OSR/Aug 02 Data Security E2002, Lecture 1 August 30, 2002 000-015 History Background - Batch - Remote access, DB, RACF - Orange Book - ITSec, Common Criteria.

Slides:



Advertisements
Similar presentations
Module 1 Evaluation Overview © Crown Copyright (2000)
Advertisements

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Secure Systems Research Group - FAU Process Standards (and Process Improvement)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Effective Design of Trusted Information Systems Luděk Novák,
RMI Global Risk & Crisis Management Solutions. Certain material influenced by source material drawn from IFAC Risk - Hazard & Opportunity Hazards € Spent.
1 Information Security Standards Gary Gaskell © 2001.
ISO Information Security Management
ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 6
SOX & ISO Protect your data and be ready to be audited!!!
1 Risk management and Investigation Peter Roberts
Compliance Risk Self Assessment Model. Compliance Risk - Definition  The risk to earnings or capital arising from violations of, or nonconformance with.
Consultancy.
Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO / BS7799.
Gurpreet Dhillon Virginia Commonwealth University
Principles of Information System Security: Text and Cases
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.
The IS Security Problem GP Dhillon, Ph. D. Associate Professor of IS, VCU
Evolving IT Framework Standards (Compliance and IT)
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Session 602 Exploring the Evolution of Access: Classified, Privacy, and Proprietary Restrictions.
5 Minutes On… Risk Management Five Minutes on… RISK MANAGEMENT What is it and why is it relevant? Image courtesy of waitporn / Freedigitalphotos.net.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.
The ISO Standards Get Familiar or Stay Away? PrivaTech Consulting Presenter: Fazila Nurani, B.A.Sc., (E.Eng.), LL.B., CIPP/C.
Presented by : Miss Vrindah Chaundee
SME Security. Articulate the major security risks and legal compliance issues for an SME.Explain and justify approaches of investment on InfoSec controls,
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
SEARO –CSR Early Warning and Surveillance System Module International Health Regulations and EWAR.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Information Systems Ethics (Cyberethics) Dr. Robert Chi Department of Information Systems California State University, Long Beach.
Management of Change ► The health, safety, security, environmental, technical and other impacts of temporary and permanent changes are formally assessed,
Security consulting What about the ITSEC?. security consulting What about the ITSEC? Where it came from Where it is going How it relates to CC and other.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 4 E-Commerce Threats.
IT Security CS5493(74293). IT Security Q: Why do you need security? A: To protect assets.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.
Copyright © Houghton Mifflin Company. All rights reserved.8-1 Chapter 8 Developing an Effective Ethics Program.
Chapter 8 : Management of Security Lecture #1-Week 13 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.
Welcome to the ICT Department Unit 3_5 Security Policies.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
ISCOM 383 Week 4 DQ 2 What are the impacts of information technology from the standpoint of legal, ethical, and regulatory concerns on global value chain.
Security Management in Practice
IS YOUR ORGANISATION’S INFORMATION SECURE?
On-Line Meeting 2 October 25, 2016.
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Developing an Effective Ethics Program
Response to disruptive events at INEGI - Mexico City Office
Lecture 09 Network Security Management through the ISMS
Policies and Standards Governance
Figure 3: TSN Analysis Methodology
Managing Director and Head of Group Legal & Secretariat DBS Bank
Information Security based on International Standard ISO 27001
Conducting Human Subjects Research
Information Security: Risk Management or Business Enablement?
Information Security Risk Management
QUALITY MATTERS - OVERVIEW OF ISO QUALITY MANAGEMENT SYSTEM
Conducting Human Subjects Research
Albeado - Enabling Smart Energy
RISK RATING GUIDE APPENDIX C LIKELIHOOD RATING Rating Description
Presentation transcript:

OSR/Aug 02 Data Security E2002, Lecture 1 August 30, History Background - Batch - Remote access, DB, RACF - Orange Book - ITSec, Common Criteria - Code of Practice - BS 7799, ISO ISO TR DS 484

OSR/Aug 02

What is Information Security ? Why do we need Information Security ? - Commercial Image - Loss of Reputation, Trust, Confidence Examples

OSR/Aug 02

Trust

Security Requirements - Risk Assessment ¤ Exercise: Five most serious threats ¤ KPMG Security Survey ¤ Traffic Light Analysis ¤ Risk Model ¤ Vulnerability Analysis Threats – BSI List - Legal Requirements ¤ FSR Vejl ¤ SysTrust - Good Practice

OSR/Aug 02

Exercise Which are the five most serious IT- security threats to an organization ?

OSR/Aug 02

Risk model Vulnerability Impact Threat

OSR/Aug 02 Legal, statutory, regulatory and contractual requirements

OSR/Aug 02

Principles and objectives  Vision  Ethical  Good Practice  IT Security Policy

OSR/Aug Controls - Preventive - Detective - Corrective Critical Success Factors - Examples

OSR/Aug 02

Trafiklysanalyse

OSR/Aug 02

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.