Educational portal and Student Information Systems
Official website of corporations, government
Aspects that need security on the internet
Identity – who we are
Profiles, user names, accounts
Possessions – what we own
Information on resources: money, grades, property
Information flow – what we “say”
Money transfers, sent e-mails, instant messages, submitted documents
IT assets – what we utilize for our life on the net
PCs, notebooks, flash drives, mobile phones,…
Attach sophistication vs. Intruders knowledge
Best practices for information security for senior managers
Best practices – part 1
General management: Managers throughout the organization consider information security a normal part of their responsibility and the responsibility of every employee.
Policy: Develop, deploy, review, and enforce security policies that satisfy business objectives.
One of the tests of leadership is the ability to
recognize a problem before it becomes an emergency.
Arnold Glasgow (1908-1970)
Best practices – part 2
Risk Management: Periodically conduct an information security risk evaluation that identifies critical information assets, threats to critical assets, asset vulnerabilities, and risks.
In cases of defense ‘tis best to weigh the enemy
more mighty than he seems.
Best practices – part 3
Security Architecture & Design: Generate, implement, and maintain an enterprise- (or site-) wide security architecture, based on satisfying business objectives and protecting the most critical information assets.
User Issues - Accountability and Training, and Adequate Expertise: Establish accountability for user actions, train for accountability and enforce it, as reflected in organizational policies and procedures. Ensure that there is adequate in-house expertise or explicitly outsourced expertise for all supported technologies, including the secure operation of those technologies.
There is one safeguard known generally to the wise, which is an advantage and security to all...What is it? Distrust.