Information Security Policy and Access Control Guidelines
Explore the intricacies of information security policy and access control mechanisms, including defining security policies, risk management, Bell-LaPadula Model, types of access control, and more. Discover the importance of creating an overall approach to information security and the purposes of an Information Security Policy (ISP) in safeguarding data integrity, confidentiality, and availability.
Uploaded on | 0 Views
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
IT 6823 LM 4 Information Security Policy & Access Control Dr. Lei Li
NIST Framework Core Image source: https://www.nist.gov/document/cybersecurityframeworkv1- 1presentationpptx IT 6823 LM4 Security Policy & Access Control 2
Learning Outcomes Define information security policy Explain the risk management process Explain the main components of information security policy framework Describe the basics of Bell-LaPadula Model Discuss different types of access control Explain ACL and be proficient in changing permission in major OS IT 6823 LM4 Security Policy & Access Control 3
Information Security Policy Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information Important part of security program IT 6823 LM4 Security Policy & Access Control 4
ISP Framework Image source: https://www.exabeam.com/information-security/information-security-policy/ IT 6823 LM4 Security Policy & Access Control 5
Purposes of ISP Create an overall approach to information security. Detect and preempt information security breaches such as misuse of networks, data, applications, and computer systems. Maintain the reputation of the organization and uphold ethical and legal responsibilities. Respect customer rights, including how to react to inquiries and complaints about non-compliance. IT 6823 LM4 Security Policy & Access Control 6
ISP Audience & Objectives Whom the information security policy applies Objectives Confidentiality Integrity Availability IT 6823 LM4 Security Policy & Access Control 7
Data classification Top secret Secret Confidential Public IT 6823 LM4 Security Policy & Access Control 8
Other Elements Authority and access control policy Data support and operations Security awareness and behavior Responsibilities, rights, and duties of personnel IT 6823 LM4 Security Policy & Access Control 9
ISP Examples Acceptable use policy Access control policy Incident response policy Email/communication policy More examples: https://www.csoonline.com/article/3263738/9- policies-and-procedures-you-need-to-know-about-if-youre- starting-a-new-security-program.html IT 6823 LM4 Security Policy & Access Control 10
Access Control Discretionary Access Control (DAC) Mandatory access control (MAC) Role-Based Access Control (RBAC) Rule-Based Access Control IT 6823 LM4 Security Policy & Access Control 11
Bell-LaPadula Model One of principal foundations for authentication Focus on confidentiality Access Matrix s = subject o = object and a = access rights associated with the subject. IT 6823 LM4 Security Policy & Access Control 12
Access Privileges Read-Only Append Execute Read-Write IT 6823 LM4 Security Policy & Access Control 13
Restrictions Reading down Write up Image source: https%3A%2F%2Fwww.cs.utexas.edu%2F~byoung%2Fcs361%2Fslides2-policy-4up.pdf IT 6823 LM4 Security Policy & Access Control 14
Access Control List A list of permissions associated with an object Filesystem ACLs Active Directory ACLs Networking ACLs IT 6823 LM4 Security Policy & Access Control 15
Example of ACL Table Image source: https://www.dokuwiki.org/acl IT 6823 LM4 Security Policy & Access Control 16
Change File Permission in Windows 10 IT 6823 LM4 Security Policy & Access Control 17
Change File Permission in Windows 10 Command line utility Icacls Set, backup and restore ACL Example: $> icacls "E:\Study2018" /t /grant:F IT 6823 LM4 Security Policy & Access Control 18
File Permission Numeric Table -Unix Chmod IT 6823 LM4 Security Policy & Access Control 19
