–
Information Security – The Missing Elements
Ahmed Albalooshi, CISA. CISA
President,
Bahrain Internet Society.

Objective
Identify Information
Security model to protect
your business against
threats
For:
 Organizations

 Kingdom of Bahrain

–
Information Security – The Missing Elements

News Headlines
 BBC team exposes cyber 
crime risk
 Estonia Cyber War

 More Data Breached In

2008 Than In Previous
Four Years Combined
–
Information Security – The Missing Elements

Question
Can anyone from the
audience assure that
his/her organization
is safeguarded form
hacking by posing a
financial reward for
whoever can?
–
Information Security – The Missing Elements

Importance of
Information
Security
 Protect profit and 
reputation

 Regulatory Compliance

 Protection of Intellectual
Property 
 Avoid Penalties 
 Loss of customers’ data 
 Coping with Disasters

 Adhere to Service Level
Agreements
–
Information Security – The Missing Elements

Information
Security Concept
Confidentiality
Information
Security
Availability Integrity
–
Information Security – The Missing Elements

Security
Technologies
 Layer 7 Firewalls 
 Intrusion Prevention

Systems (IPS)

 Multifactor Authentication

 Multi Engine Anti Virus
 End Point Security 
 Virtual Private Network 
(VPN)

 Virtual LANS (VLAN)

 Vulnerability

Assessments
 Honeybots 
 …etc.
–
Information Security – The Missing Elements

Information Security
Management Model
• Strategy •
• Vision and Mission •
Organization -
• Governance •
• IT Governance •
• People Execute •
Processes
• People Uses •
Technology
• Technology enable •
processes
• The Perfect Model •
• Senior •
Management
Responsibility
–
Information Security – The Missing Elements

Information Security
Program Example
1. Senior Management
approval and support
2. Define Roles and
Responsibilities
3. Assets Classification
4. Risk Management
5. Information Security
Manual Development:
Policies, Processes and
Procedures and Guidelines
6. Security Assessments And
Reviews
–
Information Security – The Missing Elements

Information Security
Program Example
7. Security Awareness And
Training
8. Security Monitoring
9. Security Incident
Response
10. Business Continuity
Planning and Disaster
Recovery
–
Information Security – The Missing Elements

Summary
 Information Security is a 
business requirement
that will cascade on
people, process and
technology in order to
achieve organization’s
strategy and objectives
 Information Security is 
senior management
responsibility

 Don’t be afraid of going
slowly. Only be afraid of
standing still
–
Information Security – The Missing Elements

Bahrain: Secure ICT Business Friendly

Information
Security In Bahrain
Bahrain Economic Vision
2030 stress on the
importance of ICT to
empower citizens,
government and private
sector.
How will Bahrain ensure the
security of ICT in order to
fulfill the vision?
–
Information Security – The Missing Elements

Information
Security In Bahrain
Establish Computer Security
Incident Response Center
Benefits:
 Trusted point of contact

 Coordinate incidents

within Bahrain

 Capability to compat
incidents within Bahrain 
 Provide help and advisory
on incidents and security 
best practices 
National Security Monitor
 Coordinate with
International centers
–
Information Security – The Missing Elements

–
Information Security – The Missing Elements
Thank You
By:
Ahmed Albalooshi, CISA. CISA
President,
Bahrain Internet Society.
ahmed.albalooshi@bis.org.bh