5.6 it stream moderator (mauritius)

707 views

Published on

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
707
On SlideShare
0
From Embeds
0
Number of Embeds
54
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

5.6 it stream moderator (mauritius)

  1. 1. <ul><ul><li>Moderator: </li></ul></ul><ul><ul><li>Dhan Koolwant </li></ul></ul><ul><ul><li>Sales Manager </li></ul></ul><ul><ul><li>Business Development Group </li></ul></ul><ul><ul><li>State Informatics Limited – Mauritius </li></ul></ul><ul><ul><li>[email_address] - +230 2536377 </li></ul></ul>IT STREAM   www.sil.mu
  2. 2. <ul><ul><li>IT Security Audit of Information Systems </li></ul></ul><ul><ul><li>Presentation by Mr Imran Ameerally </li></ul></ul><ul><ul><li>of the IT Security Unit of the Ministry </li></ul></ul><ul><ul><li>of Information and Communication Technology </li></ul></ul>IT STREAM   www.sil.mu
  3. 3. <ul><li>Incorporating Security in IT Solutions for Corporate Registers </li></ul><ul><ul><li>Presentation by Mr Vishal Soockeea </li></ul></ul><ul><ul><li>Account Manager </li></ul></ul><ul><ul><li>Business Development Group </li></ul></ul><ul><ul><li>State Informatics Limited </li></ul></ul>IT STREAM   www.sil.mu
  4. 4. <ul><li>About IT Security Unit </li></ul><ul><li>Types of Audits Conducted </li></ul><ul><li>Companies Division Audit </li></ul><ul><li>Audit Tasks </li></ul><ul><li>Audit Deliverables </li></ul><ul><li>Audit Findings </li></ul><ul><li>Benefits of an Audit </li></ul>IT SECURITY AUDIT OF INFORMATION SYSTEMS   www.sil.mu
  5. 5. <ul><li>ISO/IEC 27001 Internal audits </li></ul><ul><li>Information Security Assesments </li></ul><ul><li>In House Security Audits </li></ul><ul><li>Outsourced Security Audits </li></ul>TYPES OF AUDITS CONDUCTED   www.sil.mu
  6. 6. <ul><li>Phase 1 – Planning the Audit </li></ul><ul><li>Phase 2 – Performing the Audit Work </li></ul><ul><li>Phase 3 – Reporting Audit Findings </li></ul><ul><li>Findings are broken into 3 Categories </li></ul><ul><ul><ul><li>Application Security </li></ul></ul></ul><ul><ul><ul><li>Network and System Security </li></ul></ul></ul><ul><ul><ul><li>Physical Security </li></ul></ul></ul>PHASES & FINDINGS IN AN AUDIT   www.sil.mu
  7. 7. <ul><li>Finding Description </li></ul><ul><li>Password can be decrypted for Application Server Control Console </li></ul><ul><li>Severity Rating (H/M/L) </li></ul><ul><li>High </li></ul><ul><li>Recommended Action(s) </li></ul><ul><li>Short Term – Stronger encryption algorithm to encrypt data passing between client and server should be implemented </li></ul><ul><li>Long Term – Security considerations should be a must in software requirement specification and analysis </li></ul>EXAMPLE 1 - FINDING UNDER AN APPLICATION SECURITY AUDIT   www.sil.mu
  8. 8. <ul><li>Finding Description </li></ul><ul><li>It is possible to view the contents of authenticated page from Back button of the browser. </li></ul><ul><li>Severity Rating (H/M/L) </li></ul><ul><li>High </li></ul><ul><li>Recommended Action(s) </li></ul><ul><li>Short Term – The back button of the browser should be disabled for all authenticated pages. Otherwise, the user may lose track and a malicious user can get access to his session simply by clicking on the back button of the browser. </li></ul><ul><li>Long Term – Necessary controls in an application should be identified using Threat modeling to ensure that the application is protected against common types of attacks based on the threats it faces </li></ul>EXAMPLE 2 - FINDING UNDER AN APPLICATION SECURITY AUDIT   www.sil.mu
  9. 9. <ul><li>Physical Security </li></ul><ul><li>Server and System Software Security </li></ul><ul><li>Database Security and Audit Trail </li></ul><ul><li>Authentication to the Application </li></ul><ul><li>Application Level Security </li></ul><ul><li>Online Applications Security </li></ul>SECURITY COMPONENTS IN IT SOLUTIONS FOR CORPORATE REGISTERS   www.sil.mu
  10. 10. <ul><li>Physical Security </li></ul><ul><li>Server and System Software Security </li></ul><ul><li>Database Security and Audit Trail </li></ul><ul><li>Authentication to the Application </li></ul><ul><li>Application Level Security </li></ul><ul><li>Online Applications Security </li></ul>IT SYSTEM COMPONENTS FOR SECURITY CONSIDERATION   www.sil.mu
  11. 11. <ul><li>QUESTIONS RAISED & CLARIFICATIONS REQUESTED </li></ul>IT SECURITY AUDIT OF INFORMATION SYSTEMS & INCORPORATING SECURITY IN IT SOLUTIONS FOR CORPORATE REGISTERS   www.sil.mu
  12. 12. <ul><li>English : How are You ? </li></ul><ul><li>French : Comment allez vous ? </li></ul><ul><li>Creole (Mauritian Dialect): Ki Maniere ? </li></ul><ul><li>Response: Corek (fine) / pas Corek (not fine) </li></ul>A MAURITIAN COMMONLY USED EXPRESSION   www.sil.mu
  13. 13. <ul><li>Thank You </li></ul>  www.sil.mu

×