SlideShare a Scribd company logo

2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt

S
SharudinBoriak1

Information Security protects information from a wide range of threats in order to ensure business continuity, minimise business damage and maximise return on investment and business opportunities

Internet
1 of 30
Download to read offline
Isg.techmahindra.com Information Security – Concepts, Policy, Organisation Narmadha R, Director, O/o. DGCA, Chennai 1
Isg.techmahindra.com What is Information Security? Confidential 2 “Information Security protects information from a wide range of threats in order to ensure business continuity, minimise business damage and maximise return on investment and business opportunities.”
Isg.techmahindra.com Information types Confidential 3 Information can be: • created • stored • destroyed • Used • Transmitted Information format • Paper • Databases • Disk(ette)s • CD-ROMs • Tapes • (Design) drawings • Films • Conversations Character of information • Financial • Strategic • Operational • Personal • Remember!!!! Information System includes non- electronic information also.
Isg.techmahindra.com Basic components Ensuring that information is accessible only to those authorised to have access. Confidential 4 Confidentiality Integrity Safeguarding the accuracy and completeness of information and processing methods. Availability Ensuring that authorised users have access to information and associated assets when required.
Isg.techmahindra.com Confidential 5 In some organisations, integrity and / or availability may be more important than confidentiality. Confidentiality Integrity Availability
Isg.techmahindra.com Managing information boundaries • Intranet connections to other business units, • Extranets to business partners, • Remote connections to staff working off-site, • Virtual Private Networks (VPN’s), • Customer networks, • Supplier chains, • Service Level Agreements, contracts, outsourcing arrangements, • Third Party access. Confidential 6
Isg.techmahindra.com Confidential 7 Internal Mgmt. customers Employees Stakeholders Litigation Internal Audit The Public Integrity Confidentiality Availability Risk Context for Info Security Management
Isg.techmahindra.com What is ISO 27001? Confidential 8 • It’s a International Standard for Information Security Management • It consists of various Specification for information Security Management • Code of Practice for Information Security Management • Basis for contractual relationship • Basis for third party certification • Can be Certified by Certification Bodies • Applicable to all industry Sectors • Emphasis on prevention
Isg.techmahindra.com Confidential 9 Plan Do Check Act Cycle (PDCA) Interested parties Interested parties Establish the ISMS Plan Implement and operate the ISMS Do Maintain and improve the ISMS Act Monitor and review the ISMS Check Information security requirements and expectations Managed information security
Isg.techmahindra.com Confidential 10 Important Areas of Concern ISO27001 1. Security policy 2. Organization of information security 3. Asset management 4. Human resources security 5. Physical and environmental security 6. Communications and operations management 7. Access control 8. Information systems acquisition, development and maintenance 9. Information security incident management 10. Business continuity management 11. Compliance
Isg.techmahindra.com ISO27001 Framework: Components Confidential 11 Security Policy Security Organisation Business Continuity Management Asset Classification & Control Compliance Personnel Security/ HR Security System Development Access Control Communications & Operations Physical and Environmental Information Security Management System Incident Management
Isg.techmahindra.com • Objective: • Information security policy. • Covers: • Information security policy document • Review of Informational Security Policy Confidential 12 1. Security Policy
Isg.techmahindra.com Confidential 13 Examples of various IS Security policies
Isg.techmahindra.com • Objective: • Internal Organization • External Parties • Covers: • Allocation of information security responsibilities • Authorization process for information processing facilities • Management commitment to information security • Information security coordination • Confidentiality agreements • Contact with authorities • Independent review of information security • Identification of risks related to external parties • Addressing security when dealing with customers • Addressing Security in third party agreements Confidential 14 2. Organization of information security
Isg.techmahindra.com Confidential 15 2. Organization of information security - Example Information Security Group Management Security Forum Chief Information Security Officer Location Security Managers • Security Incident handling • MIS and dash boards • Security Coordination Specialised staff: • Risk Assessment • BCP/DRP • Application Security • Security audits and reviews • Security Training & Awareness eSecurity Group • Specialised services (e.g. Penetration testing) QMG • Audits and reviews • Integration security processes in BMS TIM • IT Operations • Network Security • Monitoring Chaired by CEO / COO
Isg.techmahindra.com • Objective: • Responsibility for assets • Information classification • Covers: • Inventory of assets • Ownership of assets • Acceptable use of assets • Classification guidelines • Information labelling and handling Confidential 16 3. Asset Management
Isg.techmahindra.com Information Asset - Classification Confidential 17 •Inventory of Information Assets are categorized & classified as based on: •Valuation of Information Assets – Scale •Very High, High ,Medium ,Low , Negligible •Other Attributes of Inventory •Asset Group, Asset Classification, Value, Storage Area, Storage location •Asset Owner, Asset Retention, Remarks
Isg.techmahindra.com • Objective: • Prior to employment • During employment • Termination or change of employment • Covers: • Roles and responsibilities • Screening • Terms and conditions of employment • Management responsibilities • Information security awareness, education and training • Disciplinary process • Termination responsibilities • Return of assets • Removal of access rights Confidential 18 4. Human Resource Security
Isg.techmahindra.com • Objective: • Secure Areas • Equipment Security • Covers: • Physical Security Perimeter • Physical entry Controls • Securing Offices, rooms and facilities • Protecting against external and environmental threats • Working in Secure Areas • Public access delivery and loading areas • Cabling Security • Equipment Maintenance • Securing of equipment off-premises • Secure disposal or re-use of equipment • Removal of property Confidential 19 5. Physical and Environmental Security
Isg.techmahindra.com • Objective: • Operational Procedures and responsibilities • Third party service delivery management • System planning and acceptance • Protection against malicious and mobile code • Backup • Network Security Management • Media handling • Exchange of Information • Electronic Commerce Services • Monitoring • Covers: • Documented Operating procedures • Change management • Segregation of duties Confidential 20 6. Communications & Operations Management
Isg.techmahindra.com • Separation of development, test and operational facilities • Service delivery • Monitoring and review of third party services • Managing changes to third party services • Capacity Management • Controls against malicious code • Information backup • Network Controls • Security of network services • Management of removable media • Disposal of Media • Information handling procedures • Security of system documentation • Information exchange policies and procedures • Exchange agreements Confidential 21 6. Communications & Operations Management (contd..)
Isg.techmahindra.com 6. Communications & Operations Management (contd..) • Electronic Messaging • Business information systems • On-Line Transactions • Publicly available information • Audit logging • Monitoring system use • Protection of log information • Administrator and operator logs • Fault logging • Clock synchronisation Confidential 22
Isg.techmahindra.com • Objective: • Business Requirement for Access Control • User Access Management • User Responsibilities • Network Access Control • Operating system access control • Application and Information Access Control • Mobile Computing and teleworking • Covers: • Access Control Policy • User Registration • Privilege Management • User Password Management • Review of user access rights • Password use Confidential 23 7. Access Controls
Isg.techmahindra.com 7. Access Controls (contd..) • Unattended user equipment • Clear desk and clear screen policy • Policy on use of network services • User authentication for external connections • Equipment identification in networks • Remote diagnostic and configuration port protection • Segregation in networks • Network connection control • Network routing control • Secure log-on procedures • User identification and authentication • Password management system • Use of system utilities • Session time-out • Limitation of connection time • Information access restriction • Sensitive system isolation • Mobile computing and communications • Teleworking Confidential 24
Isg.techmahindra.com • Objective: • Security requirements of information systems • Correct processing in applications • Cryptographic controls • Security of system files • Security in development and support processes • Technical Vulnerability Management • Covers: • Security requirements analysis and specification • Input data validation • Control of internal processing • Message integrity • Output data validation • Policy on use of cryptographic controls • Key management • Control of operational software • Protection of system test data Confidential 25 8. Information systems acquisition, development and maintenance
Isg.techmahindra.com 8. Information systems acquisition, development and maintenance (contd) • Access Control to program source code • Change control procedures • Technical review of applications after operating system changes • Restriction on changes to software packages • Information leakage • Outsourced software development • Control of technical vulnerabilities Confidential 26
Isg.techmahindra.com • Objective: • Reporting information security events and weaknesses • Management of information security incidents and improvements • Covers: • Reporting information security events • Reporting security weaknesses • Responsibilities and procedures • Learning from information security incidents • Collection of evidence Confidential 27 9. Information Security Incident Management
Isg.techmahindra.com • Objective: • Information security aspects of business continuity management • Covers: • Including information security in the business continuity management process • Business continuity and risk assessment • Developing and implementing continuity plans including information security • Business continuity planning framework • Testing, maintaining and re-assessing business continuity plans Confidential 28 10. Business Continuity Management
Isg.techmahindra.com 11. Compliance • Objective • Compliance with legal requirements • Compliance with security policies and standards, and technical compliance • Information Systems audit considerations • Covers: • Identification of applicable legislation • Intellectual property rights (IPR) • Protection of organizational records • Data protection and privacy of personal information • Prevention of misuse of information processing facilities • Regulation of cryptographic controls • Compliance with security policies and standards • Technical compliance checking • Information systems audit controls • Protection of information system audit tools Confidential 29
Isg.techmahindra.com Thank You 30 Your Questions please? Thank You…

Recommended

ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsAbbie Hosta
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Ch5-20_CISA.ppt About CISA Certification
Ch5-20_CISA.ppt About CISA CertificationCh5-20_CISA.ppt About CISA Certification
Ch5-20_CISA.ppt About CISA CertificationRahulBhole12
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security TwistSecurity Innovation
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfssuserf98dd4
 

Recommended

ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsAbbie Hosta
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Ch5-20_CISA.ppt About CISA Certification
Ch5-20_CISA.ppt About CISA CertificationCh5-20_CISA.ppt About CISA Certification
Ch5-20_CISA.ppt About CISA CertificationRahulBhole12
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security TwistSecurity Innovation
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfssuserf98dd4
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesSam Bowne
 
CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)Sam Bowne
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
What are the important objectives of Cybersecurity.pdf
What are the important objectives of Cybersecurity.pdfWhat are the important objectives of Cybersecurity.pdf
What are the important objectives of Cybersecurity.pdfBytecode Security
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)Sam Bowne
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Security and ethical challenges
Security and ethical challengesSecurity and ethical challenges
Security and ethical challengesProf. Dr. K. Adisesha
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)Sam Bowne
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectSoftware Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectATMOSPHERE .
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsPrecisely
 
Information security
Information securityInformation security
Information securityPraveen Minz
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 

More Related Content

Similar to 2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt

CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesSam Bowne
 
CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)Sam Bowne
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
What are the important objectives of Cybersecurity.pdf
What are the important objectives of Cybersecurity.pdfWhat are the important objectives of Cybersecurity.pdf
What are the important objectives of Cybersecurity.pdfBytecode Security
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)Sam Bowne
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)Sam Bowne
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectSoftware Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectATMOSPHERE .
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsPrecisely
 
Information security
Information securityInformation security
Information securityPraveen Minz
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 

Similar to 2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt (20)

CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
 
CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)
 
Information Security
Information Security Information Security
Information Security
 
What are the important objectives of Cybersecurity.pdf
What are the important objectives of Cybersecurity.pdfWhat are the important objectives of Cybersecurity.pdf
What are the important objectives of Cybersecurity.pdf
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Security and ethical challenges
Security and ethical challengesSecurity and ethical challenges
Security and ethical challenges
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectSoftware Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE project
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
 
Information security
Information securityInformation security
Information security
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 

Recently uploaded

'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...SUHANI PANDEY
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.soniya singh
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 

Recently uploaded (20)

VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 

2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt

  • 1. Isg.techmahindra.com Information Security – Concepts, Policy, Organisation Narmadha R, Director, O/o. DGCA, Chennai 1
  • 2. Isg.techmahindra.com What is Information Security? Confidential 2 “Information Security protects information from a wide range of threats in order to ensure business continuity, minimise business damage and maximise return on investment and business opportunities.”
  • 3. Isg.techmahindra.com Information types Confidential 3 Information can be: • created • stored • destroyed • Used • Transmitted Information format • Paper • Databases • Disk(ette)s • CD-ROMs • Tapes • (Design) drawings • Films • Conversations Character of information • Financial • Strategic • Operational • Personal • Remember!!!! Information System includes non- electronic information also.
  • 4. Isg.techmahindra.com Basic components Ensuring that information is accessible only to those authorised to have access. Confidential 4 Confidentiality Integrity Safeguarding the accuracy and completeness of information and processing methods. Availability Ensuring that authorised users have access to information and associated assets when required.
  • 5. Isg.techmahindra.com Confidential 5 In some organisations, integrity and / or availability may be more important than confidentiality. Confidentiality Integrity Availability
  • 6. Isg.techmahindra.com Managing information boundaries • Intranet connections to other business units, • Extranets to business partners, • Remote connections to staff working off-site, • Virtual Private Networks (VPN’s), • Customer networks, • Supplier chains, • Service Level Agreements, contracts, outsourcing arrangements, • Third Party access. Confidential 6
  • 8. Isg.techmahindra.com What is ISO 27001? Confidential 8 • It’s a International Standard for Information Security Management • It consists of various Specification for information Security Management • Code of Practice for Information Security Management • Basis for contractual relationship • Basis for third party certification • Can be Certified by Certification Bodies • Applicable to all industry Sectors • Emphasis on prevention
  • 9. Isg.techmahindra.com Confidential 9 Plan Do Check Act Cycle (PDCA) Interested parties Interested parties Establish the ISMS Plan Implement and operate the ISMS Do Maintain and improve the ISMS Act Monitor and review the ISMS Check Information security requirements and expectations Managed information security
  • 10. Isg.techmahindra.com Confidential 10 Important Areas of Concern ISO27001 1. Security policy 2. Organization of information security 3. Asset management 4. Human resources security 5. Physical and environmental security 6. Communications and operations management 7. Access control 8. Information systems acquisition, development and maintenance 9. Information security incident management 10. Business continuity management 11. Compliance
  • 11. Isg.techmahindra.com ISO27001 Framework: Components Confidential 11 Security Policy Security Organisation Business Continuity Management Asset Classification & Control Compliance Personnel Security/ HR Security System Development Access Control Communications & Operations Physical and Environmental Information Security Management System Incident Management
  • 12. Isg.techmahindra.com • Objective: • Information security policy. • Covers: • Information security policy document • Review of Informational Security Policy Confidential 12 1. Security Policy
  • 13. Isg.techmahindra.com Confidential 13 Examples of various IS Security policies
  • 14. Isg.techmahindra.com • Objective: • Internal Organization • External Parties • Covers: • Allocation of information security responsibilities • Authorization process for information processing facilities • Management commitment to information security • Information security coordination • Confidentiality agreements • Contact with authorities • Independent review of information security • Identification of risks related to external parties • Addressing security when dealing with customers • Addressing Security in third party agreements Confidential 14 2. Organization of information security
  • 15. Isg.techmahindra.com Confidential 15 2. Organization of information security - Example Information Security Group Management Security Forum Chief Information Security Officer Location Security Managers • Security Incident handling • MIS and dash boards • Security Coordination Specialised staff: • Risk Assessment • BCP/DRP • Application Security • Security audits and reviews • Security Training & Awareness eSecurity Group • Specialised services (e.g. Penetration testing) QMG • Audits and reviews • Integration security processes in BMS TIM • IT Operations • Network Security • Monitoring Chaired by CEO / COO
  • 16. Isg.techmahindra.com • Objective: • Responsibility for assets • Information classification • Covers: • Inventory of assets • Ownership of assets • Acceptable use of assets • Classification guidelines • Information labelling and handling Confidential 16 3. Asset Management
  • 17. Isg.techmahindra.com Information Asset - Classification Confidential 17 •Inventory of Information Assets are categorized & classified as based on: •Valuation of Information Assets – Scale •Very High, High ,Medium ,Low , Negligible •Other Attributes of Inventory •Asset Group, Asset Classification, Value, Storage Area, Storage location •Asset Owner, Asset Retention, Remarks
  • 18. Isg.techmahindra.com • Objective: • Prior to employment • During employment • Termination or change of employment • Covers: • Roles and responsibilities • Screening • Terms and conditions of employment • Management responsibilities • Information security awareness, education and training • Disciplinary process • Termination responsibilities • Return of assets • Removal of access rights Confidential 18 4. Human Resource Security
  • 19. Isg.techmahindra.com • Objective: • Secure Areas • Equipment Security • Covers: • Physical Security Perimeter • Physical entry Controls • Securing Offices, rooms and facilities • Protecting against external and environmental threats • Working in Secure Areas • Public access delivery and loading areas • Cabling Security • Equipment Maintenance • Securing of equipment off-premises • Secure disposal or re-use of equipment • Removal of property Confidential 19 5. Physical and Environmental Security
  • 20. Isg.techmahindra.com • Objective: • Operational Procedures and responsibilities • Third party service delivery management • System planning and acceptance • Protection against malicious and mobile code • Backup • Network Security Management • Media handling • Exchange of Information • Electronic Commerce Services • Monitoring • Covers: • Documented Operating procedures • Change management • Segregation of duties Confidential 20 6. Communications & Operations Management
  • 21. Isg.techmahindra.com • Separation of development, test and operational facilities • Service delivery • Monitoring and review of third party services • Managing changes to third party services • Capacity Management • Controls against malicious code • Information backup • Network Controls • Security of network services • Management of removable media • Disposal of Media • Information handling procedures • Security of system documentation • Information exchange policies and procedures • Exchange agreements Confidential 21 6. Communications & Operations Management (contd..)
  • 22. Isg.techmahindra.com 6. Communications & Operations Management (contd..) • Electronic Messaging • Business information systems • On-Line Transactions • Publicly available information • Audit logging • Monitoring system use • Protection of log information • Administrator and operator logs • Fault logging • Clock synchronisation Confidential 22
  • 23. Isg.techmahindra.com • Objective: • Business Requirement for Access Control • User Access Management • User Responsibilities • Network Access Control • Operating system access control • Application and Information Access Control • Mobile Computing and teleworking • Covers: • Access Control Policy • User Registration • Privilege Management • User Password Management • Review of user access rights • Password use Confidential 23 7. Access Controls
  • 24. Isg.techmahindra.com 7. Access Controls (contd..) • Unattended user equipment • Clear desk and clear screen policy • Policy on use of network services • User authentication for external connections • Equipment identification in networks • Remote diagnostic and configuration port protection • Segregation in networks • Network connection control • Network routing control • Secure log-on procedures • User identification and authentication • Password management system • Use of system utilities • Session time-out • Limitation of connection time • Information access restriction • Sensitive system isolation • Mobile computing and communications • Teleworking Confidential 24
  • 25. Isg.techmahindra.com • Objective: • Security requirements of information systems • Correct processing in applications • Cryptographic controls • Security of system files • Security in development and support processes • Technical Vulnerability Management • Covers: • Security requirements analysis and specification • Input data validation • Control of internal processing • Message integrity • Output data validation • Policy on use of cryptographic controls • Key management • Control of operational software • Protection of system test data Confidential 25 8. Information systems acquisition, development and maintenance
  • 26. Isg.techmahindra.com 8. Information systems acquisition, development and maintenance (contd) • Access Control to program source code • Change control procedures • Technical review of applications after operating system changes • Restriction on changes to software packages • Information leakage • Outsourced software development • Control of technical vulnerabilities Confidential 26
  • 27. Isg.techmahindra.com • Objective: • Reporting information security events and weaknesses • Management of information security incidents and improvements • Covers: • Reporting information security events • Reporting security weaknesses • Responsibilities and procedures • Learning from information security incidents • Collection of evidence Confidential 27 9. Information Security Incident Management
  • 28. Isg.techmahindra.com • Objective: • Information security aspects of business continuity management • Covers: • Including information security in the business continuity management process • Business continuity and risk assessment • Developing and implementing continuity plans including information security • Business continuity planning framework • Testing, maintaining and re-assessing business continuity plans Confidential 28 10. Business Continuity Management
  • 29. Isg.techmahindra.com 11. Compliance • Objective • Compliance with legal requirements • Compliance with security policies and standards, and technical compliance • Information Systems audit considerations • Covers: • Identification of applicable legislation • Intellectual property rights (IPR) • Protection of organizational records • Data protection and privacy of personal information • Prevention of misuse of information processing facilities • Regulation of cryptographic controls • Compliance with security policies and standards • Technical compliance checking • Information systems audit controls • Protection of information system audit tools Confidential 29