SlideShare a Scribd company logo

Information security - 360 Degree Approach

•
•
H
harsh arora

The Document describes structured approach to ensure security of Organization's Information Systems

Presentations & Public Speaking
1 of 16
Download to read offline
You must have read a famous quote “A security system with several layers is difficult to hack. So, even if your data is targeted, getting through the many tiers of security will be a hassle. The simplest of programs, such as free online email accounts, have multi- layered security, too. Even if accessing your accounts takes a few extra steps, it is still worth the effort, certainly better than losing your data. Using a firewall, making sure your antivirus software is updated, running antivirus checks frequently and updating your programs regularly are all part of maintaining your personal data security.” – Doug Theis, Innovative Integration, Inc. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
IT Security in an organization requires multilayered, top to bottom, structured approach covering all systems and employees of the organization. All interaction points with the external environment including vendors, customers, third party systems etc need to be secured. IT Security must be reviewed and upgraded on continuous basis. Following slides describe an integrated and structured methodology to secure Organization’s IT Landscape INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
Develop Risk Management Framework It involves - Categorization of Information Systems based on impact assessment - Select initial level of baseline Security Controls - Implement the Security Controls - Assess the security control implementation with respect to requirement - Authorize Information System Operation - Monitor the Security Controls INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
Multi-tiered Risk Management Three Tier approach to address risk at - Organizational Level - Mission/Business Process Level - Information System Level INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
Three Tiered Risk Management Approach INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
Security Categorization It is the process of determining the security category for information or an information system. Organizations first determine the criticality and sensitivity of the information to be processed, stored, or transmitted by the Information Systems. The generalized format for expressing the security category (SC) of an information system is: INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
DEFINE SECURITY CONTROL BASELINES Baseline controls are the starting point for the security control selection process and are chosen based on the security category and associated impact level of information systems. The information systems are categorized as low-Impact, moderate-impact and high-impact. Organizations can use the recommended priority code designation associated with each security control in the baselines to assist in making sequencing decisions for control implementation INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
CREATING OVERLAYS An overlay is a fully specified set of security controls, control enhancements, and supplemental guidance derived from the application of tailoring guidance. Overlays complement the initial security control baselines by: (i) providing the opportunity to add or eliminate controls; (ii) providing security control applicability and interpretations for specific information technologies, computing paradigms, environments of operation, types of information systems, types of missions/operations, operating modes, industry sectors, and statutory/regulatory requirements; (iii) establishing community-wide parameter values for assignment and/or selection statements in security controls and control enhancements; and (iv) extending the supplemental guidance for security controls, where necessary. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
Applying Security Controls Security Control is a safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements. Security controls cover entire spectrum of an Organization including Access Control, Training, Audit, Configuration Management, Contingency Planning, Authentication, Incident Response, Media Protection, Physical and Environmental Protection etc INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
SECURITY CONTROL DESIGNATIONS Security Controls are designated in three distinct types: 1 Common Controls – These are security controls whose implementation results in a security capability that is inheritable by one or more organizational information systems. 2 System Specific Controls – applicable for specific systems 3 Hybrid Controls - Organizations assign a hybrid status to security controls when one part of the control is common and another part of the control is system-specific. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
Assurance Level of Information System Assurance is the Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy. Organizations can use the Risk Management Framework (RMF), to ensure that the appropriate assurance levels are achieved for the information systems and system components deployed to carry out core missions and business functions. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
Trustworthiness of Information System Trustworthiness if the degree to which an information system (including the information technology components that are used to build the system) can be expected to preserve the confidentiality, integrity, and availability of the information being processed, stored, or transmitted by the system across the full range of threats. A trustworthy information system is a system that is believed to be capable of operating within defined levels of risk despite the environmental disruptions, human errors, structural failures, and purposeful attacks that are expected to occur in its environment of operation. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
Enhancing the Trustworthiness of Information System There are a number of design, architectural, and implementation principles that, if used, can result in more trustworthy systems. These core security principles include, For example, simplicity, modularity, layering, domain isolation, least privilege, least functionality, and resource isolation/encapsulation. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
Trustworthiness Model INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
Define Privacy Controls Governments have made laws and guidelines to ensure safety and confidentiality of private data The information systems must have capabilities & protections to safeguard privacy information of the stakeholders. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
About The Author Harsh Arora has more than 26 years of experience in Systems & Information Technology in Process & Manufacturing Industry He has done many certifications including Certified Information Security Professional, PMP, Six Sigma & SAP INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional

Recommended

Evolution of mobile radio communication
Evolution of mobile radio communicationEvolution of mobile radio communication
Evolution of mobile radio communicationjadhavmanoj01
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksNaveen Kumar
 
AI at the Edge
AI at the EdgeAI at the Edge
AI at the EdgeDATAVERSITY
 
Schiller2
Schiller2Schiller2
Schiller2Kesavaraj Selvaraju
 
M2M systems layers and designs standardizations
M2M systems layers and designs standardizationsM2M systems layers and designs standardizations
M2M systems layers and designs standardizationsFabMinds
 
Wireless Sensor Networks ppt
Wireless Sensor Networks pptWireless Sensor Networks ppt
Wireless Sensor Networks pptDevdutta Chakrabarti
 
Internet of Things: Protocols for M2M
Internet of Things: Protocols for M2MInternet of Things: Protocols for M2M
Internet of Things: Protocols for M2MCharles Gibbons
 
Cdma Security
Cdma SecurityCdma Security
Cdma Securityguestb2cc28
 

Recommended

Evolution of mobile radio communication
Evolution of mobile radio communicationEvolution of mobile radio communication
Evolution of mobile radio communicationjadhavmanoj01
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksNaveen Kumar
 
AI at the Edge
AI at the EdgeAI at the Edge
AI at the EdgeDATAVERSITY
 
Schiller2
Schiller2Schiller2
Schiller2Kesavaraj Selvaraju
 
M2M systems layers and designs standardizations
M2M systems layers and designs standardizationsM2M systems layers and designs standardizations
M2M systems layers and designs standardizationsFabMinds
 
Wireless Sensor Networks ppt
Wireless Sensor Networks pptWireless Sensor Networks ppt
Wireless Sensor Networks pptDevdutta Chakrabarti
 
Internet of Things: Protocols for M2M
Internet of Things: Protocols for M2MInternet of Things: Protocols for M2M
Internet of Things: Protocols for M2MCharles Gibbons
 
Cdma Security
Cdma SecurityCdma Security
Cdma Securityguestb2cc28
 
TDMA, FDMA, and CDMA
TDMA, FDMA, and CDMATDMA, FDMA, and CDMA
TDMA, FDMA, and CDMANajeeb Khan
 
Introduction to IoT Architecture
Introduction to IoT ArchitectureIntroduction to IoT Architecture
Introduction to IoT ArchitectureEmertxe Information Technologies Pvt Ltd
 
Topic:Terminal handling & polling
Topic:Terminal handling & pollingTopic:Terminal handling & polling
Topic:Terminal handling & pollingDr Rajiv Srivastava
 
Automatic chocolate vending machine using mucos rtos ppt
Automatic chocolate vending machine using mucos rtos pptAutomatic chocolate vending machine using mucos rtos ppt
Automatic chocolate vending machine using mucos rtos pptJOLLUSUDARSHANREDDY
 
Generations of Mobile Communications
Generations of Mobile CommunicationsGenerations of Mobile Communications
Generations of Mobile Communicationssivakumar m
 
Multiple Access in wireless communication
Multiple Access in wireless communicationMultiple Access in wireless communication
Multiple Access in wireless communicationMaulik Togadiya
 
Self Defending Network
Self Defending NetworkSelf Defending Network
Self Defending NetworkSwarna Gautam
 
Embedded system design: a modern approach to the electronic design.
Embedded system design: a modern approach to the electronic design.Embedded system design: a modern approach to the electronic design.
Embedded system design: a modern approach to the electronic design.Massimo Talia
 
M2M - Machine to Machine Technology
M2M - Machine to Machine TechnologyM2M - Machine to Machine Technology
M2M - Machine to Machine TechnologySamip jain
 
Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8RUpaliLohar
 
Internet of Things and Governance
Internet of Things and GovernanceInternet of Things and Governance
Internet of Things and GovernanceKate Carruthers
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsAbdullah Alfadhly
 
IoT and m2m
IoT and m2mIoT and m2m
IoT and m2mpavan penugonda
 
Cdma system
Cdma systemCdma system
Cdma systemtrimba
 
Dect
DectDect
Dectheatherb51386
 
SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION
SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION
SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION Soumen Santra
 
M2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesM2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesNavjyotsinh Jadeja
 
Cellular network presentation
Cellular network presentationCellular network presentation
Cellular network presentationAditya Pandey
 
Zigbee Presentation
Zigbee PresentationZigbee Presentation
Zigbee PresentationMaathu Michael
 
Business models for business processes on IoT
Business models for business processes on IoTBusiness models for business processes on IoT
Business models for business processes on IoTFabMinds
 
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxhamzaalkhairi802
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case studyashu6
 

More Related Content

What's hot

TDMA, FDMA, and CDMA
TDMA, FDMA, and CDMATDMA, FDMA, and CDMA
TDMA, FDMA, and CDMANajeeb Khan
 
Topic:Terminal handling & polling
Topic:Terminal handling & pollingTopic:Terminal handling & polling
Topic:Terminal handling & pollingDr Rajiv Srivastava
 
Automatic chocolate vending machine using mucos rtos ppt
Automatic chocolate vending machine using mucos rtos pptAutomatic chocolate vending machine using mucos rtos ppt
Automatic chocolate vending machine using mucos rtos pptJOLLUSUDARSHANREDDY
 
Generations of Mobile Communications
Generations of Mobile CommunicationsGenerations of Mobile Communications
Generations of Mobile Communicationssivakumar m
 
Multiple Access in wireless communication
Multiple Access in wireless communicationMultiple Access in wireless communication
Multiple Access in wireless communicationMaulik Togadiya
 
Self Defending Network
Self Defending NetworkSelf Defending Network
Self Defending NetworkSwarna Gautam
 
Embedded system design: a modern approach to the electronic design.
Embedded system design: a modern approach to the electronic design.Embedded system design: a modern approach to the electronic design.
Embedded system design: a modern approach to the electronic design.Massimo Talia
 
M2M - Machine to Machine Technology
M2M - Machine to Machine TechnologyM2M - Machine to Machine Technology
M2M - Machine to Machine TechnologySamip jain
 
Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8RUpaliLohar
 
Internet of Things and Governance
Internet of Things and GovernanceInternet of Things and Governance
Internet of Things and GovernanceKate Carruthers
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsAbdullah Alfadhly
 
Cdma system
Cdma systemCdma system
Cdma systemtrimba
 
SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION
SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION
SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION Soumen Santra
 
M2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesM2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesNavjyotsinh Jadeja
 
Cellular network presentation
Cellular network presentationCellular network presentation
Cellular network presentationAditya Pandey
 
Zigbee Presentation
Zigbee PresentationZigbee Presentation
Zigbee PresentationMaathu Michael
 
Business models for business processes on IoT
Business models for business processes on IoTBusiness models for business processes on IoT
Business models for business processes on IoTFabMinds
 

What's hot (20)

TDMA, FDMA, and CDMA
TDMA, FDMA, and CDMATDMA, FDMA, and CDMA
TDMA, FDMA, and CDMA
 
Introduction to IoT Architecture
Introduction to IoT ArchitectureIntroduction to IoT Architecture
Introduction to IoT Architecture
 
Topic:Terminal handling & polling
Topic:Terminal handling & pollingTopic:Terminal handling & polling
Topic:Terminal handling & polling
 
Automatic chocolate vending machine using mucos rtos ppt
Automatic chocolate vending machine using mucos rtos pptAutomatic chocolate vending machine using mucos rtos ppt
Automatic chocolate vending machine using mucos rtos ppt
 
Generations of Mobile Communications
Generations of Mobile CommunicationsGenerations of Mobile Communications
Generations of Mobile Communications
 
Multiple Access in wireless communication
Multiple Access in wireless communicationMultiple Access in wireless communication
Multiple Access in wireless communication
 
Self Defending Network
Self Defending NetworkSelf Defending Network
Self Defending Network
 
Embedded system design: a modern approach to the electronic design.
Embedded system design: a modern approach to the electronic design.Embedded system design: a modern approach to the electronic design.
Embedded system design: a modern approach to the electronic design.
 
M2M - Machine to Machine Technology
M2M - Machine to Machine TechnologyM2M - Machine to Machine Technology
M2M - Machine to Machine Technology
 
Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8
 
Internet of Things and Governance
Internet of Things and GovernanceInternet of Things and Governance
Internet of Things and Governance
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
 
IoT and m2m
IoT and m2mIoT and m2m
IoT and m2m
 
Cdma system
Cdma systemCdma system
Cdma system
 
Dect
DectDect
Dect
 
SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION
SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION
SPACE DIVISION MULTIPLE ACCESS (SDMA) SATELLITE COMMUNICATION
 
M2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesM2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and Similarities
 
Cellular network presentation
Cellular network presentationCellular network presentation
Cellular network presentation
 
Zigbee Presentation
Zigbee PresentationZigbee Presentation
Zigbee Presentation
 
Business models for business processes on IoT
Business models for business processes on IoTBusiness models for business processes on IoT
Business models for business processes on IoT
 

Similar to Information security - 360 Degree Approach

ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxhamzaalkhairi802
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case studyashu6
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Application Data Security | Seclore
Application Data Security | SecloreApplication Data Security | Seclore
Application Data Security | SecloreSeclore
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Md Shaifullar Rabbi
 
L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxStevenTharp2
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxKinetic Potential
 
Infromation Assurance
Infromation AssuranceInfromation Assurance
Infromation AssuranceAkshay Pal
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security NextLabs, Inc.
 

Similar to Information security - 360 Degree Approach (20)

ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case study
 
DR PANKAJ SIR (1).pptx
DR PANKAJ SIR (1).pptxDR PANKAJ SIR (1).pptx
DR PANKAJ SIR (1).pptx
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
Application Data Security | Seclore
Application Data Security | SecloreApplication Data Security | Seclore
Application Data Security | Seclore
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Information security
Information securityInformation security
Information security
 
Information security
Information securityInformation security
Information security
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Data security
Data securityData security
Data security
 
18 Tips of IRM - Making IRM Work for You
18 Tips of IRM - Making IRM Work for You18 Tips of IRM - Making IRM Work for You
18 Tips of IRM - Making IRM Work for You
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)
 
L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptx
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptx
 
Infromation Assurance
Infromation AssuranceInfromation Assurance
Infromation Assurance
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
 

Recently uploaded

OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)Basil Achie
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...NETWAYS
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 

Recently uploaded (20)

OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 

Information security - 360 Degree Approach

  • 1. You must have read a famous quote “A security system with several layers is difficult to hack. So, even if your data is targeted, getting through the many tiers of security will be a hassle. The simplest of programs, such as free online email accounts, have multi- layered security, too. Even if accessing your accounts takes a few extra steps, it is still worth the effort, certainly better than losing your data. Using a firewall, making sure your antivirus software is updated, running antivirus checks frequently and updating your programs regularly are all part of maintaining your personal data security.” – Doug Theis, Innovative Integration, Inc. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 2. IT Security in an organization requires multilayered, top to bottom, structured approach covering all systems and employees of the organization. All interaction points with the external environment including vendors, customers, third party systems etc need to be secured. IT Security must be reviewed and upgraded on continuous basis. Following slides describe an integrated and structured methodology to secure Organization’s IT Landscape INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 3. Develop Risk Management Framework It involves - Categorization of Information Systems based on impact assessment - Select initial level of baseline Security Controls - Implement the Security Controls - Assess the security control implementation with respect to requirement - Authorize Information System Operation - Monitor the Security Controls INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 4. Multi-tiered Risk Management Three Tier approach to address risk at - Organizational Level - Mission/Business Process Level - Information System Level INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 5. Three Tiered Risk Management Approach INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 6. Security Categorization It is the process of determining the security category for information or an information system. Organizations first determine the criticality and sensitivity of the information to be processed, stored, or transmitted by the Information Systems. The generalized format for expressing the security category (SC) of an information system is: INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 7. DEFINE SECURITY CONTROL BASELINES Baseline controls are the starting point for the security control selection process and are chosen based on the security category and associated impact level of information systems. The information systems are categorized as low-Impact, moderate-impact and high-impact. Organizations can use the recommended priority code designation associated with each security control in the baselines to assist in making sequencing decisions for control implementation INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 8. CREATING OVERLAYS An overlay is a fully specified set of security controls, control enhancements, and supplemental guidance derived from the application of tailoring guidance. Overlays complement the initial security control baselines by: (i) providing the opportunity to add or eliminate controls; (ii) providing security control applicability and interpretations for specific information technologies, computing paradigms, environments of operation, types of information systems, types of missions/operations, operating modes, industry sectors, and statutory/regulatory requirements; (iii) establishing community-wide parameter values for assignment and/or selection statements in security controls and control enhancements; and (iv) extending the supplemental guidance for security controls, where necessary. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 9. Applying Security Controls Security Control is a safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements. Security controls cover entire spectrum of an Organization including Access Control, Training, Audit, Configuration Management, Contingency Planning, Authentication, Incident Response, Media Protection, Physical and Environmental Protection etc INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 10. SECURITY CONTROL DESIGNATIONS Security Controls are designated in three distinct types: 1 Common Controls – These are security controls whose implementation results in a security capability that is inheritable by one or more organizational information systems. 2 System Specific Controls – applicable for specific systems 3 Hybrid Controls - Organizations assign a hybrid status to security controls when one part of the control is common and another part of the control is system-specific. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 11. Assurance Level of Information System Assurance is the Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy. Organizations can use the Risk Management Framework (RMF), to ensure that the appropriate assurance levels are achieved for the information systems and system components deployed to carry out core missions and business functions. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 12. Trustworthiness of Information System Trustworthiness if the degree to which an information system (including the information technology components that are used to build the system) can be expected to preserve the confidentiality, integrity, and availability of the information being processed, stored, or transmitted by the system across the full range of threats. A trustworthy information system is a system that is believed to be capable of operating within defined levels of risk despite the environmental disruptions, human errors, structural failures, and purposeful attacks that are expected to occur in its environment of operation. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 13. Enhancing the Trustworthiness of Information System There are a number of design, architectural, and implementation principles that, if used, can result in more trustworthy systems. These core security principles include, For example, simplicity, modularity, layering, domain isolation, least privilege, least functionality, and resource isolation/encapsulation. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 14. Trustworthiness Model INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 15. Define Privacy Controls Governments have made laws and guidelines to ensure safety and confidentiality of private data The information systems must have capabilities & protections to safeguard privacy information of the stakeholders. INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional
  • 16. About The Author Harsh Arora has more than 26 years of experience in Systems & Information Technology in Process & Manufacturing Industry He has done many certifications including Certified Information Security Professional, PMP, Six Sigma & SAP INFORMATION SECURITY – 360°APPROACH Harsh Arora Certified Information Security Professional