Miznah A. AlMansour ID# COLLEGE OF BUSINESS ADMINISTRATION

Slides:

Advertisements

Similar presentations

Tips to a Successful Monitoring Visit

Advertisements

Course Material Overview of Process Safety Compliance with Standards

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)

Auditing Computer Systems

Security Controls – What Works

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Network security policy: best practices

Chapter 7 Database Auditing Models

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Evolving IT Framework Standards (Compliance and IT)

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

An Educational Computer Based Training Program CBTCBT.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

Kevin Casady Hanna Short BJ Rollinson.  Centralized and Structured collection of data stored in a computer system  An electronic filing system  Easy.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Jenkins Independent Schools NETWORK STAFF USER CONTRACT Acceptable Use Policy 2007 – 2008.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Audit Planning Process

The Role of NCAS Assessments NASA Supply Chain Conference Goddard Space Flight Center November 14, 2007.

Introduction to Information Security

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

Chapter 8 Auditing in an E-commerce Environment

Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.

ITACS L.L.P. Policy And Procedures Group 1. Objective: To establish companywide policy with regards to personal device usage both on and off of the company.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.

Information Security and Privacy in HRIS

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.

HR FUNCTIONS AT A GLANCE. PRE-RECRUITMENT PROCESS  Collection of requirement of manpower from various departmental heads  Securitization of the requirement.

COLLEGE OF BUSINESS ADMINISTRATION

Payment Card Industry (PCI) Rules and Standards

COLLEGE OF BUSINESS ADMINISTRATION

Cyber Insurance Risk Transfer Alternatives

Blackboard Security System

Prince Mohammad Bin Fahd University Spring MISY 3321 Intro to Information Assurance Mr. Muhammad Rafiq Group Presentation 1 10th March, 2013.

Aramco Information Assurance Policy

Risk management.

East Carolina University

Fusion Center ITS security and Privacy Operations Joe Thomas

Facility Manager IPM PLAN and Policy

Learn Your Information Security Management System

Internet Payment.

MISY3321- Intro. to Information Assurance

Information Security Awareness

Privacy of Client Data.

Introduction to the Federal Defense Acquisition Regulation

Hello, Today we will look at cyber security and the Internet of Things and how it could impact our business.

Asset Management Accountability Framework - Guidance

SAM GDPR Assessment <Insert partner logo here>

Red Flags Rule An Introduction County College of Morris

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit

Facility Manager IPM PLAN and Policy

INGONYAMA TRUST BOARD’S ANNUAL PERFORMANCE PLAN

North South University

Computer System Validation

Presentation transcript:

Miznah A. AlMansour ID#200900258 COLLEGE OF BUSINESS ADMINISTRATION MISY 3321: Introduction to Information Assurance Section 201 Miznah A. AlMansour ID#200900258

Outline Zamil Industrial Overview Operations and Information Zamil Industrial Information Assurance Policy Zamil Industrial’s Experience in Lost/Misuse of Information Conclusion and Recommendation

Zamil Industrial Overview Zamil Industrial Investment Company was founded in 1998 and it headquartered in Dammam, Saudi Arabia Zamil Industrial provides products, engineering systems and services for the construction sector It sells pre-engineered steel buildings (PEB), air conditioning systems, district cooling and utility services, air-cooled heat exchangers, telecom towers, and much more

Zamil Industrial Overview (continued) Zamil Industrial has grown from a locally oriented industry into a global leader in expanding fields, where it sells its products in more than 90 countries Zamil Industrial main facilities are located in Saudi Arabia, along with additional factories located in Egypt, India, United Arab of Emirates, Vietnam and Italy

Operations and Information Zamil Industrial consists of five sectors; Steel, HVAC(heating, ventilation, and air conditioning), Glass, Insulation, and Concrete As many other companies, Zamil Industrial sensitive information is their most important asset, and protecting that data from theft or damage is just as important as protecting any other physical asset There are various types of information which Zamil Industrial keep, where their information-based assets are: financial data HR data supply chain data manufacturing data logistics data procurement data orders data projects data engineering data customer data maintenance data productivity data

Zamil Industrial Information Assurance Policy In Zamil Industrial, information assurance is a practice of assuring the use and security of the intangible assets. Information assurance polices in Zamil Industrial include but is not limited to: Information Security Management Acceptable Use of ZI IT infrastructure Policy Information Classification & Handling Policy Document, Data, & Record Control Risk Management Asset Management Access Control Policy Internal Audits Data Security & Guidelines Password Security & Guidelines Internet Service Policy

Zamil Industrial Information Assurance Policy (continued) All members of the organization must coordinate with the following requirements: Information collected for a specific purpose should not be shared with any outsider of the company without notification and consent Employees should use strong passwords to access the system to secure personal computers Employees should log out from the system when they are finished working Employees should not download e-mail attachments from unknown senders

Zamil Industrial Information Assurance Policy (continued) Employees are not allowed to download or install any computer program or software without prior approval from the IT department Employees should not access confidential information unless they have a legitimate need to know that information Employees may not post confidential information on publicly accessible computer of website Employees must immediately report potential information security breaches, or evidence of potential illegal activity to the IT department

Zamil Industrial’s Experience in Lost/Misuse of Information The Information Technology Auditor in Zamil Industrial, Mr. Husain, he confirmed that there was no lost or any misuse of information that the company has ever experienced. (Husain, 2012) That indicates and proves the high and strong security and assurance policies that Zamil Industrial practice regarding information

Conclusion and Recommendation Organizations must implement one or more formal IT best-practice control and process models Companies must ensure compliance with the standards, and always translate those standards into security guidelines, and most importantly is to incessantly evaluate current security state and frequently update policies

Conclusion and Recommendation (continued) And here are simple tips for companies to protect data and maintain strong information assurance: Conducts a security audit Information assurance awareness Strong passwords Data encryption Back up

References Husain, M. (2012, September 20). Zamil Industrial Information Assurance Policies. (M. AlMansour, Interviewer) Zamil Industrial. (2012). Zamil Industrial Overview. Retrieved 2012, from Zamil Industrial: http://www.zamilindustrial.com/