Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

Slides:



Advertisements
Similar presentations
Agenda What is Compliance? Risk and Compliance Management
Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Confidentiality and Privacy Controls
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
“Limiting electronic fraud through an Information Security Management System (ISMS): An Introduction to ISO 27001" Presented to the ICGFM Annual Conference.
Security Controls – What Works
Information Security Policies and Standards
OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.
Saba Confidential 1 Next Generation HCDM April 16, 2003 E-Learning Brazil Conference Magna Session Bobby Yazdani President and COO.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Copyright Security-Assessment.com 2004 Security Governance and Regulatory Controls by Peter Benson.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Fraud Prevention and Risk Management
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.
Information Security Framework & Standards
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
The Other Side of Information Security Wilco van Ginkel – Ubizen
Evolving IT Framework Standards (Compliance and IT)
Safety Driven Performance Conference 2013 The future of managing asset-intensive businesses John Keefe APM/RBMI Technical Manager Asset Integrity Services.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Joseph Ferracin Director IT Security Solutions Managing Security.
GRC - Governance, Risk MANAGEMENT, and Compliance
Chapter Three IT Risks and Controls.
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Challenges in Infosecurity Practices at IT Organizations
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
The Impact of Privacy on HP’s Customer Relationship Management Solution Mike Overly Vice President, Marketing © 2003 Hewlett-Packard Development Company,
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
13-1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall Chapter 13 Information Technology for Business.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Unit 9: Electronic Fraud Professor Thomas Genovese.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Security and Ethics Safeguards and Codes of Conduct.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.
The Other Side of Information Security Wilco van Ginkel – Ubizen
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
MS in IT Auditing, Cyber Security, and Risk Assessment
Dr. Yeffry Handoko Putra, M.T
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Lecture 09 Network Security Management through the ISMS
Information Security Awareness
GDPR Security: How to do IT? IT reediness for competitive advantage
Confidentiality and Privacy Controls
Cyber Security in a Risk Management Framework
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
The state of digital supplier risk management: In partners we trust
Presentation transcript:

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T 2006 April 5, 2006, Riga, Latvia

2 Today's Environment  Collaboration Individuals Business Partners Industries Global businesses  Trusted partners

3 Today's Environment  Traditional customerbusiness IT support  E-business customer IT solution business  Trusted IT solutions

4 Today's Environment  Does IT becomes commodity? Resources on demand  Standardization  Trusted technologies

5 Today's Environment  Concerns Breaches of confidentiality Disruption of business operations Theft of intellectual property  “The wonder of the Web is that the customer knows about IT problems the same time you do. There’s no camouflage.” Senior VP of Electronic Brokerage Technology The Computer Crime and Security Survey,CSI/FBI, 2005

6 Competitive Advantage  High service level for customers  Complex technology (additional risk)  Public image and branding  Compliance  Business resilience  New Driver - Trust and Differentiation Security as a differentiatorSecurity as a differentiator  Competitiveness for businesses for countries

7 Fundamental Principles of Security  Confidentiality Passwords, biometric controls, identity management systems,... Encryption, VPN, SSL, SET...  Integrity Digital signatures, PKI, anti-virus software,...  Availability Backup systems, continuity plans,...

8 Regulations  State Secrets Law, 1996  Personal Data Protection Law, 2000  State Information Systems Law, 2002  Electronic Documents Law, 2002  Obligatory technical and organizational requirements for protection of personal data processing systems, Cabinet of Ministers Regulation No.40, January 30, 2001  Common Security Requirements for State Information Systems, Cabinet of Ministers Regulation No.765, October 11, 2005  Regulations on Security Audits of Certification Authorities, Cabinet of Ministers Regulations No.357 and No.358, July 1, 2003  and more...

9 Regulations  State Standards LVS ISO/IEC 17799:2005 Information technology – Code of practice for information security management LVS ISO/IEC TR 13335:2003 Information technology - Guidelines for the management of IT Security LVS ISO/IEC 15408:2003 Information technology – Security techniques — Evaluation criteria for IT security LVS ISO/IEC 12207:2002 Information technology – Software life cycle processes and more...  Regulations of the Financial and Capital Market Commission Regulations on the Security of Information Systems of Financial and Capital Market Participants Regulations on Information Encryption and Electronic Signing and more...

10 Does a Stronger Lock Help?

11 Scope of IT Security  Too often IT security issues are treated in the narrow sense as technologies protecting against viruses, spam, spyware, “bad guys”, etc.  Scope of IT security includes also business continuity planning software development issues personnel security security awareness program and more...

12 Scope of IT Security LVS ISO/IEC 17799:2005  Security Policy  Organization of Information security  Asset Management  Human Resource Security  Physical and Environmental Security  Communications and Operations Management  Access control  IS Acquisition, Development, and Maintenance  Information Security Incident Management  Business Continuity Management  Compliance

13 IT Security Framework  Use proven values to win competition COBIT to build IT governance ISO/IEC to manage IT security Access control Asset Management Security policy Organization of Information security Human Resource Security Physical and environmental security Communications and operations management IS Acquisition, Development, and Maintenance Information Security Incident Management Compliance Integrity Confidentiality Availability Business continuity management

14 Scope of IT Audit  Assessment of IT support for company’s business objectives IT function compliance with regulatory requirements IT project cost and schedule control IT solution benchmarking to industries’ best practice IT security  Independent audit ISACA Latvia, 60+ members ( 48 certified IS auditors (CISA) and certified security managers (CISM)

Thank You for Your Attention!    

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.