Chapter 7 Secure-Use Practices Defensive Best Practices.ppt

下载文档

2
0
约8.44千字
约 33页
2017-08-18 发布于甘肃
举报
版权申诉
保障服务

Chapter 7 Secure-Use Practices Defensive Best Practices.ppt

1、原创力文档（book118）网站文档一经付费（服务费），不意味着购买了该文档的版权，仅供个人/单位学习、研究之用，不得用于商业用途，未经授权，严禁复制、发行、汇编、翻译或者网络传播等，侵权必究。。
2、本站所有内容均由合作方或网友上传，本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺！文档内容仅供研究参考，付费前请自行鉴别。如您付费，意味着您自己接受本站规则且自行承担风险，本站不退款、不进行额外附加服务；查看《如何避免下载的几个坑》。如果您已付费下载过本站文档，您可以点击这里二次下载。
3、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等，请点击“版权申诉”（推荐），也可以打举报电话：400-050-0827(电话支持时间：9:00-18:30)。

Chapter 7 Secure-Use Practices: Defensive Best Practices Presented by: Derrick Lowe Ken Dean Quintin King Caroline Hawes Introduction This chapter focuses on what companies must do to protect themselves from internal risks. Before hackers and the internet there were: Disgruntled workers Careless administrators Hostile managers Introduction cont’ Current technology amplifies security threats, can be blamed on organizational practices Effective countermeasures Secure-use practices User training Secure Use Practices: Policies Major Risk Factors Most likely sources of cyber threats continue to come from within. Unknown and unseen hackers and thieves are not the most common threat. It is difficult to accept the reality that a majority of cyber security incidents are traced to company insiders. Examples An unwitting employee may spread infected email or be tricked into revealing information through a popular hacker technique – social engineering. Spoofing-disguising true identity of the sender Administrators may be unable or unwilling to apply software patches to fix known vulnerabilities. Limits On The Extent To Which Risk Factors Can Be Controlled A complete set of updated, well-documented policies and training in security procedures can be time-consuming. They are not without risks Selectively enforced policies can be worse than having none at all If employees send threatening messages to each other and company fail to notify law enforcement, they can be held liable for negligence Enforcement Of Secure-Use Practices Must Be Consistent With AUP A clearly written Acceptable Use Policy and documentation of confirmation from employees that they read, understood, and agreed to its terms in addition to the Secure-Use practice can help a company avoid costly lawsuits. Key Secure – Use Procedures and Practices Security Focus in Organizational Planning Process Information security for organizations may not always follow a standard pattern: Develop a business plan Defines go