Your SlideShare is downloading. ×
5.6 it stream moderator (mauritius)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

5.6 it stream moderator (mauritius)

480

Published on

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
480
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1.
      • Moderator:
      • Dhan Koolwant
      • Sales Manager
      • Business Development Group
      • State Informatics Limited – Mauritius
      • [email_address] - +230 2536377
    IT STREAM   www.sil.mu
  • 2.
      • IT Security Audit of Information Systems
      • Presentation by Mr Imran Ameerally
      • of the IT Security Unit of the Ministry
      • of Information and Communication Technology
    IT STREAM   www.sil.mu
  • 3.
    • Incorporating Security in IT Solutions for Corporate Registers
      • Presentation by Mr Vishal Soockeea
      • Account Manager
      • Business Development Group
      • State Informatics Limited
    IT STREAM   www.sil.mu
  • 4.
    • About IT Security Unit
    • Types of Audits Conducted
    • Companies Division Audit
    • Audit Tasks
    • Audit Deliverables
    • Audit Findings
    • Benefits of an Audit
    IT SECURITY AUDIT OF INFORMATION SYSTEMS   www.sil.mu
  • 5.
    • ISO/IEC 27001 Internal audits
    • Information Security Assesments
    • In House Security Audits
    • Outsourced Security Audits
    TYPES OF AUDITS CONDUCTED   www.sil.mu
  • 6.
    • Phase 1 – Planning the Audit
    • Phase 2 – Performing the Audit Work
    • Phase 3 – Reporting Audit Findings
    • Findings are broken into 3 Categories
        • Application Security
        • Network and System Security
        • Physical Security
    PHASES & FINDINGS IN AN AUDIT   www.sil.mu
  • 7.
    • Finding Description
    • Password can be decrypted for Application Server Control Console
    • Severity Rating (H/M/L)
    • High
    • Recommended Action(s)
    • Short Term – Stronger encryption algorithm to encrypt data passing between client and server should be implemented
    • Long Term – Security considerations should be a must in software requirement specification and analysis
    EXAMPLE 1 - FINDING UNDER AN APPLICATION SECURITY AUDIT   www.sil.mu
  • 8.
    • Finding Description
    • It is possible to view the contents of authenticated page from Back button of the browser.
    • Severity Rating (H/M/L)
    • High
    • Recommended Action(s)
    • Short Term – The back button of the browser should be disabled for all authenticated pages. Otherwise, the user may lose track and a malicious user can get access to his session simply by clicking on the back button of the browser.
    • Long Term – Necessary controls in an application should be identified using Threat modeling to ensure that the application is protected against common types of attacks based on the threats it faces
    EXAMPLE 2 - FINDING UNDER AN APPLICATION SECURITY AUDIT   www.sil.mu
  • 9.
    • Physical Security
    • Server and System Software Security
    • Database Security and Audit Trail
    • Authentication to the Application
    • Application Level Security
    • Online Applications Security
    SECURITY COMPONENTS IN IT SOLUTIONS FOR CORPORATE REGISTERS   www.sil.mu
  • 10.
    • Physical Security
    • Server and System Software Security
    • Database Security and Audit Trail
    • Authentication to the Application
    • Application Level Security
    • Online Applications Security
    IT SYSTEM COMPONENTS FOR SECURITY CONSIDERATION   www.sil.mu
  • 11.
    • QUESTIONS RAISED & CLARIFICATIONS REQUESTED
    IT SECURITY AUDIT OF INFORMATION SYSTEMS & INCORPORATING SECURITY IN IT SOLUTIONS FOR CORPORATE REGISTERS   www.sil.mu
  • 12.
    • English : How are You ?
    • French : Comment allez vous ?
    • Creole (Mauritian Dialect): Ki Maniere ?
    • Response: Corek (fine) / pas Corek (not fine)
    A MAURITIAN COMMONLY USED EXPRESSION   www.sil.mu
  • 13.
    • Thank You
      www.sil.mu

×