SlideShare a Scribd company logo

Information Security Management.Introduction

Download as PPT, PDF
Y
yuliana_mar

Information Security Management. Introduction. By Yuliana Martirosyan, Based on Bell G. Reggard, Information Security Management. Concepts and Practices.

Technology
1 of 16
Information Security Management Introduction By Yuliana Martirosyan Based on Bell G. Reggard, (2010) Information Security Management. Concepts and Practices.
Introduction People Network Activities TechnologyData Information Security Management Introduction to Information Security Management
• Introduction • Layers of personnel around an information resources Operator -System- Security Staff Security Administrator System Owner Information Security Management Introduction to Information Security Management
Information Security Management • Why Information Security Matters? • Information drives enterprise business value generation. • Information is the basis of competitive advantage. • Assets are very independent. To protect one asset the whole computing environment should be protected. Introduction to Information Security Management
Information Security Management Information Sensitivity Classification Information sensitivity taxonomy Introduction to Information Security Management Information Sensitivity Public Information Confidential Information Internal Use Proprietary Information Highly Confidential Top Secret
Information Security Management Information Security Governance Corporate governance has to do with how the board of directors and executive management run and control a company IT governance is how technology is used and managed so that it supports business needs. Information security governance is a coherent system of integrated security components • products • personnel • training • processes • policies ... that exist to ensure that the organization survives and hopefully thrives. Introduction to Information Security Management
The Computing Environment Security of an information system Information System Security People security Technology Security Network Security Security of IS Activities Data Security Information Security Management Introduction to Information Security Management
Security of Various Components in the Computer Environments Protecting organization, information system , or any computing environment means following: • Personal security to protect people • Qualification assurance • Specifications of the job • Security clearance • Screening Assurance • Authorizing of process • Security Training • Nondisclosure Agreement Information Security Management Introduction to Information Security Management
Security of an information system 1. Introduction to Information Security Management CIA Triad CIA Triad Confidentiality Integrity Availability
CIA triad suffers from at least 2 drawbacks: Security Star Model Confidentiality Availability Non-Repudiation Integrity Authentication 1. Introduction to Information Security Management The Security Star
Parker’s View of Information Security Parker’s View of Information Security • CIA Triad • Authenticity • Possession Envelope • Utility Possession defines ownership or control of information Authenticity aims at ensuring that the origin of the transmission is correct and that the authorship of the transmitted documents is valid Utility emphasized the usefulness of the information in possession Information Security Management Introduction to Information Security Management
What is Information Security Management 1. Identify computing environment, define its critically, prioritize its contribution to the organization’s business-value-generation capabilities; 2. Identify all security risks, assess them, mitigate them by devising a comprehensive risk- driven security program; 3. Provide continual improvement of the organization’s risk position. Information Security Management Introduction to Information Security Management
Security Controls Managerial Controls: • Risk Assessment • Planning • System and Service acquisition • Certification, accreditation and security assessment Technical Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management Information Security Management Introduction to Information Security Management
Security Controls Operational Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management • Maintenance • System and Information Integrity • Media Protection • Incident Response • Awareness and Training Information Security Management Introduction to Information Security Management
The NSA Triad for Security Assessment Assessment - Security Planning for 3 years Not technical, often qualitative Doesn’t involve any testing Collaborative, often shared by users, managers, and owner Evaluation - How to use technology to support information security Technical but not invasive Passive testing required for self study Collaborative to some extends Involves diagnostic tools Involves internal audit Information Security Management Introduction to Information Security Management
The NSA Triad for Security Assessment Penetration Testing Non-collaborative Technical in nature Invasive in nature Involves external audit Active penetration tests Risk to compromise the target system exists but has to be avoided Active assessment expertise is required Information Security Management Introduction to Information Security Management

Recommended

Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security
Sammer Qader
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
Dam Frank
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521
Merlin Florrence
 
Information Security
Information SecurityInformation Security
Information Security
chenpingling
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 

Recommended

Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security
Sammer Qader
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
Dam Frank
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521
Merlin Florrence
 
Information Security
Information SecurityInformation Security
Information Security
chenpingling
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
PECB
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity Plan
Marcelo Silva
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
Divya Tiwari
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
chauhankapil
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
divyanshigarg4
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilities
Manish Chaurasia
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
ahmad abdelhafeez
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
SHRIYARAI4
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
Dhani Ahmad
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
Nada G.Youssef
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
yuliana_mar
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 

More Related Content

What's hot

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
PECB
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity Plan
Marcelo Silva
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
Divya Tiwari
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
chauhankapil
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
divyanshigarg4
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilities
Manish Chaurasia
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
ahmad abdelhafeez
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
SHRIYARAI4
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
Dhani Ahmad
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
Nada G.Youssef
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 

What's hot (20)

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity Plan
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilities
 
Information security
Information securityInformation security
Information security
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 

Viewers also liked

Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
yuliana_mar
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
Understanding Information Security
Understanding Information SecurityUnderstanding Information Security
Understanding Information Security
Sanjaya K Saxena
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
primeteacher32
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systems
primeteacher32
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 

Viewers also liked (6)

Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
Understanding Information Security
Understanding Information SecurityUnderstanding Information Security
Understanding Information Security
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systems
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 

Similar to Information Security Management.Introduction

Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
ssuserf98dd4
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
Rimurutempest594985
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
Ndheh
 
Information Security
Information Security Information Security
Information Security
Alok Katiyar
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
TikdiPatel
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptx
RashidSahito1
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
See You Rise Holdings
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
Stephen Abram
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
Wiliam Ferraciolli
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
Inderjeet Singh
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
madunix
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
Information awareness program
Information awareness programInformation awareness program
Information awareness program
khattar31
 

Similar to Information Security Management.Introduction (20)

Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
 
Information security
Information securityInformation security
Information security
 
Information security
Information securityInformation security
Information security
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
Information Security
Information Security Information Security
Information Security
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptx
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
Information awareness program
Information awareness programInformation awareness program
Information awareness program
 

Recently uploaded

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 

Recently uploaded (20)

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 

Information Security Management.Introduction

  • 1. Information Security Management Introduction By Yuliana Martirosyan Based on Bell G. Reggard, (2010) Information Security Management. Concepts and Practices.
  • 3. • Introduction • Layers of personnel around an information resources Operator -System- Security Staff Security Administrator System Owner Information Security Management Introduction to Information Security Management
  • 4. Information Security Management • Why Information Security Matters? • Information drives enterprise business value generation. • Information is the basis of competitive advantage. • Assets are very independent. To protect one asset the whole computing environment should be protected. Introduction to Information Security Management
  • 5. Information Security Management Information Sensitivity Classification Information sensitivity taxonomy Introduction to Information Security Management Information Sensitivity Public Information Confidential Information Internal Use Proprietary Information Highly Confidential Top Secret
  • 6. Information Security Management Information Security Governance Corporate governance has to do with how the board of directors and executive management run and control a company IT governance is how technology is used and managed so that it supports business needs. Information security governance is a coherent system of integrated security components • products • personnel • training • processes • policies ... that exist to ensure that the organization survives and hopefully thrives. Introduction to Information Security Management
  • 7. The Computing Environment Security of an information system Information System Security People security Technology Security Network Security Security of IS Activities Data Security Information Security Management Introduction to Information Security Management
  • 8. Security of Various Components in the Computer Environments Protecting organization, information system , or any computing environment means following: • Personal security to protect people • Qualification assurance • Specifications of the job • Security clearance • Screening Assurance • Authorizing of process • Security Training • Nondisclosure Agreement Information Security Management Introduction to Information Security Management
  • 9. Security of an information system 1. Introduction to Information Security Management CIA Triad CIA Triad Confidentiality Integrity Availability
  • 10. CIA triad suffers from at least 2 drawbacks: Security Star Model Confidentiality Availability Non-Repudiation Integrity Authentication 1. Introduction to Information Security Management The Security Star
  • 11. Parker’s View of Information Security Parker’s View of Information Security • CIA Triad • Authenticity • Possession Envelope • Utility Possession defines ownership or control of information Authenticity aims at ensuring that the origin of the transmission is correct and that the authorship of the transmitted documents is valid Utility emphasized the usefulness of the information in possession Information Security Management Introduction to Information Security Management
  • 12. What is Information Security Management 1. Identify computing environment, define its critically, prioritize its contribution to the organization’s business-value-generation capabilities; 2. Identify all security risks, assess them, mitigate them by devising a comprehensive risk- driven security program; 3. Provide continual improvement of the organization’s risk position. Information Security Management Introduction to Information Security Management
  • 13. Security Controls Managerial Controls: • Risk Assessment • Planning • System and Service acquisition • Certification, accreditation and security assessment Technical Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management Information Security Management Introduction to Information Security Management
  • 14. Security Controls Operational Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management • Maintenance • System and Information Integrity • Media Protection • Incident Response • Awareness and Training Information Security Management Introduction to Information Security Management
  • 15. The NSA Triad for Security Assessment Assessment - Security Planning for 3 years Not technical, often qualitative Doesn’t involve any testing Collaborative, often shared by users, managers, and owner Evaluation - How to use technology to support information security Technical but not invasive Passive testing required for self study Collaborative to some extends Involves diagnostic tools Involves internal audit Information Security Management Introduction to Information Security Management
  • 16. The NSA Triad for Security Assessment Penetration Testing Non-collaborative Technical in nature Invasive in nature Involves external audit Active penetration tests Risk to compromise the target system exists but has to be avoided Active assessment expertise is required Information Security Management Introduction to Information Security Management

Editor's Notes

  1. A computing environment as Raggad’s taxonomy of information security is made up for five continuously interacting components. Information system is viewed as smaller computing environment made to efficiently achieve information system objectives.
  2. Information security cannot just be devised based on the specifications of security solutions; a thorough study of the organization business value generation model and its computing environment is needed before prescribing any security programs. Any security investigation has to be risk driven Off-the -self solutions will not work : 1. security requirements vary depending on vulnerabilities and threats of organization’s computing environment 2. the effect and consequences of similar security incidents vary from one organization to another.
  3. Information sensitivity taxonomy proposed by the ISO/IEC 177799 or ISO/IEC 27002.
  4. CIA triad suffers from at least 2 drawbacks: The tree security goals are not sufficient and more security goals have to be added A risk-driven model based on CIA is not sufficient to achieve security as long as security management is not incorporated in the security model. Authentication - verifying the identity of an agent before access is granted smart cards, public key, biometrics Non-Repudiation - both ends of transmission cannot deny their involvement in the transmission: Digital signatures
  5. Possession: Even if information is securely encrypted in a packet, just loosing the packet is a breach of possession Utility: if information is available to you in an encrypted form, but you have no way to decrypt it this information is not useful to you
  6. Provide continual improvement of the organization’s risk position: automatically revising the risk driven security program as security requirements change with changes in computing environment