Your SlideShare is downloading. ×
0
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

5.6 it stream moderator (mauritius)

495

Published on

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
495
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. <ul><ul><li>Moderator: </li></ul></ul><ul><ul><li>Dhan Koolwant </li></ul></ul><ul><ul><li>Sales Manager </li></ul></ul><ul><ul><li>Business Development Group </li></ul></ul><ul><ul><li>State Informatics Limited – Mauritius </li></ul></ul><ul><ul><li>[email_address] - +230 2536377 </li></ul></ul>IT STREAM   www.sil.mu
  • 2. <ul><ul><li>IT Security Audit of Information Systems </li></ul></ul><ul><ul><li>Presentation by Mr Imran Ameerally </li></ul></ul><ul><ul><li>of the IT Security Unit of the Ministry </li></ul></ul><ul><ul><li>of Information and Communication Technology </li></ul></ul>IT STREAM   www.sil.mu
  • 3. <ul><li>Incorporating Security in IT Solutions for Corporate Registers </li></ul><ul><ul><li>Presentation by Mr Vishal Soockeea </li></ul></ul><ul><ul><li>Account Manager </li></ul></ul><ul><ul><li>Business Development Group </li></ul></ul><ul><ul><li>State Informatics Limited </li></ul></ul>IT STREAM   www.sil.mu
  • 4. <ul><li>About IT Security Unit </li></ul><ul><li>Types of Audits Conducted </li></ul><ul><li>Companies Division Audit </li></ul><ul><li>Audit Tasks </li></ul><ul><li>Audit Deliverables </li></ul><ul><li>Audit Findings </li></ul><ul><li>Benefits of an Audit </li></ul>IT SECURITY AUDIT OF INFORMATION SYSTEMS   www.sil.mu
  • 5. <ul><li>ISO/IEC 27001 Internal audits </li></ul><ul><li>Information Security Assesments </li></ul><ul><li>In House Security Audits </li></ul><ul><li>Outsourced Security Audits </li></ul>TYPES OF AUDITS CONDUCTED   www.sil.mu
  • 6. <ul><li>Phase 1 – Planning the Audit </li></ul><ul><li>Phase 2 – Performing the Audit Work </li></ul><ul><li>Phase 3 – Reporting Audit Findings </li></ul><ul><li>Findings are broken into 3 Categories </li></ul><ul><ul><ul><li>Application Security </li></ul></ul></ul><ul><ul><ul><li>Network and System Security </li></ul></ul></ul><ul><ul><ul><li>Physical Security </li></ul></ul></ul>PHASES & FINDINGS IN AN AUDIT   www.sil.mu
  • 7. <ul><li>Finding Description </li></ul><ul><li>Password can be decrypted for Application Server Control Console </li></ul><ul><li>Severity Rating (H/M/L) </li></ul><ul><li>High </li></ul><ul><li>Recommended Action(s) </li></ul><ul><li>Short Term – Stronger encryption algorithm to encrypt data passing between client and server should be implemented </li></ul><ul><li>Long Term – Security considerations should be a must in software requirement specification and analysis </li></ul>EXAMPLE 1 - FINDING UNDER AN APPLICATION SECURITY AUDIT   www.sil.mu
  • 8. <ul><li>Finding Description </li></ul><ul><li>It is possible to view the contents of authenticated page from Back button of the browser. </li></ul><ul><li>Severity Rating (H/M/L) </li></ul><ul><li>High </li></ul><ul><li>Recommended Action(s) </li></ul><ul><li>Short Term – The back button of the browser should be disabled for all authenticated pages. Otherwise, the user may lose track and a malicious user can get access to his session simply by clicking on the back button of the browser. </li></ul><ul><li>Long Term – Necessary controls in an application should be identified using Threat modeling to ensure that the application is protected against common types of attacks based on the threats it faces </li></ul>EXAMPLE 2 - FINDING UNDER AN APPLICATION SECURITY AUDIT   www.sil.mu
  • 9. <ul><li>Physical Security </li></ul><ul><li>Server and System Software Security </li></ul><ul><li>Database Security and Audit Trail </li></ul><ul><li>Authentication to the Application </li></ul><ul><li>Application Level Security </li></ul><ul><li>Online Applications Security </li></ul>SECURITY COMPONENTS IN IT SOLUTIONS FOR CORPORATE REGISTERS   www.sil.mu
  • 10. <ul><li>Physical Security </li></ul><ul><li>Server and System Software Security </li></ul><ul><li>Database Security and Audit Trail </li></ul><ul><li>Authentication to the Application </li></ul><ul><li>Application Level Security </li></ul><ul><li>Online Applications Security </li></ul>IT SYSTEM COMPONENTS FOR SECURITY CONSIDERATION   www.sil.mu
  • 11. <ul><li>QUESTIONS RAISED & CLARIFICATIONS REQUESTED </li></ul>IT SECURITY AUDIT OF INFORMATION SYSTEMS & INCORPORATING SECURITY IN IT SOLUTIONS FOR CORPORATE REGISTERS   www.sil.mu
  • 12. <ul><li>English : How are You ? </li></ul><ul><li>French : Comment allez vous ? </li></ul><ul><li>Creole (Mauritian Dialect): Ki Maniere ? </li></ul><ul><li>Response: Corek (fine) / pas Corek (not fine) </li></ul>A MAURITIAN COMMONLY USED EXPRESSION   www.sil.mu
  • 13. <ul><li>Thank You </li></ul>  www.sil.mu

×