Welcome. As we begin day 2, or the second major set of courses in Security Essentials, the focus will be on defense in depth. This is a term that was coined by the Department of Defense and is a crucially important concept in information assurance. The topics that we are going to cover areshown below. | Security Essentials Day 2 Threat and the Need for Defense in Depth Information Assurance Foundations - SANS 2001 1 Welcome. As we begin day 2 or the second major set of courses in Security Essentials the focus will be on defense in depth. This is a term that was coined by the Department of Defense and is a crucially important concept in information assurance. The topics that we are going to cover are shown below. Security Fundamentals Confidentiality Integrity Availability Threat and risk Security Policy What it is and what it is not How to implement an effective policy Passwords Overview of passwords LC3 Crack Incident Handling 6 step guide Information Warfare Defensive strategies Offensive strategies Web security Web security vulnerabilities Web security defenses These are all components of a defense in depth risk management framework as we will explain in our next slide titled Defense in Depth. 1 - 1 Defense in Depth We have covered perimeter defense vulnerability scanning host and network intrusion detection honeypots honeynets and risk assessment is there more Now we add security policy password strength and assessment incident handling information warfare and web security. Defense in Depth - SANS 2001 2 Are we there yet Sorry not yet. The slide shows that while we have covered a lot of important topics we still have a ways to go The concept behind defense in depth is conceptually simple. The picture we have painted so far is that a good security architecture one that can withstand the threat has many aspects and dimensions. We need to be certain that if one countermeasure fails there are more behind it. If they all fail we need to be ready to detect that something has occurred and clean up the mess expeditiously and completely and then tune our defenses to keep it from happening to us again. One of the most effective attacks that penetrates standard perimeters is malicious code. These are things like viruses and Trojan software. They come in as attachments to