CROSS WISE CLEAN PAPER
  • 133. 1. Give a dialog about business continuity. 2. Cite the types of business continuity. 3. Enumerate the steps for building and executing of business continuity. 4. Give the 6 business continuity strategy. ½ CROSS WISE CLEAN PAPER
  • 134. You learned about; 1.ACCESS CONTROL 2.ASSET MANAGEMENT 3.BUSINESS CONTINUITY END OF THE TERM