PACE-IT: Risk and Security Related Concepts

Risk and security related concepts.

Page 2

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications

PC Hardware

Network Administration

IT Project Management

Network Design

User Training

IT Troubleshooting

Qualifications Summary

Education

M.B.A., IT Management, Western Governor’s University

B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions.

Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Page 3


– The big picture of recovery.

– Concepts and terms.

PACE-IT.

Page 4

The big picture of recovery.Risk and security related concepts.

Page 5

The big picture of recovery.

Standards and policies are used to help ensure that everyone is on the same page at the same time.

All organizations should review their operations and create standards and policies that suit their needs. Once they are created, the standards and policies should be adhered to.

By stressing the importance of standards and policies, risks to an organization can be reduced and security can be strengthened.

All policies and standards should be reviewed on a periodic basis to help ensure that they remain relevant and be updated as necessary.


Page 6


– Disaster recovery plan (DRP).» A disaster is any event or emergency that goes beyond

the normal response resources (e.g., earthquake or flood).

• The longer a business is not able to function, the more damage is done.

» DRPs detail the steps to recover from a disaster situation (e.g., offsite backups and fallback sites).

• They also have sections dealing with how to help ensure employee safety.

– Business continuity plan (BCP).» A sub-element of the DRP, a BCP includes an impact

analysis of the business effects of down systems.• The impact analysis helps to identify single points of

failure in the business system.» A BCP helps to prioritize what systems or processes

need to be brought back first to get the organization operational again.

• It identifies mission critical systems, processes, and data.

» A BCP helps to guide the creation of the DRP.


Page 7

Concepts and terms.Risk and security related concepts.

Page 8

Concepts and terms.

– Single point of failure.» A single point of failure is a system or component that,

if it goes down, has a major impact on operations (e.g., a key router that fails and prevents customers from ordering products).

» Once identified, these failure points can be mitigated through several different methods such as:

• Redundant systems (e.g., a backup router or redundant power supply).

• System redesign (e.g., removal of the point of failure through a redesign of the system (e.g., adding an additional router).

– UPS (uninterruptable power supply).

» A UPS will mitigate power issues that can have a negative impact on sensitive networking components.

• Conditions the incoming power to remove spikes and sags in the current, ensuring that the current flow is even.

• Helps to ensure continued operation for a given period of time in the case of complete electrical power supply loss).


Page 9

Concepts and terms.

– First responders.» The first people to discover or respond to the security

issue.• Ideally, it will be someone who has been properly

trained in how to deal with the situation.» Within the network security realm, first responders can

play a key role in mitigating damage and collecting evidence.

– Data breach.» Any unauthorized access to data, particularly to

sensitive data.• Breaches may be unintentional or intentional.• Breaches may occur internally or externally.

» The severity of the breach is greatly determined by the sensitivity of the data accessed.

» Data breaches can be very expensive to organizations.• Loss of reputation, which can lead to loss of revenue.• Loss of business secrets.• Fines or penalties levied by governments or other

organizations.


Page 10

Concepts and terms.Risk and security related concepts.

User awareness and training.

Greatly reducing security risks.

Quite often, the weakest link in the security chain is the users. The risks can be reduced by making the users properly aware of security and security threats.

Penetration testing.Finding weak spots and hardening the system.

Actively and aggressively testing the whole IT system in an effort to find weak spots. This can include using social engineering methods. The data generated is used to harden the IT system to mitigate risk.

Vulnerability scanning.Finding network holes and plugging them.

Mostly done through the use of automated software, networks are probed for vulnerabilities (e.g., open ports or protocols). Once identified, these holes into the network can be plugged.

Page 11

What was covered.Risk and security related concepts.

Organizations should establish and enforce standards and policies. These will help to mitigate any risks. DRPs are developed and used to help recover from a disaster. A BCP is a sub-element of a DRP. They identify systems and components that are mission critical to an organization and create plans to mitigate the loss of those identified elements.

Topic


Summary

A single point of failure is when there is a single point where a failure would create business discontinuity. Network administrators strive to remove them from their systems. A UPS is used to mitigate power issues. First responders are the people who first notice and respond to security issues. Ideally, the first responder will have been properly trained. A data breach is any unauthorized access to an organization's data. User awareness and training is used to mitigate risks associated at the user level. Penetration testing is the review of a whole system looking for weaknesses that can then be hardened. Vulnerability scanning is usually an automated process that looks for weaknesses in networks so that any holes can be plugged.

Concepts and terms.

Page 12

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.

PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.