ANUSHA KAMINENI SECURITY MANAGEMENT AGENDA Introduction Background Lifecycle of System Interconnection EXECUTIVE SUMMARY Security guide for Interconnecting systems LifeCycle Management Planning a system interconnection ID: 320447
Download Presentation The PPT/PDF document "Security Guide for Interconnecting Infor..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Security Guide for Interconnecting Information Technology Systems
ANUSHA KAMINENISECURITY MANAGEMENTSlide2
AGENDA
IntroductionBackgroundLifecycle of System InterconnectionSlide3
EXECUTIVE SUMMARY
Security guide for Interconnecting systemsLife-Cycle ManagementPlanning a system interconnectionEstablishing a system interconnectionMaintaining a system interconnection
Disconnecting a system
interconnection
ISA and MOU/A
System Interconnection Implementation planSlide4
INTRODUCTION
AuthorityPurposeScopeAudienceDocument StructureSlide5
BACKGROUND
Figure 1: Interconnection ComponentsSlide6
Why to interconnect IT systems?
Exchange data & informationProvide customized levelsCollaborate on Joint projectsProvide full time communicationsProvide online trainingProvide secure storage of dataSlide7
PLANNING A SYSTEM INTERCONNECTION
Figure 2. Steps to plan a system interconnectionSlide8
PLANNING A SYSTEM INTERCONNECTION
Establish a Joint planning teamDefine the Business casePerform C & ADetermine Interconnection RequirementsDocument Interconnection AgreementApprove or Reject InterconnectionSlide9
Determine Interconnection Requirements
Level and method of interconnectionImpact on existing Infrastructure and OperationsHardware RequirementsSoftware RequirementsData Sensitivity
User Community
Services and Applications
Security controls
Segregation of Duties
Incident Reporting and Response
Contingency PlanningSlide10
…..continued
Determine Interconnection Requirements
Data element naming and ownership
Data Backup
Change Management
Rules of Behavior
Security Training and Awareness
Roles and Responsibilities
Scheduling
Costs and BudgetingSlide11
Document Interconnection Agreement
Develop an interconnection security agreementEstablish a memorandum of UnderstandingSlide12
Approve or Reject Interconnection
Approve the interconnectionGrant interim approvalReject the interconnectionSlide13
ESTABLISHING A SYSTEM INTERCONNECTION
Fig 3. Steps to Establish a system InterconnectionSlide14
ESTABLISHING A SYSTEM INTERCONNECTION
Develop Implementation PlanExecute Implementation PlanActivate InterconnectionSlide15
Execute Implementation Plan
Implement or configure security controlsFirewallsIntrusion DetectionAuditing
Identification and Authentication
Logical Access controls
Virus scanning
Encryption
Physical and Environmental securitySlide16
…. continued Execute
Implementation PlanInstall or configure hardware and softwareCommunications lineVPN
Routers and switches
Hubs
Servers
Computer Workstations
Integrate Applications
Conduct operational and security testing
Conduct security Training and awareness
Update systems security plans
Perform Recertification and ReaccreditationSlide17
MAINTAINING A SYSTEM INTERCONNECTION
Maintain clear lines of communicationMaintain equipmentManage user ProfilesConduct security reviewsAnalyze audit logsReport & respond to security incidents
Coordinate contingency planning activities
Perform Change management
Maintain system security plansSlide18
DISCONNECTING A SYSTEM INTERCONNECTION
Planned disconnectionEmergency disconnectionRestoration of interconnectionSlide19
EXECUTIVE SUMMARY
Security guide for Interconnecting systemsLife-Cycle ManagementPlanning a system interconnectionEstablishing a system interconnectionMaintaining a system interconnection
Disconnecting a system
interconnection
ISA and MOU/A
System Interconnection Implementation planSlide20
IMPORTANT TERMS
Audit TrailIntegrated Services Digital Network(ISDN)Interconnection Security Agreement(ISA)Intrusion Detection System (IDS)Memorandum of Understanding/Agreement(MOU/A)
RADIUS (Remote Authentication Dial-In User Service)
Security Controls
System interconnection
Virtual Private Network(VPN)Slide21
QUESTIONS?