INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.

Slides:

Advertisements

Similar presentations

Innovation or Necessity? ISM 158 By: Sepehr Saeb.

Advertisements

Working for Warwickshire – Competency Framework

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

Recognising the Risks of Cyber Threats Across the Organisation John Thornton Secretary to the Digital Government Security Forum.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

 DB&A, Knowledge Management Within and Across Projects June 15, 2012 INNOVATION for a better world.

The purpose of this Unit is to enable individuals to develop the key principles, values and attitude which are central to high quality care practice Key.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Understanding Boards Building Connections: Community Leadership Program.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S

Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.

Challenge Questions How good is our strategic leadership?

Third Annual Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey Commissioned by ISACA ( November 2010.

Introduction to Network Defense

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.

Internal Auditing and Outsourcing

New Data Regulation Law 201 CMR TJX Video.

Copyright Security-Assessment.com 2004 New Technology Enforcement Strategies by Peter Benson.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Delivering an Architecture for the Social Enterprise Alpesh Doshi, Fintricity Information Age Social&Mobile Business Conference Tuesday 31st January 2012.

Lessons Learned in Smart Grid Cyber Security

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

University of Nevada, Reno Data-Driven Organization Governance 1 Governing a data-driven organization (4/24/2014)  Define governance within organizations.

Protect critical information with a smart information-based-risk management strategy. Prepared by: Firas Mohamed Taher.

Dell Connected Security Solutions Simplify & unify.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

SAFE KNOWLEDGEwww.zondex.com INFORMATION MANAGEMENT Chris Joscelyne AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection.

The State of Computer & Data Security in Corporations Independent Survey.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Digital Preservation Coalition Supporting Digital Preservation NOF-digi Preservation Workshop Senior Managers’ Brief Maggie Jones DPC Co-ordinator

1 Managed IT Services Sharing my knowledge and experiences Tom Smyth – Chairman and Managing Director.

The Employee Partnership Partners in Transition 22 nd Annual Telecommunication Conference and Trade Exhibition June 2006, Punta Cana The Employee.

G:\99Q3\9220\PD\AJD2.PPT 1 Harriet P. Pearson Chief Privacy Officer IBM February 7, 2003 IBM.

PDE3 – Frameworks for interoperability of Product Data in SME based environment Lecturer: Ricardo Gonçalves.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

COMMUNITIES OF PRACTICE AND THE TERTIARY SECTOR What doesn’t make a community of practice? And what does?

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

SAFE KNOWLEDGEwww.zondex.com SAFE KNOWLEDGE GEOFF ROBERTS Implementation Partner AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection.

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

Chapter 16 – Technological Development Technological Development Employees, managers and organisations, as well as the population in general, take for.

Personal Leadership Serving Customers Managing Resources Leadership Serving Customers Serving Customers Managing Resources Managing Resources Working for.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

1 MANAGEMENT OF CHANGE LEADERSHIP TOWARDS CHANGE, RENDERING STRUCTURES, FUNCTIONS AND PROCEDURES COMPATIBLE A Case Study of the Kenya Revenue Authority.

1.  1. Introduction  2. Policy  3. Why Policy should be developed.  4. www policies 2.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Program Performance Criteria.

Safeguarding and confidentiality within health and social care volunteering.

Law Firm Data Security: What In-house Counsel Need to Know

Data and database administration

Current ‘Hot Topics’ in Information Security Governance Auditing

INFORMATION SYSTEMS SECURITY and CONTROL

IT & Security Training Skills.

DATA LOSS PREVENTION Mr. Collins Oduor.

Drew Hunt Network Security Analyst Valley Medical Center

PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG

Presentation transcript:

INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007

Boundaries between personal and business computing have become difficult to define because everyone and everything is becoming linked. In order to survive, enterprises must manage the new risks this environment creates.

SIGNIFICANT CHALLENGES SIGNIFICANT CHALLENGES The enormous quantity of information assets in most organisations. The enormous quantity of information assets in most organisations. Assets' inherent vulnerabilities and the potential threats to their confidentiality, integrity, and availability. Assets' inherent vulnerabilities and the potential threats to their confidentiality, integrity, and availability. Rapid adoption of new devices and methods of use inside and outside the enterprise Rapid adoption of new devices and methods of use inside and outside the enterprise

SIGNIFICANT CHALLENGES SIGNIFICANT CHALLENGES A variety of co-workers, with inconsistent attitudes to information security, working together and sharing information A variety of co-workers, with inconsistent attitudes to information security, working together and sharing information The many requirements for information security, including legal and regulatory, marketplace requirements from customers and partners, and corporate governance. The many requirements for information security, including legal and regulatory, marketplace requirements from customers and partners, and corporate governance.

COMMON THREATS COMMON THREATS Lost or stolen laptop computers (over 600,000 per year in the US, of which 97% are not recovered) Lost or stolen laptop computers (over 600,000 per year in the US, of which 97% are not recovered) Lost or stolen PDAs (current estimate is double the number of lost or stolen laptop computers) Lost or stolen PDAs (current estimate is double the number of lost or stolen laptop computers) Lost or stolen USB flash memory devices (millions lost with no protection of the stored data) Lost or stolen USB flash memory devices (millions lost with no protection of the stored data)

LACK OF SKILLS IS A SIGNIFICANT PROBLEM LACK OF SKILLS IS A SIGNIFICANT PROBLEM According to recent research, while 87 percent of organizations are confident that they can deal with viruses, spam and malware, only 35 percent feel they are able to deal with the prospect of lost data. Kace Research Study – May 2007

INFORMATION SECURITY – KEY MOTIVATORS Realization that corporate knowledge is a high value information asset that is worth protecting Realization that corporate knowledge is a high value information asset that is worth protecting Acceptance at boardroom level that protection of information assets is a corporate responsibility Acceptance at boardroom level that protection of information assets is a corporate responsibility Action at boardroom level to implement information security initiatives Action at boardroom level to implement information security initiatives

NON-TECHNICAL TREND IN 2007 Induction process for new employees that communicates policy in clear non-technical language that is understood Induction process for new employees that communicates policy in clear non-technical language that is understood Ongoing education programs to create and maintain a culture of respect for information and the need to protect it Ongoing education programs to create and maintain a culture of respect for information and the need to protect it

TECHNICAL TREND IN 2007 New and emerging technologies that protect data without choking productivity, inside and outside the enterprise New and emerging technologies that protect data without choking productivity, inside and outside the enterprise Security is becoming embedded in the infrastructure Security is becoming embedded in the infrastructure Convergence of disk encryption, removable media encryption, end point security, data loss protection, document content security and digital rights management into a suite of compatible modules Convergence of disk encryption, removable media encryption, end point security, data loss protection, document content security and digital rights management into a suite of compatible modules

SOME PRACTICAL CONSIDERATIONS “One size fits all” usually fails to meet the varying needs of enterprise employees “One size fits all” usually fails to meet the varying needs of enterprise employees Granular approach to policy enforcement allows flexibility Granular approach to policy enforcement allows flexibility Implementation must reflect levels of trust and encourage staff productivity Implementation must reflect levels of trust and encourage staff productivity Greater tracking and auditing of incoming data and outgoing data creates reports that are meaningful for fine tuning of security policies Greater tracking and auditing of incoming data and outgoing data creates reports that are meaningful for fine tuning of security policies

ENGAGING WITH VENDORS Select “mix and match” modules from one or more vendors, based on your priorities, to ensure you get what you want, when you want it, using your available technical resources

THE TASKS FOR ASSOCIATIONS THE TASKS FOR ASSOCIATIONS Establish security policies that can be enforced Establish security policies that can be enforced Guard information assets and protect data integrity Guard information assets and protect data integrity Audit and review all processes and procedures Audit and review all processes and procedures Educate staff with an ongoing program that reinforces the value of information security Educate staff with an ongoing program that reinforces the value of information security Maintain and develop a culture of security as a practical example to members and others who engage with or interact with the association Maintain and develop a culture of security as a practical example to members and others who engage with or interact with the association

FURTHER INFORMATION CHRISTOPHER JOSCELYNE SafeKnowledge ® AUSTRALIAN PROJECTS