SlideShare a Scribd company logo

Information Security Basics

D
DataExchangeAgency

• Introduction to information security. What is information security, threat, risks, vulnerabilities, basic terms and definition? • Building blocks of information security strategy, policies and standards. Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x). • Actions, roles and responsibilities. What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals. By Vasil Tsvimitidze

Technology
1 of 34
Georgia NATO FROM STRATEGY TO ACTION Turkey, Ankara 2012 Vasil Tsvimitidze
Introduction 2 Introduction to information security. What is information security, threat, risks, vulnerabilities, basic terms and definition? Building blocks of information security strategy, policies and standards. Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x). Actions, roles and responsibilities. What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals.
First sections 3 Introduction to information security. What is Information? What is Information Security? What is RISK?
Information 4 Information 'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’ Information can be  Created  Stolen  Stored  Printed or written on paper  Destroyed  Stored electronically  Processed Transmitted by post or using  Transmitted electronics means  Used – (For proper &  Shown on corporate videos improper purposes)  Corrupted  Displayed / published on web  Lost  Verbal – spoken in conversations ‘…Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected’
Information Security 5 What Is Information Security  The quality or state of being secure to be free from danger  Security is achieved using several strategies  Security is achieved using several strategies simultaneously or used in combination with one another  Security is recognized as essential to protect vital processes and the systems that provide those processes  Security is not something you buy, it is something you do  The architecture where an integrated combination of appliances, systems and solutions, software, alarms, and vulnerability scans working together  Monitored 24x7  Having People, Processes, Technology, policies, procedures,  Security is for PPT and not only for appliances or devices
Information Security vs IT Security 6 Information Security is preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non- repudiation and reliability can also be involved regardless of the form the information may take - electronic, printed, or other forms. IT Security is protection of the information technology assets such as computers and peripheral equipment, communications equipment, computing and communication premises, supplies and data storage media, operating system and application software.
Information Security components 7 PEOPLE PROCESSES TECHNOLOGY
People 8 People “Who we are”  People who use or interact with the Information include:  Share Holders / Owners  Management  Employees  Business Partners  Service providers  Contractors  Customers / Clients  Regulators etc…
Process 9 Process “what we do” The processes refer to "work practices" or workflow. Processes are the repeatable steps to accomplish business objectives. Typical process in our IT Infrastructure could include:  Helpdesk / Service management  Incident Reporting and Management  Change Requests process  Request fulfillment  Access management  Identity management Sar  Service Level / Third-party Services Management oj  IT procurement process etc...
10 Technology “what we use to improve what we do”  Network Infrastructure:  Application software:  Cabling, Data/Voice Networks and equipment  Finance and assets systems, including  Telecommunications services (PABX), including Accounting packages, Inventory management, VoIP services , ISDN , Video Conferencing HR systems, Assessment and reporting systems  Server computers and associated storage  Software as a service (Sass) - instead of devices software as a packaged or custom-made product. Etc..  Operating software for server computers  Physical Security components:  Communications equipment and related hardware.  CCTV Cameras  Intranet and Internet connections  Clock in systems / Biometrics  VPNs and Virtual environments  Environmental management Systems: Humidity Control, Ventilation , Air Conditioning, Fire  Remote access services Control systems  Wireless connectivity  Electricity / Power backup  Access devices:  Desktop computers, Thin client computing.  Laptops, ultra-mobile laptops and PDAs  Digital cameras, Printers, Scanners, Photocopier etc.
Information Security 11 INFORMATION SECURITY 1. Protects information from a range of threats 2. Ensures business continuity 3. Minimizes financial loss 4. Optimizes return on investments 5. Increases business opportunities Business survival depends on information security.
Information Attributes 12 ISO 27002:2005 defines Information Security as the preservation of: Ensuring that information is accessible only to  Confidentiality those authorized to have access Safeguarding the accuracy and completeness of information and processing methods  Integrity Ensuring that authorized users have access to  vailability information and associated assets when required
Information Attributes 13 Security breaches leads to…  Reputation loss  Financial loss  Intellectual property loss  Legislative Breaches leading to legal actions (Cyber Law)  Loss of customer confidence  Business interruption costs LOSS OF GOODWILL
SURVEY 14  Information Security is “Organizational Problem”  rather than “IT Problem”  More than 70% of Threats are Internal  More than 60% culprits are First Time fraudsters  Biggest Risk : People  Biggest Asset : People  Social Engineering is major threat  More than 2/3rd express their inability to determine “Whether my systems are currently compromised?”
Risk 15 What is Risk? Risk: A possibility that a threat exploits a vulnerability in an asset and causes damage or loss to the asset. Threat: Something that can potentially cause damage to the organization, IT Systems or network. Vulnerability: A weakness in the organization, IT Systems, or network that can be exploited by a threat.
16 Risk, Threats, and Vulnerabilities Relationship between Risk, Threats, and Vulnerabilities exploit Threats Vulnerabilities reduce Information Controls * Risk assets Protection Asset values Requirements
Threat Identification 17 Threat Identification Elements of threats Agent : The catalyst that performs the threat. Human Machine Nature Motive : Something that causes the agent to act. Accidental Intentional Only motivating factor that can be both accidental and intentional is human Results : The outcome of the applied threat. The results normally lead to the loss of CIA Confidentiality Integrity Availability
Threats 18  Employees  External Parties  Low awareness of security issues  Growth in networking and distributed computing  Growth in complexity and effectiveness of hacking tools and viruses  Natural Disasters  fire,  flood,  Earthquake etc.
Threat Sources 19 Threat Sources Source Motivation Threat Challenge Ego Game System hacking Social engineering External Hackers Playing Dumpster diving Deadline Financial problems Backdoors Fraud Internal Hackers Disenchantment Poor documentation System attack Social engineering Revenge Letter bombs Viruses Denial of Terrorist Political service Corruption of data Unintentional errors Malicious code introduction Programming errors System bugs Poorly trained employees Data entry errors Unauthorized access
Threat Categories and Examples 20 No Categories of Threat Example 1 Human Errors or failures Accidents, Employee mistakes 2 Compromise to Intellectual Property Piracy, Copyright infringements 3 Deliberate Acts or espionage or trespass Unauthorized Access and/or data collection 4 Deliberate Acts of Information extortion Blackmail of information exposure / disclosure 5 Deliberate Acts of sabotage / vandalism Destruction of systems / information 6 Deliberate Acts of theft Illegal confiscation of equipment or information 7 Deliberate software attacks Viruses, worms, macros Denial of service 8 Deviations in quality of service from service Power and WAN issues provider 9 Forces of nature Fire, flood, earthquake, lightening 10 Technical hardware failures or errors Equipment failures / errors 11 Technical software failures or errors Bugs, code problems, unknown loopholes 12 Technological Obsolence Antiquated or outdated technologies
Information Attributes 21 High User Virus Knowledge of IT Theft, Attacks Systems Sabotage, Misuse Systems & Lapse in Natural Network Lack Of Calamitie Physical Failure Documen s & Fire Security tation
22 ?????? SO HOW DO WE OVERCOME THESE PROBLEMS ?
Second section 23 Building blocks of information security strategy, policies and standards. Building blocks of information security strategy, policies and standards. Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x).
PDCA 24 Answer is: (Plan, Do, Check, Act) Learning international best practices Identify metrics and criteria's Selecting basic standards Building capacity Management system implemetation core standard for information security is ISO 27001
Standard History 25 History Early 1990 • DTI (UK) established a working group • Information Security Management Code of Practice produced as BSI-DISC publication 1995 • BS 7799 published as UK Standard 1999 • BS 7799 - 1:1999 second revision published 2000 • BS 7799 - 1 accepted by ISO as ISO - 17799 published • BS 7799-2:2002 published ISO 27001:2005 Information technology — Security techniques — Information security management systems — Requirements ISO 27002:2005 Information technology — Security techniques — Code of practice for information security management
ISO 27001 Features 26 ISO 27001 ISO 27001: This International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This International Standard specifies the requirements for establishing; implementing, operating, monitoring, reviewing, maintaining and improving documented ISMS within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties Features  Features of ISO 27001  Plan, Do, Check, Act (PDCA) Process Model  Process Based Approach  Stress on Continual Process Improvements  Scope covers Information Security not only IT Security  Covers People, Process and Technology  5600 plus organizations worldwide have been certified  11 Domains, 39 Control objectives, 133 controls
Second section 27 PDCA Process ISMS PROCESS Interested Interested Parties Parties Management Responsibility PLAN Establish ISMS DO ACT Implement & Maintain & Operate the Improve Information ISMS Security Managed Requirements CHECK Monitor & Information & Review ISMS Security Expectations
Main directions 28
Information Attributes 29  Information Security Policy - To provide management direction and support for Information security.  Organisation Of Information Security - Management framework for implementation  Asset Management - To ensure the security of valuable organisational IT and its related assets  Human Resources Security - To reduce the risks of human error, theft, fraud or misuse of facilities.  Physical & Environmental Security -To prevent unauthorised access, theft, compromise , damage, information and information processing facilities.  Communications & Operations Management - To ensure the correct and secure operation of information processing facilities.
Information Attributes 30  Access Control - To control access to information and information processing facilities on ‘need to know’ and ‘need to do’ basis.  Information Systems Acquisition, Development & Maintenance - To ensure security built into information system  Information Security Incident Management - To ensure information security events and weaknesses associated with information systems are communicated.  Business Continuity Management - To reduce disruption caused by disasters and security failures to an acceptable level.  Compliance - To avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations and of any security requirements.
Implementation Process 31
32 Information Security Governance On State Level Parliament Security council Low draft for Personal Data protection Law of State secret Crime code information Security Cyber security Strategy Regulation for Information Security Government Government agencies ministries and critical Data Exchange agency infrastructure Information security strategy Normative and templates Information Internal Info Information Security implementation plans Info Sec comity Security Officer Sec Audit reviewing and Analyzing •Risk management (standard, procedures, guidelines) Providing Trainings •Information asset management •Incident Management Info Sec incident Handling •End user standards and guidelines Audit reports reviewing and analyzing •Internal audit/ asurance •…. Providing recommendations depending on •…. existing global situation
Roles And Resposibilties  Information security strategy(policy)  Information security committee  Information security officer  Information Security audit  Information security specialists
Thank You Questions…

Recommended

Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
IBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterIBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterAnna Landolfi
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 

Recommended

Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
IBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterIBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterAnna Landolfi
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security ProgramSeccuris Inc.
 
Information Security
Information SecurityInformation Security
Information SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1Royalzig Luxury Furniture
 
Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trendswardell henley
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection NetworkAndrew Wong
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securitybethpatrick
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionGianmarco Ferri
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...Andris Soroka
 
Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security ServicesJad Bejjani
 
ICT Security: Defence strategies against targeted attack
ICT Security: Defence strategies against targeted attackICT Security: Defence strategies against targeted attack
ICT Security: Defence strategies against targeted attackDaniele Bellavista
 

More Related Content

What's hot

The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security ProgramSeccuris Inc.
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trendswardell henley
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection NetworkAndrew Wong
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionGianmarco Ferri
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...Andris Soroka
 

What's hot (20)

The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security Program
 
Information Security
Information SecurityInformation Security
Information Security
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Security
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trends
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtection
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Profession
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
 

Viewers also liked

Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security ServicesJad Bejjani
 
ICT Security: Defence strategies against targeted attack
ICT Security: Defence strategies against targeted attackICT Security: Defence strategies against targeted attack
ICT Security: Defence strategies against targeted attackDaniele Bellavista
 
IDC Cloud Security and Managed Services Conference Riyadh KSA
IDC Cloud Security and Managed Services Conference Riyadh KSAIDC Cloud Security and Managed Services Conference Riyadh KSA
IDC Cloud Security and Managed Services Conference Riyadh KSAJorge Sebastiao
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Global Business Events
 
Tapping into the Growth Goldmine: Why MSPs Should Join Peer Groups
Tapping into the Growth Goldmine: Why MSPs Should Join Peer GroupsTapping into the Growth Goldmine: Why MSPs Should Join Peer Groups
Tapping into the Growth Goldmine: Why MSPs Should Join Peer GroupseFolder
 
IBM Security Software Solutions
IBM Security Software Solutions IBM Security Software Solutions
IBM Security Software Solutions Thierry Matusiak
 
Key Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP OfferingKey Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP OfferingeFolder
 
A toolbox of modern management practices for a Digital World and the role EA ...
A toolbox of modern management practices for a Digital World and the role EA ...A toolbox of modern management practices for a Digital World and the role EA ...
A toolbox of modern management practices for a Digital World and the role EA ...The Open Group SA
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...Health IT Conference – iHT2
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolioPatrick Bouillaud
 
Powering IT Transformation For Any Business
Powering IT Transformation For Any BusinessPowering IT Transformation For Any Business
Powering IT Transformation For Any BusinessePlus
 
Data Consult Managed Security Services
Data Consult Managed Security ServicesData Consult Managed Security Services
Data Consult Managed Security ServicesJad Bejjani
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from SymantecArrow ECS UK
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
ePlus Managed Security Services
ePlus Managed Security ServicesePlus Managed Security Services
ePlus Managed Security ServicesePlus
 

Viewers also liked (20)

Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security Services
 
ICT Security: Defence strategies against targeted attack
ICT Security: Defence strategies against targeted attackICT Security: Defence strategies against targeted attack
ICT Security: Defence strategies against targeted attack
 
Managed Security Services Overview
Managed Security Services OverviewManaged Security Services Overview
Managed Security Services Overview
 
IDC Cloud Security and Managed Services Conference Riyadh KSA
IDC Cloud Security and Managed Services Conference Riyadh KSAIDC Cloud Security and Managed Services Conference Riyadh KSA
IDC Cloud Security and Managed Services Conference Riyadh KSA
 
AGC Networks’ Profile
AGC Networks’ ProfileAGC Networks’ Profile
AGC Networks’ Profile
 
IBM Security Strategy
IBM Security StrategyIBM Security Strategy
IBM Security Strategy
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
 
Tapping into the Growth Goldmine: Why MSPs Should Join Peer Groups
Tapping into the Growth Goldmine: Why MSPs Should Join Peer GroupsTapping into the Growth Goldmine: Why MSPs Should Join Peer Groups
Tapping into the Growth Goldmine: Why MSPs Should Join Peer Groups
 
IBM Security Software Solutions
IBM Security Software Solutions IBM Security Software Solutions
IBM Security Software Solutions
 
Key Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP OfferingKey Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP Offering
 
A toolbox of modern management practices for a Digital World and the role EA ...
A toolbox of modern management practices for a Digital World and the role EA ...A toolbox of modern management practices for a Digital World and the role EA ...
A toolbox of modern management practices for a Digital World and the role EA ...
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolio
 
Powering IT Transformation For Any Business
Powering IT Transformation For Any BusinessPowering IT Transformation For Any Business
Powering IT Transformation For Any Business
 
Data Consult Managed Security Services
Data Consult Managed Security ServicesData Consult Managed Security Services
Data Consult Managed Security Services
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from Symantec
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security Architecture
 
ePlus Managed Security Services
ePlus Managed Security ServicesePlus Managed Security Services
ePlus Managed Security Services
 
Cloud Reference Model
Cloud Reference ModelCloud Reference Model
Cloud Reference Model
 

Similar to Information Security Basics

Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Bonagiri Rajitha
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptxSharmaAnirudh2
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challengescyberprosocial
 
Information Security
Information SecurityInformation Security
Information Securitysteffiann88
 

Similar to Information Security Basics (20)

Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
ke-1.pptx
ke-1.pptxke-1.pptx
ke-1.pptx
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protection
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Information security
Information securityInformation security
Information security
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
 
Lecture 1-2.pdf
Lecture 1-2.pdfLecture 1-2.pdf
Lecture 1-2.pdf
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challenges
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
 
Main Menu
Main MenuMain Menu
Main Menu
 
Information Security
Information SecurityInformation Security
Information Security
 

Recently uploaded

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Information Security Basics

  • 1. Georgia NATO FROM STRATEGY TO ACTION Turkey, Ankara 2012 Vasil Tsvimitidze
  • 2. Introduction 2 Introduction to information security. What is information security, threat, risks, vulnerabilities, basic terms and definition? Building blocks of information security strategy, policies and standards. Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x). Actions, roles and responsibilities. What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals.
  • 3. First sections 3 Introduction to information security. What is Information? What is Information Security? What is RISK?
  • 4. Information 4 Information 'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’ Information can be  Created  Stolen  Stored  Printed or written on paper  Destroyed  Stored electronically  Processed Transmitted by post or using  Transmitted electronics means  Used – (For proper &  Shown on corporate videos improper purposes)  Corrupted  Displayed / published on web  Lost  Verbal – spoken in conversations ‘…Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected’
  • 5. Information Security 5 What Is Information Security  The quality or state of being secure to be free from danger  Security is achieved using several strategies  Security is achieved using several strategies simultaneously or used in combination with one another  Security is recognized as essential to protect vital processes and the systems that provide those processes  Security is not something you buy, it is something you do  The architecture where an integrated combination of appliances, systems and solutions, software, alarms, and vulnerability scans working together  Monitored 24x7  Having People, Processes, Technology, policies, procedures,  Security is for PPT and not only for appliances or devices
  • 6. Information Security vs IT Security 6 Information Security is preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non- repudiation and reliability can also be involved regardless of the form the information may take - electronic, printed, or other forms. IT Security is protection of the information technology assets such as computers and peripheral equipment, communications equipment, computing and communication premises, supplies and data storage media, operating system and application software.
  • 7. Information Security components 7 PEOPLE PROCESSES TECHNOLOGY
  • 8. People 8 People “Who we are”  People who use or interact with the Information include:  Share Holders / Owners  Management  Employees  Business Partners  Service providers  Contractors  Customers / Clients  Regulators etc…
  • 9. Process 9 Process “what we do” The processes refer to "work practices" or workflow. Processes are the repeatable steps to accomplish business objectives. Typical process in our IT Infrastructure could include:  Helpdesk / Service management  Incident Reporting and Management  Change Requests process  Request fulfillment  Access management  Identity management Sar  Service Level / Third-party Services Management oj  IT procurement process etc...
  • 10. 10 Technology “what we use to improve what we do”  Network Infrastructure:  Application software:  Cabling, Data/Voice Networks and equipment  Finance and assets systems, including  Telecommunications services (PABX), including Accounting packages, Inventory management, VoIP services , ISDN , Video Conferencing HR systems, Assessment and reporting systems  Server computers and associated storage  Software as a service (Sass) - instead of devices software as a packaged or custom-made product. Etc..  Operating software for server computers  Physical Security components:  Communications equipment and related hardware.  CCTV Cameras  Intranet and Internet connections  Clock in systems / Biometrics  VPNs and Virtual environments  Environmental management Systems: Humidity Control, Ventilation , Air Conditioning, Fire  Remote access services Control systems  Wireless connectivity  Electricity / Power backup  Access devices:  Desktop computers, Thin client computing.  Laptops, ultra-mobile laptops and PDAs  Digital cameras, Printers, Scanners, Photocopier etc.
  • 11. Information Security 11 INFORMATION SECURITY 1. Protects information from a range of threats 2. Ensures business continuity 3. Minimizes financial loss 4. Optimizes return on investments 5. Increases business opportunities Business survival depends on information security.
  • 12. Information Attributes 12 ISO 27002:2005 defines Information Security as the preservation of: Ensuring that information is accessible only to  Confidentiality those authorized to have access Safeguarding the accuracy and completeness of information and processing methods  Integrity Ensuring that authorized users have access to  vailability information and associated assets when required
  • 13. Information Attributes 13 Security breaches leads to…  Reputation loss  Financial loss  Intellectual property loss  Legislative Breaches leading to legal actions (Cyber Law)  Loss of customer confidence  Business interruption costs LOSS OF GOODWILL
  • 14. SURVEY 14  Information Security is “Organizational Problem”  rather than “IT Problem”  More than 70% of Threats are Internal  More than 60% culprits are First Time fraudsters  Biggest Risk : People  Biggest Asset : People  Social Engineering is major threat  More than 2/3rd express their inability to determine “Whether my systems are currently compromised?”
  • 15. Risk 15 What is Risk? Risk: A possibility that a threat exploits a vulnerability in an asset and causes damage or loss to the asset. Threat: Something that can potentially cause damage to the organization, IT Systems or network. Vulnerability: A weakness in the organization, IT Systems, or network that can be exploited by a threat.
  • 16. 16 Risk, Threats, and Vulnerabilities Relationship between Risk, Threats, and Vulnerabilities exploit Threats Vulnerabilities reduce Information Controls * Risk assets Protection Asset values Requirements
  • 17. Threat Identification 17 Threat Identification Elements of threats Agent : The catalyst that performs the threat. Human Machine Nature Motive : Something that causes the agent to act. Accidental Intentional Only motivating factor that can be both accidental and intentional is human Results : The outcome of the applied threat. The results normally lead to the loss of CIA Confidentiality Integrity Availability
  • 18. Threats 18  Employees  External Parties  Low awareness of security issues  Growth in networking and distributed computing  Growth in complexity and effectiveness of hacking tools and viruses  Natural Disasters  fire,  flood,  Earthquake etc.
  • 19. Threat Sources 19 Threat Sources Source Motivation Threat Challenge Ego Game System hacking Social engineering External Hackers Playing Dumpster diving Deadline Financial problems Backdoors Fraud Internal Hackers Disenchantment Poor documentation System attack Social engineering Revenge Letter bombs Viruses Denial of Terrorist Political service Corruption of data Unintentional errors Malicious code introduction Programming errors System bugs Poorly trained employees Data entry errors Unauthorized access
  • 20. Threat Categories and Examples 20 No Categories of Threat Example 1 Human Errors or failures Accidents, Employee mistakes 2 Compromise to Intellectual Property Piracy, Copyright infringements 3 Deliberate Acts or espionage or trespass Unauthorized Access and/or data collection 4 Deliberate Acts of Information extortion Blackmail of information exposure / disclosure 5 Deliberate Acts of sabotage / vandalism Destruction of systems / information 6 Deliberate Acts of theft Illegal confiscation of equipment or information 7 Deliberate software attacks Viruses, worms, macros Denial of service 8 Deviations in quality of service from service Power and WAN issues provider 9 Forces of nature Fire, flood, earthquake, lightening 10 Technical hardware failures or errors Equipment failures / errors 11 Technical software failures or errors Bugs, code problems, unknown loopholes 12 Technological Obsolence Antiquated or outdated technologies
  • 21. Information Attributes 21 High User Virus Knowledge of IT Theft, Attacks Systems Sabotage, Misuse Systems & Lapse in Natural Network Lack Of Calamitie Physical Failure Documen s & Fire Security tation
  • 22. 22 ?????? SO HOW DO WE OVERCOME THESE PROBLEMS ?
  • 23. Second section 23 Building blocks of information security strategy, policies and standards. Building blocks of information security strategy, policies and standards. Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x).
  • 24. PDCA 24 Answer is: (Plan, Do, Check, Act) Learning international best practices Identify metrics and criteria's Selecting basic standards Building capacity Management system implemetation core standard for information security is ISO 27001
  • 25. Standard History 25 History Early 1990 • DTI (UK) established a working group • Information Security Management Code of Practice produced as BSI-DISC publication 1995 • BS 7799 published as UK Standard 1999 • BS 7799 - 1:1999 second revision published 2000 • BS 7799 - 1 accepted by ISO as ISO - 17799 published • BS 7799-2:2002 published ISO 27001:2005 Information technology — Security techniques — Information security management systems — Requirements ISO 27002:2005 Information technology — Security techniques — Code of practice for information security management
  • 26. ISO 27001 Features 26 ISO 27001 ISO 27001: This International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This International Standard specifies the requirements for establishing; implementing, operating, monitoring, reviewing, maintaining and improving documented ISMS within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties Features  Features of ISO 27001  Plan, Do, Check, Act (PDCA) Process Model  Process Based Approach  Stress on Continual Process Improvements  Scope covers Information Security not only IT Security  Covers People, Process and Technology  5600 plus organizations worldwide have been certified  11 Domains, 39 Control objectives, 133 controls
  • 27. Second section 27 PDCA Process ISMS PROCESS Interested Interested Parties Parties Management Responsibility PLAN Establish ISMS DO ACT Implement & Maintain & Operate the Improve Information ISMS Security Managed Requirements CHECK Monitor & Information & Review ISMS Security Expectations
  • 29. Information Attributes 29  Information Security Policy - To provide management direction and support for Information security.  Organisation Of Information Security - Management framework for implementation  Asset Management - To ensure the security of valuable organisational IT and its related assets  Human Resources Security - To reduce the risks of human error, theft, fraud or misuse of facilities.  Physical & Environmental Security -To prevent unauthorised access, theft, compromise , damage, information and information processing facilities.  Communications & Operations Management - To ensure the correct and secure operation of information processing facilities.
  • 30. Information Attributes 30  Access Control - To control access to information and information processing facilities on ‘need to know’ and ‘need to do’ basis.  Information Systems Acquisition, Development & Maintenance - To ensure security built into information system  Information Security Incident Management - To ensure information security events and weaknesses associated with information systems are communicated.  Business Continuity Management - To reduce disruption caused by disasters and security failures to an acceptable level.  Compliance - To avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations and of any security requirements.
  • 32. 32 Information Security Governance On State Level Parliament Security council Low draft for Personal Data protection Law of State secret Crime code information Security Cyber security Strategy Regulation for Information Security Government Government agencies ministries and critical Data Exchange agency infrastructure Information security strategy Normative and templates Information Internal Info Information Security implementation plans Info Sec comity Security Officer Sec Audit reviewing and Analyzing •Risk management (standard, procedures, guidelines) Providing Trainings •Information asset management •Incident Management Info Sec incident Handling •End user standards and guidelines Audit reports reviewing and analyzing •Internal audit/ asurance •…. Providing recommendations depending on •…. existing global situation
  • 33. Roles And Resposibilties  Information security strategy(policy)  Information security committee  Information security officer  Information Security audit  Information security specialists