Scribd Logo
Upload

Welcome to Scribd!

  • 41 views

    By: Janry P. Maglangit

    Uploaded by

    Janry Magheaven
    The document provides a checklist for IT project managers to implement security within IT projects. It outlines key technical levels to consider like the network, virtualization, operating systems and applications. For each level, the checklist identifies important security topics such as roles and permissions, monitoring, authentication, encryption, operational safety, and access control. The checklist also notes the importance of secure programming for in-house development and considering security during all phases of an IT project from idea to deployment.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    By: Janry P. Maglangit

    Uploaded by

    Janry Magheaven
    41 views12 pages
    The document provides a checklist for IT project managers to implement security within IT projects. It outlines key technical levels to consider like the network, virtualization, operating systems and applications. For each level, the checklist identifies important security topics such as roles and permissions, monitoring, authentication, encryption, operational safety, and access control. The checklist also notes the importance of secure programming for in-house development and considering security during all phases of an IT project from idea to deployment.

    Original Title

    reecho

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides a checklist for IT project managers to implement security within IT projects. It outlines key technical levels to consider like the network, virtualization, operating systems and applications. For each level, the checklist identifies important security topics such as roles and permissions, monitoring, authentication, encryption, operational safety, and access control. The checklist also notes the importance of secure programming for in-house development and considering security during all phases of an IT project from idea to deployment.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    41 views12 pages

    By: Janry P. Maglangit

    Uploaded by

    Janry Magheaven
    The document provides a checklist for IT project managers to implement security within IT projects. It outlines key technical levels to consider like the network, virtualization, operating systems and applications. For each level, the checklist identifies important security topics such as roles and permissions, monitoring, authentication, encryption, operational safety, and access control. The checklist also notes the importance of secure programming for in-house development and considering security during all phases of an IT project from idea to deployment.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 12

    By: Janry P.

    Maglangit
    IT Security Projects from the Very Beginning!
    Protection Goals

    - Confidentiality - Authenticity

    -Integrity / Immutability

    -Liability, Legally Binding

    -Availability

     -Data Stamping/Dating Privacy / Anonymity


    Security is a Process
    IT Security Standards
    Expression Potpourri

    - Cybersecurity, Internet Security, Cloud Security, loT, Forensics,


    Network Security, Application Security, Web Application Security,
    Virtualization. Firewall, Router, Spoofing, Sniffing

    - Hacker, Cracker, Cyber Criminals, Security Researcher, Audit, Pentest/


    Penetrationstest, Hacking, Reverse Engineering

    -Phishing, Social Engineering. Safety/Security Culture, Awareness

    - Malware, Virus, Trojan, Worm, Spyware, Adware, Hoax Anti-Virus,


    Exploit, Rootkit, Zero-Day-Exploit, Buffer Overflow, Backdoo Denial-of-
    Service /
    Client-, Server-, Browser-Security, Patch Management

    - Cryptography, Crypto, Encryption, PKI, Public Key. (Digital)


    Signature, Certificates, RSA, AES, Two-factor / Multi-factor
    Authentification, Smartcard, (OTP-/RSA-) Token, Password
    Management, Brute-Force, (SMS-/App-) TAN

    -ISO-27000, PCI-DSS, PCI-PA-DSS, OWASP Top 10

    - Baseline Security
    Checklist for Project Managers

    The following checklist is intended to serve IT project


    managers as a guide to implement the often overlooked
    topics of IT security within IT projects. The list is not
    exhaustive. IT projects differ greatly in their requirements.
    Should enterprise-wide requirements exist then these are,
    of course, to be considered in the first place. For
    international projects, country-specific requirements, in
    particular coming from data protection laws, have to be
    considered as well.
    Technical levels:

    Similar to the OSI model, the various technical levels have to


    be investigated if applicable for a project.

    1. Network layer: This includes the network concept (for


    example, the appropriate segmentation) and all network
    components such as switches, routers, network firewalls,
    VLAN settings, and wireless access points. Advanced
    components could be intrusion detection or intrusion
    prevention systems (IDS/IPS).
    2. Virtualization level. Should virtualized
    components being used, the virtualization
    management software must be configured and
    hardened properly. It must also be verified
    whether an adequate level of security for the
    project can even be achieved using
    virtualization. For instance, in some projects
    virtualized firewalls might be out of question.
    3. Operating system level and application level: In
    addition to the actual applications,

    this also includes used libraries, extensions, runtimes,


    server components (for example, web server) and
    middleware components. Operating on up-to-date and
    secure software must be ensured but also the secure
    configuration of all components (for example, web server
    configuration). The general term for this is system
    hardening. Also included in this category are enhanced
    security components such as application-level firewalls.
    Other topics that must be covered within the
    project for each technical level:

    1. Roles and Permissions

    2. Monitoring and logging (e.g., system behavior,


    login and access patterns)

    3. Authentication methods for an adequate level of


    security (for example, password authentication,
    two-factor authentication)
    4. Encryption concept: It is necessary to
    clarify whether an encryption concept is
    required for an adequate level of
    security, for example through the use of
    database, file, disk, or e-mail encryption
    solutions.

    5. Operational safety and reliability

    6. Access protection and entry control for


    physical access to IT systems
    In-House Development (Secure Programming)

    Project Idea and Project Development

    Technical Acceptance Tests

    Operational Reliability

    You might also like