Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ACTIVIDAD:
Resumen Libro “Information Security Architecture”
GRUPO 1
Gerardo Natán Dominguez Miranda 1693-13-3624
Lidvin Osbelí Fuentes Navarro 1693-11-6192
Gerardo Emmanuel Dávila Morales 1693-11-14005
Eddy Estuardo Agustin Marroquin 1693-13-13796
David Jonatán López Monzón 1693-12-4143
Wilson Yeferson Garcia Lopez 1693-14-5405
Confidentiality
Fragmentation of the physical network is used in several logical subnets using Vlans.
Integrity
By booking the access rights to the data and communications center, to the authorized personnel.
Availability
Guaranteeing backups of information and contingency plans against risks of natural, human and
logical origin.
To do this we have to count not only with the tools but also Also With the Staff indicated and
trained to perform the correct configuration and implementation of the firewall, with this
maximizing protection.
Within an ISP, it is important to deploy the firewall, which are built into Of all the network servers,
which protect from DoS attacks
Client/server environments:
The client/server environment has evolved and now refers to a system that divides the workload
between the PC and a larger computer on a network. Despite the drawbacks in implementing this
environment which can be the costs and management, the company SmartSolusiones In spite Of all
the Cost It is more beneficial because users can work more efficiently, reducing response time,
getting the information they need more quickly without having to apply through a third party
achieving more efficient use of resources Existing.
The rapid pace of change in communications technology has led infrastructure service organizations
to have a piecemeal look at their communications needs and security practices, creating a
Unmanageable and risk-friendly environment.
The company network is constituted by several ISPs, which is distributed on VLAN, this means that
the clients are in the same network and as in a company there are departments in the same network,
these do not communicate with each other.
Out of curiosity people wonder how their network works, as they have access to it, mergers and
acquisitions play a role in this situation.
To apply the appropriate controls to an operating environment, you need to understand who or
what poses a threat to the processing environment, and then understand what might happen (risk
or danger) because of that threat
When you understand the risk, management should decide what you want to do about that risk.
Management can accept the risk as it has been evaluated and understood, or do something to
reduce the risk to an acceptable level.
The threat.
The curious usually just look around and are not always sure of their own intentions or what they
will find. The malicious ones intend to rob for profit motive or to destroy resources for revenge.
Natural hazards include equipment failures, or disasters such as earthquakes or rains that can result
in equipment and data loss. Natural threats often affect the availability of all processing and
information resources.
The risks.
There are many events that can result if a violation of confidentiality, integrity or availability occurs.
From a business point of view, there are almost always financial losses. Business risks include
contractual liability (contracts with persons), financial errors (accounting or non-payment losses),
increased costs (network equipment), loss of assets (antennas, towers, Servers, bad Configuration
or equipment fails), and public embarrassment (lack of credibility, rumors of bad service).
Incident.
The incidents, in the company have notifications for disconnections, where they have to be resolved
instantly so that the clients do not complain or do not realize the incident not to lose financially.
Risks versus implementation of controls:
Business Control
risks protection
It is considered as a structure activity of the organization that focuses on the security of information
throughout the company.
The Enterprise information security architecture is the practice of applying a rigorous and
comprehensive method of describing a current structure and Future and The behavior of the
information security process.
The strategic direction on the strengthening of information structures related to computer security
is related in general terms to the practice of information security.