Cybersecurity classification and protection of information

Slides:



Advertisements
Similar presentations
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Advertisements

SL21 Information Security Board Mission, Goals and Guiding Principles.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Policies and Standards
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risk Management Vs Risk avoidance William Gillette.
Session 3 – Information Security Policies
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
SEC835 Database and Web application security Information Security Architecture.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Architecture
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
Chapter 6 of the Executive Guide manual Technology.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
Eliza de Guzman HTM 520 Health Information Exchange.
Information Security What is Information Security?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Module 6: Designing Security for Network Hosts
Working with HIT Systems
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Chapter 1: Security Governance Through Principles and Policies
Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
MANAGEMENT of INFORMATION SECURITY Third Edition C HAPTER 1 I NTRODUCTION TO THE M ANAGEMENT OF I NFORMATION S ECURITY If this is the information superhighway,
CMGT 400 Entire Course CMGT 400 Week 1 DQ 1  CMGT 400 Week 1 Individual Assignment Risky Situation  CMGT 400 Week 1 Team Assignment Kudler Fine Foods.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.
For more course tutorials visit
For More Best A+ Tutorials CMGT 400 Entire Courses (UOP Course) CMGT 400 Week 1 DQ 1 (UOP Course)  CMGT 400 Week 1 Individual Assignments.
Slide 1 MANAGEMENT OF INFORMATION SECURITY  “ If this is the information superhighway, it is going through a bad, bad neighborhoods” Dorian Berger, 1997.
Information Security Management Goes Global
Presenter: Mohammed Jalaluddin
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
CMIT100 Chapter 15 - Information.
ASSET - Automotive Software cyber SEcuriTy
Leverage What’s Out There
LAND RECORDS INFORMATION SYSTEMS DIVISION
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Security Engineering.
Information Security Board
San Francisco IIA Fall Seminar
Securing Information Systems
CMGT 431 Competitive Success/snaptutorial.com
CMGT 431 Education for Service-- snaptutorial.com.
CMGT 431 Teaching Effectively-- snaptutorial.com.
CMGT 400 Education for Service-- tutorialrank.com
I have many checklists: how do I get started with cyber security?
ROB PROW MIPI/MCMI ALTERNATIVE SOLUTIONS LIMITED
IS4680 Security Auditing for Compliance
IT & Security Training Skills.
How to Mitigate the Consequences What are the Countermeasures?
HIPAA Security Standards Final Rule
IS4680 Security Auditing for Compliance
WELCOME AOI Tech Solutions Get Instant Tech Help & Support.
WELCOME AOI Tech Solutions - Network Security.
Data Security and Privacy Techniques for Modern Databases
Chapter 5 Computer Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
OU BATTLECARD: Oracle Identity Management Training
What is Cybersecurity Office of Information Technology
Presentation transcript:

Cybersecurity classification and protection of information Lic. Claudio Jorge Tana Gerente de Consultoría NeoSecure S.A. LA27001 - LA25999 – CISM - CBCP ctana@neosecure.com May 2016

Index Cyber Security and Information Protection Reasons for Identification and Classification Main concepts Goals Implementation Summary

CyberSecurity Protecting information assets, through treatment of threats that exposed risk the information is processed, stored and transported by information systems that are interconnected. ISACA (Information Systems Audit and Control Association) Monterrey Chapter

Differences Between Cybersecurity and Information Security Seeks to protect information that may affect risk in its different forms and states. Focus on information in digital format and interconnected systems that process, store or transmit. Methodologies, standards, techniques, tools, organizational structures, technology and other elements that support the idea of protection in the various facets of information. Approach with Security. It involves the implementation and management of appropriate security measures, through a holistic approach. Threats and vulnerabilities in cyberspace. Information threats and infrastructure threats. Information Classification. Cybersecurity Information Sharing Classification System.

Reasons for classifying information in digital format Companies need to protect their information today more than ever. The need is obvious but solutions are not. Management must ensure company information is protected. Mobile Technology Cloud Computing Distinguishing Information Classification and Cybersecurity Information Sharing Classification System.

Principal Objectives Understand what an effective information classification system should accomplish. Be easy to understand, use and maintain. Focus only on confidentiality. Specially in “Private” and “Confidential” Information. Protecting it from inappropriate access. Apply “least privilege” / “need to know” concepts. Strategy for Information Sharing and Safeguarding.

Successful implementation Identify all information sources and media that need to be protected. Identify information protection measures Authentication Role based Access Encryption Administrative controls Technology control Assurance Map information protection measures to information classes. Classify information. Repeat as needed.

Iterative and an on-going process. Summary Iterative and an on-going process. Information security policy (updated). Standards and procedures (updated). Updated on new technologies. Security awareness. If this sounds like too much work, consider… Without data classification, all decisions about information protection are being made by the discretion and judgement of security, system, and database administrators only

Presencia Local en: Argentina Chile Colombia Perú Argentina Carlos Pellegrini 1265 – 6to Piso Teléfono: 5235-8875

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.