Security Guide for Interconnecting Information Technology Systems ANUSHA KAMINENI SECURITY MANAGEMENT
Transcript
Slide 1
ANUSHA KAMINENI SECURITY MANAGEMENT
Slide 2
Introduction Background Lifecycle of System
Interconnection
Slide 3
Security guide for Interconnecting systems Life-Cycle
Management Planning a system interconnection Establishing a system
interconnection Maintaining a system interconnection Disconnecting
a system interconnection ISA and MOU/A System Interconnection
Implementation plan
Exchange data & information Provide customized levels
Collaborate on Joint projects Provide full time communications
Provide online training Provide secure storage of data
Slide 7
Figure 2. Steps to plan a system interconnection
Slide 8
Establish a Joint planning team Define the Business case
Perform C & A Determine Interconnection Requirements Document
Interconnection Agreement Approve or Reject Interconnection
Slide 9
Level and method of interconnection Impact on existing
Infrastructure and Operations Hardware Requirements Software
Requirements Data Sensitivity User Community Services and
Applications Security controls Segregation of Duties Incident
Reporting and Response Contingency Planning
Slide 10
Data element naming and ownership Data Backup Change Management
Rules of Behavior Security Training and Awareness Roles and
Responsibilities Scheduling Costs and Budgeting
Slide 11
Develop an interconnection security agreement Establish a
memorandum of Understanding
Slide 12
Approve the interconnection Grant interim approval Reject the
interconnection
Slide 13
Fig 3. Steps to Establish a system Interconnection
Slide 14
Develop Implementation Plan Execute Implementation Plan
Activate Interconnection
Slide 15
Implement or configure security controls Firewalls Intrusion
Detection Auditing Identification and Authentication Logical Access
controls Virus scanning Encryption Physical and Environmental
security
Slide 16
Install or configure hardware and software Communications line
VPN Routers and switches Hubs Servers Computer Workstations
Integrate Applications Conduct operational and security testing
Conduct security Training and awareness Update systems security
plans Perform Recertification and Reaccreditation
Slide 17
Maintain clear lines of communication Maintain equipment Manage
user Profiles Conduct security reviews Analyze audit logs Report
& respond to security incidents Coordinate contingency planning
activities Perform Change management Maintain system security
plans
Slide 18
Planned disconnection Emergency disconnection Restoration of
interconnection
Slide 19
Security guide for Interconnecting systems Life-Cycle
Management Planning a system interconnection Establishing a system
interconnection Maintaining a system interconnection Disconnecting
a system interconnection ISA and MOU/A System Interconnection
Implementation plan
Slide 20
Audit Trail Integrated Services Digital Network(ISDN)
Interconnection Security Agreement(ISA) Intrusion Detection System
(IDS) Memorandum of Understanding/Agreement(MOU/A) RADIUS (Remote
Authentication Dial-In User Service) Security Controls System
interconnection Virtual Private Network(VPN)