Home >Documents >A SharePoint Administrator’s - Learning Tree .A SharePoint...

A SharePoint Administrator’s - Learning Tree .A SharePoint...

Date post:07-Sep-2018
Category:
View:217 times
Download:0 times
Share this document with a friend
Transcript:
  • A SharePoint Administrators

    Practical Guide to Cybersecurity

    1060/CN/A.1/207/

    Course 1060

    Contributing Author:

    Aaron Kraus, Certified Information System Security Professional (CISSP),

    CompTIA Security+CE

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-2

    To Join the Audio Conference

    For todays session, were using a conference bridge to eliminate the need for microphones and system validations

    From a direct line1. Enter your directly dialed

    telephone number (no

    extensions) into the Join

    Teleconference dialog box

    2. Click Call My Phone

    From an internal extension line or from outside the U.S. or Canada

    1. Dial:

    2. Enter *5555#Note: To redisplay the Join

    Teleconference dialog box, click

    the Audio Conference Options

    button at the bottom of the

    Attendee List and select Call Me

    1

    2

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-3

    Learning Tree AnyWareTM: Quick Tour

    To ask questions Click the Chime In button icon and well unmute your audio

    AnyWare status symbols Agree/Disagree

    Chat Use to share information via a

    text message

    Click the drop-down arrow to

    select the recipient

    Private messages Use to send a private message

    to your instructor

    Displays in red text

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-4

    Learning Tree AnyWareTM: Quick Tour

    (continued)

    Technical support If you need technical assistance,

    click the Get Assistance button

    to initiate a chat session with an

    AnyWare support technician

    Enter your question and click the

    Send Message button

    An AnyWare support technician

    will provide the assistance that

    you need

    Once your issue is resolved, the

    technician will close the ticket

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-5

    About Learning Tree International

    Learning Tree International was founded in 1974 More than 2.1 million technology professionals and managers from over

    65,000 organizations trained to date

    In-depth course curriculummore than 235 titles and growing Includes more than 90 management titles

    Courses are developed and taught by technology and business professionals actively working in the field

    Public and on-site courses are available at Learning Tree and client locations worldwide

    This course is being delivered using Learning Tree AnyWare Our (patent pending) training delivery solution that connects online

    participants to a live, instructor-led classroom

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-6

    About Your Instructor

    Background and education

    Current position

    Experience

    Poll

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-7

    Session Objectives

    In this presentation, we will

    Define cybersecurity and its importance to SharePoint admins

    Plan for SharePoint security by integrating security throughout the SDLC Explore a real-world case study involving a SharePoint data breach

    Address security requirements at various layers of a SharePoint deployment

    Server and farm layer

    Network and perimeter defenses

    End-user layer

    This presentation will be sent to all attendees following this course

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-8

    SharePoint Security Best Practices

    SharePoint is a team tool: Security may not be your responsibility, but

    you can advocate for proper security measures

    Establish a SharePoint steering committee to involve all stakeholders,

    such as IT security, network, and business users

    Start with a secure core of hardened infrastructure

    Create unique credentials for SharePoint installation account

    Create non-obvious user IDs and strong passwords for service accounts

    Change SharePoint service account passwords regularly

    Document SharePoint security/usage policies, and train your users

    Provide additional training to users with escalated privileges, such as site

    administrators and designers

    Audit critical items, such as remote access, device configurations, and

    user management

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-9

    A SharePoint Administrators Practical Guide

    to Cybersecurity

    Define Cybersecurity

    Plan for SharePoint Security by Integrating

    Security Throughout the SDLC

    Address Security Requirements at Various

    Layers of a SharePoint Deployment

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-10

    What Is Cybersecurity?

    The ability to protect and defend critical Information Technology (IT) systems, preserving CIA:

    Confidentiality: to ensure that only authorized users have access

    Integrity: to ensure that only approved changes are made

    Availability: to ensure that critical resources are accessible when and where

    needed

    SharePoint requires a multidisciplinary approach to security, because

    It encompasses a broad range of technologies

    It places a great deal of power in the hands of

    end users, including security decisions

    Cyber threat is one of the most serious economic

    and national security challenges we face.

    President Barack Obama

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-11

    Data Breaches Are Costly

    Data breaches are costly and can carry significant legal or regulatory consequences

    The average cost of a data breach to an organization is $7.3 million per

    breach ($214 per compromised record)*

    Attacks against the Sony PlayStation network were estimated to cost more

    than $178 million in 2011**

    Costs for lost business, loss of goodwill,

    etc., are impossible to calculate

    Cybersecurity concerns for SharePoint admins Control user access

    Enforce restrictions on user actions

    Secure infrastructure and access methods

    The goal of a SharePoint security program is to safeguard data!

    *bit.ly/eiz9Ec

    **bit.ly/LSjbpw

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-12

    Standards, Laws, and Regulations

    Securing SharePoint may require adherence to or implementation of Standards

    ISO/IEC 27000-defined Information Security Management System

    NIST Special Publication (SP) Series / DOD DIACAP Framework

    ITIL V3 Information Security Management (ISM)

    Laws

    Federal Information Security Management Act (FISMA)

    Health Insurance Portability and Accountability Act (HIPAA)

    Sarbanes-OXley (SOX)

    EU Data Protection Directive/Regulation

    Industry regulation

    Payment Card Industry Data Security Standard (PCI DSS)

    ISO/IEC = International Organization for Standardization/International Electrotechnical Commission

    ITIL = Information Technology Infrastructure Library

    NIST = National Institute for Standards and Technology

    ITIL is a Registered Trade Mark of the Cabinet Office.

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-13

    A SharePoint Administrators Practical Guide

    to Cybersecurity

    Define Cybersecurity

    Plan for SharePoint Security by Integrating

    Security Throughout the SDLC

    Address Security Requirements at Various

    Layers of a SharePoint Deployment

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-14

    SharePoint Is Multilayered

    A SharePoint ecosystem is composed of many elements, each with unique security concerns

    Windows Server, MS SQL Server, .NET, IIS, ASP

    A variety of end-user access protocols, devices, and client programs

    Administrative responsibility is often split across the organization, including server admins, SharePoint admins, and individual site admins

    Security should start before you install and deploy SharePoint

    Properly securing SharePoint is a multidisciplinary, collaborative effort

    SharePoint is a collaborative and user-empowering technology The majority of security decisions fall to end users

    The tool is designed to facilitate information sharing, making it a virtual

    goldmine for hackers

  • 2012 Learning Tree International, Inc. All rights reserved, Inc. Not to be reproduced without prior written consent.

    1060-15

    A Plan is Required

    Cost-effective controls should be chosen Control cost should never exceed the value of the asset being safeguarded

    Categorize the data and access to the system to guide control selection

    Security is most easily

Click here to load reader

Embed Size (px)
Recommended