Multimedia content security in file based environments - sami guirguis


Published on

Security program risk management in a tapless workflow.

The security challenges of File-Based environments.

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Multimedia content security in file based environments - sami guirguis

  1. 1. Multimedia Content Security in File-Based Environments<br />Sami Guirguis<br />Multimedia Content Technologist – TFO<br /><br />1<br />
  2. 2. Agenda<br />2<br /><ul><li>Multimedia Content in file-based workflow.
  3. 3. Security program and Risk management.
  4. 4. Approaching security in file based environment.
  5. 5. Security Controls.</li></li></ul><li>Asset flow <br />3<br />Archiving System<br />
  6. 6. Assets locations<br />4<br />
  7. 7. Multimedia File lifecycle<br />5<br />Are all the versions of the file deleted ? <br />Can any of the file versions be recovered?<br />Do all the subjects who access the file have the proper permissions?<br />Was a backup copy created automatically for redundancy?<br />Is the communication path secure?<br />Is the file integrity guaranteed through this process?<br />
  8. 8. File-based environment & Security<br />6<br /><ul><li>Which files are considered assets ?
  9. 9. Can a monetary value be assigned per asset?
  10. 10. Who can access each asset group?
  11. 11. What access controls are currently in place ?
  12. 12. Is there a trace/ logs ?
  13. 13. Is there a way to recover a lost asset ?</li></li></ul><li>Security Program Identifies<br />7<br /><ul><li>The risks and the countermeasures.
  14. 14. A comprehensive list of all possible threats.
  15. 15. The probability of the occurrence of each threat.
  16. 16. Loss potential per threat in a 12 month span.
  17. 17. Recommended safeguards and measures.
  18. 18. Compliance with federal privacy laws.</li></ul>CISSP ALL-IN-ONE by Shon Harris<br />
  19. 19. Information Security – Core Principles<br />8<br />Confidentiality<br />
  20. 20. Risk management<br />9<br /><ul><li>Investigating the risks.
  21. 21. Assigning a value to the asset.
  22. 22. Determining if the countermeasures are worth the financial and operational price.
  23. 23. Reducing the risk to an acceptable level.</li></li></ul><li>Security lifecycle<br />10<br />Risk assessment and determining needs<br />Monitor and evaluate risk<br />Promote awareness<br />Implement policies and control<br />Information Security and Risk Management <br />By Ann-Marie Westgate <br />
  24. 24. Risk assessment goals<br />11<br /><ul><li>Identify the assets and their values (Information Classification).
  25. 25. Identify vulnerabilities and threats.
  26. 26. Quantify the probability and impact of the threats.
  27. 27. Provide an economic balance between the impact of these threats and the cost of the countermeasures.</li></ul>CISSP ALL-IN-ONE by Shon Harris<br />
  28. 28. Risk analysis outcome<br />12<br />Low Impact <br />High Probability<br />High Impact <br />High Probability<br />High Impact <br />Low probability<br />Low Impact <br />Low Probability<br />
  29. 29. Identifying access<br />13<br />
  30. 30. Risk Identification<br />14<br />
  31. 31. How to assess the probability ?<br />15<br />Information Security and Risk Management <br />By Ann-Marie Westgate <br />
  32. 32. After Identifying the Risks ?<br />16<br />Avoiding the RiskFor example closing all access between the broadcast network and the Internet.<br />Transferring the RiskOutsourcing security solutions, monitoring, audits, insurance.<br />Mitigating the RiskApplying security controls.<br />Accepting the Riskif it is more cost effective choice.<br />
  33. 33. Security Controls<br />17<br /><ul><li> Technical Controls(Access Lists, Firewalls, Encryption, Signatures….)
  34. 34. Administrative Controls(Policies, Procedures, Guidelines ….)
  35. 35. Physical Controls(Fences, turnstile door, fire extinguishers…)</li></li></ul><li>Technical Control tools<br />18<br />
  36. 36. 19<br />Thank You<br />Questions ?<br />
  37. 37. 20<br />Links<br />Media Fingerprinting - Sara Kudrle<br /> Office of the Privacy Commissioner of Canada<br />Secure Scalable Multimedia Streaming <br />Internet Streaming Media Alliance<br />Digital Watermarking Alliance<br />Risk Assessment Worksheet and Management Plan<br />