TAILIEUCHUNG - Improvements Needed in EPA’s Network Security Monitoring Program

Not all the chapters will be of interest to all readers. In some cases we describe and critique a standard in great detail. These chapters might not be of interest to students or people trying to get a conceptual understanding of the field. But in many cases the standards are written fairly unintelligi- bly. People who need to understand the standard, perhaps to implement it, or maybe even to use it, need to have a place where it is described in a readable way (and we strive for readability), but also a place in which mistakes in the standard are pointed out as such. It’s. | . ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Improvements Needed in EPA s Network Security Monitoring Program Report No. 12-P-0899 September 27 2012 Scan this mobile code to learn more about the EPA OIG. Report Contributors Rudolph M. Brevard Cheryl Reid Vincent Campbell Neven Soliman Kyle Denning Abbreviations ASSERT CERT CSIRC CTS EPA ISO IT NCC NIST OEI OIG OTOP POA M SIEM SP TISS Automated System Security Evaluation and Remediation Tracking Computer Emergency Response Team Computer Security Incident Response Capability Center Customer Technology Solutions . Environmental Protection Agency Information Security Officer Information Technology National Computer Center National Institute of Standards and Technology Office of Environmental Information Office of Inspector General Office of Technology Operations and Planning Plans of Actions and Milestones Security Incident and Event Management Special Pub lication Technology and Information Security Staff Hotline To report fraud waste or abuse contact us through one of the following methods e-mail OIG Hotline@ write EPA Inspector General Hotline phone 1-888-546-8740 1200 Pennsylvania Avenue NW fax 202-566-2599 Mailcode 2431T online http oig Washington DC 20460 . Environmental Protection Agency Office of Inspector General At a Glance 12-P-0899 September 27 2012 Why We Did This Review The . Environmental Protection Agency EPA Office of Inspector General OIG conducted this audit to 1 identify which tools EPA uses to identify analyze and resolve cyber-security incidents 2 identify steps implemented to resolve known weaknesses in its incidence response capabilities and 3 evaluate how users report security incidents. Continually monitoring network threats through intrusion detection and prevention systems and other mechanisms is essential. Establishing clear procedures for assessing the current and potential business impact of incidents is critical as is .

• An ninh - Bảo mật
• network security
• system security
• information security
• hacker proof
• computer security
• data security
• Web security
• security rules
• encryption techniques
• security techniques
• Security chat rooms
• especially
• Network Security Tools
• CCNA Security
• Lecture CCNA Security
• Modern Network Security Threats
• Evolution of Network Security
• Drivers for Network Security
• Network Perimeter
• Network Perimeter Security
• Network Security Principles
• Cryptography
• IDS Tools
• CGI attacks
• network intruders
• Managing Security
• Wireless
• Wireless Network Security
• attack techniques
• defensive techniques
• operating system security
• application security
• security policy
• Network Security Fundamentals
• Guide to Network Security Fundamentals
• Define information security
• Information security careers
• Operational security
• Harden physical security
• Secure the physical environment
• Mobile device security
• Lecture Network security
• Computer network
• Computer hacking
• Internet security
• Network security model
• Securing the Network Infrastructure
• Network cable plant
• Secure removable media
• Network security hacks
• Ebook Network security hacks
• Network security technologies
• Unix host security
• Windows host security
• Wireless Security
• Advanced security
• Computer forensics
• Harden security
• Network Management Security
• Management Security
• security mechanisms
• security services
• security architecture
• encryption system
• Security principles
• Effective authentication methods
• Control access to computer systems
• Security Baselines
• Disable nonessential systems
• Harden operating systems
• Protect e mail systems
• World Wide Web vulnerabilities
• Security policy cycle
• Risk identification
• Security management
• Identity management
• Plan for change management
• CompTIA® Security+
• CompTIA Security+ certification
• Linux file manipulation tools
• Internal physical security controls
• Network hardware security modules