Government Information Assurance (GIA) Policy. 2 Current Scenario  It is a connected world!  More and More services are being provided online  Continuous.

Slides:

Advertisements

Similar presentations

Philippine Cybercrime Efforts

Advertisements

PhoenixPro Procurement. technology. contracts. projects.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.

David A. Brown Chief Information Security Officer State of Ohio

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Security Controls – What Works

Information Security Policies and Standards

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Information Systems Security Officer

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

First Practice - Information Security Management System Implementation and ISO Certification.

The Role of Security & Privacy in EA Program

Stephen S. Yau CSE , Fall Security Strategies.

Preparing Scotland’s first Records Management Plan Ava Wieclawska Records Manager.

Evolving IT Framework Standards (Compliance and IT)

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Applied Technology Services, Inc. Your Partner in Technology Applied Technology Services, Inc. Your Partner in Technology.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Copyright © 2004 Pearson Education, Inc. Slide 5-1 Securing Channels of Communication Secure Sockets Layer (SSL): Most common form of securing channels.

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

2 ictQATAR “ Information and Communication Technology (ICT) improves how we live and work in countless ways.”  The Ministry of Information Communication.

Week 3 E-GOVERNMENT. Security PRIVACY Learning outcome At the end of this slide, student can: 1) Explain the network security 2) Understand the contribution.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Engineering Essential Characteristics Security Engineering Process Overview.

Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

IT Controls Global Technology Auditing Guide 1.

Scott Charney Cybercrime and Risk Management PwC.

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

TLP:Green FIRST/TF-CSIRT Technical Colloquium January 25 th – 27 th, 2016 Prague, CZ TLP:Green.

Why Privacy & Security Awareness Training?. Why is privacy & security awareness training required?

Regional Telecommunications Workshop on FMRANS 2015 Presentation.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Information Security tools for records managers Frank Rankin.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

1 Iowa Emergency Management Association Iowa Homeland Security and Emergency Management Department Emergency Management Program Development Course EMERGENCY.

IIA – Cyber Security Event Cyber Risks James Humbles June 2016.

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

Law Firm Data Security: What In-house Counsel Need to Know

Security measures deployed by e-communication providers

Cybersecurity, competence and preparedness

NISF Objectives Conceptual structure for guiding IS activities

Cybersecurity - What’s Next? June 2017

Team 1 – Incident Response

Information Technology Sector

Paul Woods Chair, MITIGATION: Ensuring we procure cloud services taking into account of the risks involved Paul Woods Chair, ISNorthEast.

San Francisco IIA Fall Seminar

8 Building Blocks of National Cyber Strategies

Managing Information Security In a Disruptive IT Landscape

ISO/IEC 27001:2005 A brief introduction Kaushik Majumder

Threat Trends and Protection Strategies Barbara Laswell, Ph. D

Security week 1 Introductions Class website Syllabus review

National Information Assurance (NIA) Policy

Cyber Security in a Risk Management Framework

Presentation transcript:

Government Information Assurance (GIA) Policy

2 Current Scenario  It is a connected world!  More and More services are being provided online  Continuous evolving and powerful technology available to everybody at a cheap price  With every opportunity come Risk.  Your business is at RISK!

3 Emerging Risks  Changing Political Scenario  Arab Spring  Qatar’s prominent role in International Arena  Changing Economic Scenario  Country with highest per capita income  International Sporting Events  Hacktivism  Sophisticated Attack Vectors  Insider Threats  Changing Legislative landscape  Data Privacy Law*  Critical Information Infrastructure Protection Law*

4 Real Incidents  During Arab Games in 2011  A number of critical sector and government organization were victim of attacks from Moroccan Hackers group  Number of sites affected: 10  Most of the incidents involved web defacement but it could have been worse!  Duration of incident: The attack was persistent for two weeks

Government Information Assurance Survey Increasing Reliance on ICT New Emerging Risks No Security Baseline standards Insufficient trained resources Baseline Policy & Standards Auditing Model Certified Training The need of Information Security Management System

Business Model of Information Security Challenges in Government Sector  Cultural Issues  Pre-set Mindset: Peaceful and secure environment  Lack of Awareness  Lack of Support  Lack of Resources

Government Information Assurance Survey Government Information Assurance Survey (2010) 30% of IT managers of Government organizations responded Survey demonstrated the need of information security support

8 Government Information Assurance Policy

What is GIA Policy

Government Information Assurance Survey GIA Components What is GIA Government Information Assurance Manual Governance Structure [IG] Risk Management [RM] Third Party Security Management [TM] Data Labeling [DL] Change Management [CM] Personnel Security [PS] Security Awareness [SA] Incident Management [IM] Business Continuity Management [BC] Logging & Security Monitoring [SM] Data Retention & Archival [DR] Documentation [DC] Accreditation [AC] Security Governance & Processes Government Information Classification Policy Communications Security [CS] Network Security [NS] Information Exchange [IE] Gateway Security [GS] Product Security [PR] Software Security [SS] System Usage Security [SU] Media Security [MS] Access Control Security [AM] Cryptographic Security [CY] Portable Devices & Working Off-Site Security [OS] Physical Security [PH] Technical Control Areas Implementation GuideAccreditation Manual Certified Training

Government Information Assurance Survey Assets Classification What is GIA Step 1: Identify key processes and their owners in the organization. Step 2: Identity process dependencies: information, applications, systems, networks, etc. Step 3. Determine the security classification for each information asset using table Step 4: Apply the necessary controls

Government Information Assurance Survey GIA Policy is… What is GIA Formulated from most common international standards/best practices Allows straight forward path for certification against other standards e.g. ISO27001 Maps well with established standards such as ITIL Approved by the Board of ictQATAR and has been sent to Council of Ministers. Adopted by MoI, ABQ

Thank You