Network security
Páginas: 9 (2081 palabras)
Publicado: 29 de junio de 2009
Security Audit Security Assessment & Penetration tests Information Technology Security
Jose L. Ortiz Jr. IT 430 – Ethical Hacking
TABLE OF CONTENTS
Abstract
……………………………………………………………………………..
2 3-4 5-6 6-8 8-9 9-10
Introduction …………………………………………………………………………….. Security Audit ……………………………………………………………………………. Security Assessment ……………………………………………………………………. Penetration Testing……………………………………………………………………... Why and when any of these techniques should be used ……………………………
Integration or specialization of these practices ……………………………………… 10-11 Bibliography …………………………………………………………………………….. 12
1
Abstract:
This paper will offer a reflection related to the application and diffusion of practices like the audit of security, the security assessment and the penetration tests. The main goal in mindis to share and inform with all and mostly consulting professionals of security, along with all major business that require to have a secure network, and who doesn’t? This will go over the necessity to incorporate these practices like proactive tools in managing and administrating the security for the modern organizations in today’s business.
2
Introduction:
The present infrastructure intoday’s telecommunications networks has been in charge to generate new and outstanding well known businesses that have allowed to the expansion and generation of markets that were once unknown , and has sustained the growth of other utilities from multiple companies in the world.
In this system, the information that travels through every network, every infrastructure, every single major ISP,has become one of the major treasures of every single company in the world. This has become the motor of knowledge to recognize the fluctuations of the surroundings in which they travel. Therefore, one needs to become knowledgeable about the security in which their data travels and develop positions and clear and safe actions against the strategic intelligence of the company so all theirconfidential data won’t be comprised: •
Information about the sensitive markets: product plans, penetration in segments of markets, identification of clients.
•
Financial information: State of losses and gains, state of the projects, budgets of operation and investment.
• •
Industrial secrets: formulas of products, exclusive designs. Processes of technological advantage: Related to how thecompany produces and distributes its products or services that generally are not found documented.
3
•
Information about the personnel: Contracts, repayment, payments, social security, insurances.
•
Information of clients: Products or services that they use statistics about its consumptions.
• •
Product information: Designs, proposals, ideas and concepts. Internal information:Definitive memorandum reports, rough drafts, conversations.
•
Information of security: Devices or used safety mechanisms, zones of maximum security, plans of security.
As stated above, the organization must establish certain directions for the company security that allows one to manage and to protect the assets in the best possible way. Also, based on those set of rules, one needs toformulate and to promote practices that support and verify the guidelines formulated based on the security needs. For such reason, exercises like security audit, evaluation of the security and penetration tests have arisen that allow us to know with certain depth the weaknesses and threats to that the critical information of an organization that’s stored, created or transported by electronic means ,which is critical for every organization or company.
4
Security Audit for IT Personnel:
What is a Security Audit? “a computer security audit is a systematic, measurable technical assessment of how the organization's security policy is employed at a specific site. Computer security auditors work with the full knowledge of the organization, at times with considerable...
Jose L. Ortiz Jr. IT 430 – Ethical Hacking
TABLE OF CONTENTS
Abstract
……………………………………………………………………………..
2 3-4 5-6 6-8 8-9 9-10
Introduction …………………………………………………………………………….. Security Audit ……………………………………………………………………………. Security Assessment ……………………………………………………………………. Penetration Testing……………………………………………………………………... Why and when any of these techniques should be used ……………………………
Integration or specialization of these practices ……………………………………… 10-11 Bibliography …………………………………………………………………………….. 12
1
Abstract:
This paper will offer a reflection related to the application and diffusion of practices like the audit of security, the security assessment and the penetration tests. The main goal in mindis to share and inform with all and mostly consulting professionals of security, along with all major business that require to have a secure network, and who doesn’t? This will go over the necessity to incorporate these practices like proactive tools in managing and administrating the security for the modern organizations in today’s business.
2
Introduction:
The present infrastructure intoday’s telecommunications networks has been in charge to generate new and outstanding well known businesses that have allowed to the expansion and generation of markets that were once unknown , and has sustained the growth of other utilities from multiple companies in the world.
In this system, the information that travels through every network, every infrastructure, every single major ISP,has become one of the major treasures of every single company in the world. This has become the motor of knowledge to recognize the fluctuations of the surroundings in which they travel. Therefore, one needs to become knowledgeable about the security in which their data travels and develop positions and clear and safe actions against the strategic intelligence of the company so all theirconfidential data won’t be comprised: •
Information about the sensitive markets: product plans, penetration in segments of markets, identification of clients.
•
Financial information: State of losses and gains, state of the projects, budgets of operation and investment.
• •
Industrial secrets: formulas of products, exclusive designs. Processes of technological advantage: Related to how thecompany produces and distributes its products or services that generally are not found documented.
3
•
Information about the personnel: Contracts, repayment, payments, social security, insurances.
•
Information of clients: Products or services that they use statistics about its consumptions.
• •
Product information: Designs, proposals, ideas and concepts. Internal information:Definitive memorandum reports, rough drafts, conversations.
•
Information of security: Devices or used safety mechanisms, zones of maximum security, plans of security.
As stated above, the organization must establish certain directions for the company security that allows one to manage and to protect the assets in the best possible way. Also, based on those set of rules, one needs toformulate and to promote practices that support and verify the guidelines formulated based on the security needs. For such reason, exercises like security audit, evaluation of the security and penetration tests have arisen that allow us to know with certain depth the weaknesses and threats to that the critical information of an organization that’s stored, created or transported by electronic means ,which is critical for every organization or company.
4
Security Audit for IT Personnel:
What is a Security Audit? “a computer security audit is a systematic, measurable technical assessment of how the organization's security policy is employed at a specific site. Computer security auditors work with the full knowledge of the organization, at times with considerable...
Leer documento completo
Regístrate para leer el documento completo.