Scribd Logo
Carica

Benvenuto in Scribd!

  • Correcciones

    Caricato da

    Jonatan López
    16 visualizzazioni5 pagine
    CORRECCIONES

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    CORRECCIONES

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    16 visualizzazioni5 pagine

    Correcciones

    Caricato da

    Jonatan López
    CORRECCIONES

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 5

    UNIVERSIDAD MARIANO GÁLVEZ DE GUATEMALA

    CENTRO UNIVERSITARIO QUETZALTENANGO


    MAESTRÍA EN SEGURIDAD INFORMÁTICA

    ASIGNATURA: INTRODUCCIÓN A LA SEGURIDAD INFORMÁTICA


    DOCENTE: ING. MATTHEW SEIGNÉ
    TRIMESTRE: PRIMERO

    ACTIVIDAD:
    Resumen Libro “Information Security Architecture”

    GRUPO 1
    Gerardo Natán Dominguez Miranda 1693-13-3624
    Lidvin Osbelí Fuentes Navarro 1693-11-6192
    Gerardo Emmanuel Dávila Morales 1693-11-14005
    Eddy Estuardo Agustin Marroquin 1693-13-13796
    David Jonatán López Monzón 1693-12-4143
    Wilson Yeferson Garcia Lopez 1693-14-5405

    QUETZALTENANGO, FEBRERO DE 2019


    Information Security Architecture
    In order to be able to have greater flexibility and speed when sharing information in a company, it
    has been used to the implementation of a network, in this case the company is to worry about
    creating a solid and secure network to be able to share its sensitive information to the nodes .
    To ensure the management of security Confidentiality, integrity and availability Of all the
    information and the network of the company.

    Confidentiality
    Fragmentation of the physical network is used in several logical subnets using Vlans.

    Integrity
    By booking the access rights to the data and communications center, to the authorized personnel.

    Availability
    Guaranteeing backups of information and contingency plans against risks of natural, human and
    logical origin.

    A Firewall as an information protection tool


    Within a company we must have tools of protection like a firewall, that helps us in:
    • Network inbound and outbound traffic control
    • Attacks two
    • ICMP attack

    To do this we have to count not only with the tools but also Also With the Staff indicated and
    trained to perform the correct configuration and implementation of the firewall, with this
    maximizing protection.

    Within an ISP, it is important to deploy the firewall, which are built into Of all the network servers,
    which protect from DoS attacks

    Client/server environments:
    The client/server environment has evolved and now refers to a system that divides the workload
    between the PC and a larger computer on a network. Despite the drawbacks in implementing this
    environment which can be the costs and management, the company SmartSolusiones In spite Of all
    the Cost It is more beneficial because users can work more efficiently, reducing response time,
    getting the information they need more quickly without having to apply through a third party
    achieving more efficient use of resources Existing.

    The rapid pace of change in communications technology has led infrastructure service organizations
    to have a piecemeal look at their communications needs and security practices, creating a
    Unmanageable and risk-friendly environment.

    The company network is constituted by several ISPs, which is distributed on VLAN, this means that
    the clients are in the same network and as in a company there are departments in the same network,
    these do not communicate with each other.
    Out of curiosity people wonder how their network works, as they have access to it, mergers and
    acquisitions play a role in this situation.

    Overview of security controls

    Security includes confidentiality, integrity and availability.

    To apply the appropriate controls to an operating environment, you need to understand who or
    what poses a threat to the processing environment, and then understand what might happen (risk
    or danger) because of that threat

    When you understand the risk, management should decide what you want to do about that risk.
    Management can accept the risk as it has been evaluated and understood, or do something to
    reduce the risk to an acceptable level.

    The threat.

    Corporate information can be easily accessible, compromised or destroyed by intentional,


    unintentional or natural threats. Intentional threats are unauthorized users who unduly access data
    and information that they are not allowed to view or use. These unauthorized users may be external
    or internal to the organization and may be classified as curious or malicious.

    The curious usually just look around and are not always sure of their own intentions or what they
    will find. The malicious ones intend to rob for profit motive or to destroy resources for revenge.

    Natural hazards include equipment failures, or disasters such as earthquakes or rains that can result
    in equipment and data loss. Natural threats often affect the availability of all processing and
    information resources.

    The risks.

    There are many events that can result if a violation of confidentiality, integrity or availability occurs.

    From a business point of view, there are almost always financial losses. Business risks include
    contractual liability (contracts with persons), financial errors (accounting or non-payment losses),
    increased costs (network equipment), loss of assets (antennas, towers, Servers, bad Configuration
    or equipment fails), and public embarrassment (lack of credibility, rumors of bad service).

    Incident.

    The incidents, in the company have notifications for disconnections, where they have to be resolved
    instantly so that the clients do not complain or do not realize the incident not to lose financially.
    Risks versus implementation of controls:
    Business Control
    risks protection

    Financial Loss due to non-payment Administrative • Training and


    Error Delinquent customers Training
    • Registration and
    personnel control
    • Personnel
    selection
    Strategies

    Cost • Update network equipment Physical • Cameras Closed


    increase to transport more Data. circuit
    • Maintenance and change of • Alarm system
    Obsolete computers or • Special Insurance
    damaged. Doors
    • Per diem costs (food, • Biometrics
    transportation and lodging).
    • Equipment Maintenance
    and Repair

    Loss of • Antennas Technical • Safety Harnesses


    assets • Routers • Helmets
    • Servers • Elbow
    • Wiring • Knee pads
    • Switches • Strings
    • Damaged connectors • Gloves

    Lost Unfair competition Detective • Alerts Telephone


    Business and Mail
    • Cameras of
    security

    Public Defamation Preventive • Secure passwords


    shame • Data encryption
    • Employee safety
    • Firewall
    Information Security Architecture

    It is considered as a structure activity of the organization that focuses on the security of information
    throughout the company.
    The Enterprise information security architecture is the practice of applying a rigorous and
    comprehensive method of describing a current structure and Future and The behavior of the
    information security process.
    The strategic direction on the strengthening of information structures related to computer security
    is related in general terms to the practice of information security.

    Potrebbero piacerti anche