The document discusses information governance and information security. It defines information as an important business asset that needs protection. There are different types of information like internal, customer, and outsourced information. IT governance is the process of making decisions about and monitoring IT performance. Information security protects the availability, privacy, and integrity of information using methods like access controls, security policies, asset management, and more. Information security aims to achieve the 4 Ps of security - preventative, protective, corrective and detective measures. Risk is highest during the conception and development periods of a project.
If you rely on your IT infrastructure to maintain data integrity and protect your business from financial losses, it’s a good idea to invest in network monitoring and maintenance, and achieve compliance with legislated standards.
Improving Your Information Security ProgramSeccuris Inc.
Michael walks the audience through the key focus areas in the creation of information security dashboards and discuss topics such as: What about our Information Security Program is important?
How can I represent my Information Security Program in a dashboard? What elements of my program should I measure and report on? What must happen with the output?
Security information and event management (SIEM) technology has existed since the late 1990s, but it has always been somewhat controversial in the security industry due to its initial promise of a “security single pane of glass” combined with slow adoption across smaller organizations. More recently, traditional SIEM has been joined by a broaduse log management technology that focuses on collecting a wide variety of logs for a multitude of purposes, from security incident response to regulatory compliance, system management and application troubleshooting. In this paper we will analyze the relationship between these two technologies—SIEM and log management—focusing not only on the technical differences and different uses for these technologies, but also on architecting their joint deployments
• Introduction to information security.
What is information security, threat, risks, vulnerabilities, basic terms and definition?
• Building blocks of information security strategy, policies and standards.
Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x).
• Actions, roles and responsibilities.
What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals.
By Vasil Tsvimitidze
If you rely on your IT infrastructure to maintain data integrity and protect your business from financial losses, it’s a good idea to invest in network monitoring and maintenance, and achieve compliance with legislated standards.
Improving Your Information Security ProgramSeccuris Inc.
Michael walks the audience through the key focus areas in the creation of information security dashboards and discuss topics such as: What about our Information Security Program is important?
How can I represent my Information Security Program in a dashboard? What elements of my program should I measure and report on? What must happen with the output?
Security information and event management (SIEM) technology has existed since the late 1990s, but it has always been somewhat controversial in the security industry due to its initial promise of a “security single pane of glass” combined with slow adoption across smaller organizations. More recently, traditional SIEM has been joined by a broaduse log management technology that focuses on collecting a wide variety of logs for a multitude of purposes, from security incident response to regulatory compliance, system management and application troubleshooting. In this paper we will analyze the relationship between these two technologies—SIEM and log management—focusing not only on the technical differences and different uses for these technologies, but also on architecting their joint deployments
• Introduction to information security.
What is information security, threat, risks, vulnerabilities, basic terms and definition?
• Building blocks of information security strategy, policies and standards.
Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x).
• Actions, roles and responsibilities.
What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals.
By Vasil Tsvimitidze
Information Security is becoming a focus for the entire enterprise, not just IT. This need to align both business and technology is forcing IT to move Information Security from afterthought to forethought. Architects now ponder how Information Security can be integrated into the broader topic of Enterprise Architecture. This session shows how to make the integration happen. You will learn how to integrate assets and define trusts and threat models as a part of your overall EA plan. You will also understand how Information Security is traced all the way from business architecture to the technology implementation. Participants will understand the components of an Integrated EA and Information Security framework and ensuring the traceability between business goals and IT security solutions delivered from the framework.
Key Issues:
-Understand the need to think early about Information Security
-Learn to incorporate Information Security into your EA blueprint and roadmap
-Integrate Informatoin Security Goals, objectives and capabilities with your EA view of strategy
-Integrate security policies, services and mechanisms with your EA view of solutions
-Integrate security mechanisms, standards, and guidelines into your implementations
Gather insights from Malcolm Harkins, Intel Chief information Security Officer, on how to balance business growth with risk mitigation. This presentation links to a webinar on this topic.
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
Supervised Active Intelligence: an innovative approach to Automated Incident Response based on Machine Learning, leveraging orchestration, automated playbooks and integration with existing Security Ecosystem
Presentation from Chesapeake Regional Tech Council\'s TechFocus Seminar on Cloud Security; Presented by Jeff Crume, IBM Distinguished Engineer, IT Security Architect, CISSP-ISSAP on Thursday, October 27, 2011. http://www.chesapeaketech.org
“8th National Biennial Conference on Medical Informatics 2012”Ashu Ash
“8th National Biennial Conference on Medical Informatics 2012” at Jawaharlal Nehru Auditorium, AIIMS New Delhi on 5th Feb 2012,
The organizing committee consisting of Mr. S.K. Meher (Organizing Secretary), Major (Dr.) Anil Kuthiala (Jt. Organizing Secretary) and Ashu (Assistant to the Organizing Secretariat) worked hard and toiled to make the conference a grand success.
The scientific committee comprising of Dr. S.B Gogia, Prof. Khalid Moidu, Prof Arindam Basu, Dr. S Bhatia, Dr. Thanga Prabhu, Dr. Karanvir Singh, Tina Malaviya, Dr. Kamal Kishore, Dr. Vivek Sahi, Spriha Gogia, Dr. Supten Sarbhadhikari, Dr.Sanjay Bedi, Mr. Sushil Kumar Meher actively reviewed all papers for the various scientific sessions.
Information Security is becoming a focus for the entire enterprise, not just IT. This need to align both business and technology is forcing IT to move Information Security from afterthought to forethought. Architects now ponder how Information Security can be integrated into the broader topic of Enterprise Architecture. This session shows how to make the integration happen. You will learn how to integrate assets and define trusts and threat models as a part of your overall EA plan. You will also understand how Information Security is traced all the way from business architecture to the technology implementation. Participants will understand the components of an Integrated EA and Information Security framework and ensuring the traceability between business goals and IT security solutions delivered from the framework.
Key Issues:
-Understand the need to think early about Information Security
-Learn to incorporate Information Security into your EA blueprint and roadmap
-Integrate Informatoin Security Goals, objectives and capabilities with your EA view of strategy
-Integrate security policies, services and mechanisms with your EA view of solutions
-Integrate security mechanisms, standards, and guidelines into your implementations
Gather insights from Malcolm Harkins, Intel Chief information Security Officer, on how to balance business growth with risk mitigation. This presentation links to a webinar on this topic.
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
Supervised Active Intelligence: an innovative approach to Automated Incident Response based on Machine Learning, leveraging orchestration, automated playbooks and integration with existing Security Ecosystem
Presentation from Chesapeake Regional Tech Council\'s TechFocus Seminar on Cloud Security; Presented by Jeff Crume, IBM Distinguished Engineer, IT Security Architect, CISSP-ISSAP on Thursday, October 27, 2011. http://www.chesapeaketech.org
“8th National Biennial Conference on Medical Informatics 2012”Ashu Ash
“8th National Biennial Conference on Medical Informatics 2012” at Jawaharlal Nehru Auditorium, AIIMS New Delhi on 5th Feb 2012,
The organizing committee consisting of Mr. S.K. Meher (Organizing Secretary), Major (Dr.) Anil Kuthiala (Jt. Organizing Secretary) and Ashu (Assistant to the Organizing Secretariat) worked hard and toiled to make the conference a grand success.
The scientific committee comprising of Dr. S.B Gogia, Prof. Khalid Moidu, Prof Arindam Basu, Dr. S Bhatia, Dr. Thanga Prabhu, Dr. Karanvir Singh, Tina Malaviya, Dr. Kamal Kishore, Dr. Vivek Sahi, Spriha Gogia, Dr. Supten Sarbhadhikari, Dr.Sanjay Bedi, Mr. Sushil Kumar Meher actively reviewed all papers for the various scientific sessions.
Revised by Christian Reina
Version: 1.1
Date: September 18, 2009
Change log:
-Risk Based Audit approach
-Things to know
-Penetration Testing Stages
-OSI Model protocols
-Firewall generations
-Wireless
-Common Criteria ISO 15408
-Problem Management
-System Development Life Cycle
-Software Life Cycle
-Five rules of evidence
-Incident Response framework
-Evidence Lifecycle
-Fair Information Practices
The presentations should help security professionals create security architecture that supports business objectives, covers all areas of security technology, and allows for effective measurement of security value.
The presentation was given at BrighTalk
RISKPRO INDIA
• Riskpro is India’s first national practice dedicated to risk management services and training, corporate governance, and global regulatory compliances
• Risk can be defined as a prospect of loss or reduced gain that can adversely affect the achievement of an organisation’s objectives
• When greed overtakes need, it spells trouble. Manifested as ‘bankruptcy’ in much of the developed world and ‘corruption’ closer to home, greed has clearly disrupted some major industrialised economies and enhanced the risks of doing business
• In today’s world, risks are not few. The reason companies so often fail to systematically manage their key risks is rooted in the way they define the risks they face. Risks are manageable and the answer to untapped business opportunities that lie dormant waiting for risk factors to turn favourable
• Riskpro was founded in 2009 with offices in Mumbai, Delhi, and Bangalore and it has already added eight member firms in Ahmedabad, Agra, Chennai, Gurgaon, Hyderabad, Jaipur, Ludhiana, and Pune. All our offices and member firms are well equipped and staffed with qualified professionals viz. CA, CWA, CS, CPA, CIA, CISA, CFA, and MBA
• Riskpro’s founders are qualified risk management specialists with extensive work experience in Europe and USA in several industries and financial institutions
• Riskpro aims to be the preferred service provider for large and medium enterprises on risk protection, corporate governance, and global regulatory issues; delivering state-of-the-art quality and timely services at viable rates
RISKPRO SERVICES
• Our four major practice specialisations /service lines are:
Risk: Enterprise Risk Management (services and training & recruitment)
Governance: Corporate Governance and Transparency
Compliance: Global and Indian Regulatory Compliances
Training: in all of the above service lines
• The Risk Practice deals with all classes of risks and processes viz. governance, strategic, systemic /infrastructure, compliance, reporting, and financial reporting. Processes require that key risks are properly identified, measured, monitored, controlled, and reported. Processes may also require tools like risk based internal audit, information security testing, and fraud investigations, to be employed
• The Governance Practice deals with corporate oversight and risk governance issues within an organization including business continuity planning, compliance with SEBI guidelines by listed companies, regulations relating to independent directors, investor expectation and protection, Clause-49 on corporate governance, etc
• The Compliance Practice covers a wide range of regulatory and environmental compliances including Sox, IFRS, Solvency II, Basel II /III, Corporate Laws & Direct Tax Code etc
• The Training Practice comprises of a variety of structured and /or industry specific training programs and modules designed and conducted by Riskpro experts and trainers at onsite (client or other off
Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.
2. Information
According to ISO 27001:2005, information is
defined as:
“An asset that, like other important
business assets, is essential to an
organization’s business and
consequently needs to be suitably
protected.”
Information Governance 2
3. Types of Information
Printed or written on paper
Stored electronically
Transmitted by post or using
electronic means
Shown on corporate videos
Verbal (e.g., spoken in conversations)
Information Governance 3
4. Types of Information
Information that you would not
Internal
want your competitors to know
Information that customers would
Customer or Client
not wish you to divulge
Information that needs to be shared
Outsourced
with other trading partners
Information Governance 4
5. What is “IT Governance”?
IT governance is the process of
making decisions about IT and
monitoring IT performance.
Information Governance 5
6. The Eleven Control Clauses
ORGANIZATIONAL STRUCTURE
Management
Security
Policy
Organizational
Info Sec
Asset Management
Access Control
Compliance
Human Resource Business Continuity
Security Management
Systems Development Communications and Physical &
and Maintenance Operations Management Environ. Security
Operations Security Incident Management
Information Governance 6
9. IT Governance Maturity Benchmark
Non-existent
Non-existent Initial/Ad Hoc
Initial/Ad Hoc Repeatable
Repeatable Defined
Defined Managed
Managed Optimized
Optimized
Level 0 Level 1 1
Level Level 2 Level 33
Level Level 44
Level Level 55
Level
Level 0 – Non-existent – Management processes are not applied
at all
Level 1 – Initial/Ad Hoc – Processes are ad hoc and inconsistent
Level 2 – Repeatable – Processes follow a regular pattern
Level 3 – Defined – Processes are documented and
communicated
Level 4 – Managed – Processes are monitored and measured
Level 5 – Optimized – Good practices are followed and
automated
Information Governance 9
10. What is Information Security
Information security is the process of protecting information. It
protects its availability, privacy/confidentiality and integrity.
Information Governance 10
13. Eleven Main Security
Categories
Security policy
Compliance Organization of
info security
Business continuity Asset
Integrity Confidentiality management
management
Information
Info Sec Incident HR security
management
Availability Physical and
Info systems
development & environmental
maintenance security
Communications
Access control and operations
management
Information Governance 13
14. Risk versus Amount at Stake
Total project life cycle
I
N Plan Accomplish
C Phase 1 Phase 2 Phase 3 Phase 4
R
Conceive Develop Execute Finish
E
A
S $
I
N (period when highest V
G risks are incurred) A
R L
I U
(period of highest
S E
K risk impact)
TIME
Information Governance 14