Building an Enterprise IT Security Management System Belsis A. Meletis Information Security Consultant MPhil  / MSc / BSc ...
Information Enterprises <ul><li>Enterprises base their correct operation almost solely on Information. To maximise the eff...
Information Security for enterprises <ul><li>Security threats targeting these infrastructures can be internal or external....
Security Architectures <ul><li>To provide adequate security for the modern enterprise, security architectures need to be d...
Managing Security Architectures <ul><li>T here are a number of  security products  that  allow   experts to provide centra...
Our Proposal  <ul><li>We propose the use of a new enterprise model. The  Enterprise IT Security Data Model. </li></ul><ul>...
Proposed Model <ul><li>The main entities of the model are : </li></ul><ul><li>Departmental Structure   </li></ul><ul><li>E...
Recording Incident History <ul><li>The  incident history model  has been decomposed and tested. </li></ul><ul><li>The inci...
Deploying the ESM system. <ul><li>The implementation follow s  the logical and physical distribution that an enterprise fo...
Deploying the ESM system <ul><li>Using CORBA security specialist can access and manage the system, throughout a web based ...
Conclusions <ul><li>This research aims in the development of a new ESM product.  </li></ul><ul><li>The new product will di...
Thank You
Upcoming SlideShare
Loading in …5
×

Security Incidents

1,273 views

Published on

A Model to assist in the management of Enterprise Security Incidents

Published in: Economy & Finance, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,273
On SlideShare
0
From Embeds
0
Number of Embeds
30
Actions
Shares
0
Downloads
100
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Welcome note……..
  • Security Incidents

    1. 1. Building an Enterprise IT Security Management System Belsis A. Meletis Information Security Consultant MPhil / MSc / BSc CWNA/CWSP, C|EH, CCSA, Network+, ISO27001LA
    2. 2. Information Enterprises <ul><li>Enterprises base their correct operation almost solely on Information. To maximise the efficient handling of information, they use complex IS/IT infrastructures. </li></ul><ul><li>These infrastructures can be localised or be intergalactic, allowing users to access them locally or remotely. </li></ul><ul><li>New technologies like mobile devices and PDAs enhance the complexity of these even further. </li></ul>
    3. 3. Information Security for enterprises <ul><li>Security threats targeting these infrastructures can be internal or external. </li></ul><ul><li>Adversaries use a number of techniques to attack corporate information for fun and profit </li></ul><ul><li>Examples of such include computer viruses, Denial of Services attacks, buffer overflows and social engineering </li></ul>
    4. 4. Security Architectures <ul><li>To provide adequate security for the modern enterprise, security architectures need to be deployed. </li></ul><ul><li>These include security technologies, tools and policies that interoperate to provide “total” security. </li></ul><ul><li>These must work transparently from the rest of the system and be able to follow the enterprise's culture and future changes. </li></ul>
    5. 5. Managing Security Architectures <ul><li>T here are a number of security products that allow experts to provide central management over large security architectures. </li></ul><ul><li>Unfortunately the models behind these products fail to interoperate with the existent enterprise models. </li></ul><ul><li>Most of these products handle only specific parts of the enterprise security architecture. An example of this is the enterprise security history which is a vital part of any modern security infrastructure but most current products do not incorporate it in their models. </li></ul>
    6. 6. Our Proposal <ul><li>We propose the use of a new enterprise model. The Enterprise IT Security Data Model. </li></ul><ul><li>The new model will be used as the base for the development of an ESM software package. </li></ul><ul><li>The new model differs from existing ones in that it includes the description of the totality of an enterprise security architecture, including the enterprise’s security history. </li></ul><ul><li>The proposed model includes clear links to the rest enterprise modelling frameworks, to allow interoperability with the rest enterprise business products. To succeeded in this the new development follows the Zachman framework. </li></ul>
    7. 7. Proposed Model <ul><li>The main entities of the model are : </li></ul><ul><li>Departmental Structure </li></ul><ul><li>Employee Infrastructure </li></ul><ul><li>Information Infrastructure </li></ul><ul><li>IT infrastructure </li></ul><ul><li>physical security </li></ul><ul><li>IT Security </li></ul><ul><li>Risks </li></ul><ul><li>Security Policy </li></ul><ul><li>Security History </li></ul>
    8. 8. Recording Incident History <ul><li>The incident history model has been decomposed and tested. </li></ul><ul><li>The incident history was selected due to the fact the current ESM products neglect this important part of security. </li></ul><ul><li>An earlier version of the incident model was presented at the IFIP/Secc 2002 in Cairo. </li></ul>
    9. 9. Deploying the ESM system. <ul><li>The implementation follow s the logical and physical distribution that an enterprise follows. </li></ul><ul><li>CORBA has been extensively proposed for accessing distributed data models. </li></ul><ul><li>CORBA will bring to the system the required transparency, efficiency and security </li></ul><ul><li>The system incorporates an NLIDB server. The server will allow for the easy execution of smart queries </li></ul>
    10. 10. Deploying the ESM system <ul><li>Using CORBA security specialist can access and manage the system, throughout a web based interface or using specific clients that are integrated into the management console. </li></ul><ul><li>The CORBA’s Security Service can provide adequate security for the purpose of this system. </li></ul><ul><li>CORBA’s architecture allows security expert to change specific security processes without affecting the rest of the system. </li></ul><ul><li>The inclusion of an NLIDB server allows experts to execute smart queries on the security architecture using plain English language. </li></ul>
    11. 11. Conclusions <ul><li>This research aims in the development of a new ESM product. </li></ul><ul><li>The new product will differ substantially from the existent ones in that it manages the totality of the security architecture and by providing clear links with the rest of the enterprises models. </li></ul><ul><li>Until not the base for the development of this product has been developed. Some work has also been done in the way the product will be deployed. </li></ul>
    12. 12. Thank You

    ×