1 Prepared By Baderdeen J Alsaba Baderdeen J Alsaba Supervised By Dr. Sana’a Wafa Al-Sayegh University of Palestine College of Information Technology Security.

Slides:

Advertisements

Similar presentations

How Will it Help Me Do My Job?

Advertisements

Develop an Information Strategy Plan

Professional Behaviour

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Information Security Policies and Standards

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Applied Cryptography for Network Security

Computer Security: Principles and Practice

Stephen S. Yau CSE , Fall Security Strategies.

INTERNET and CODE OF CONDUCT

Session 3 – Information Security Policies

Network security policy: best practices

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

IT:Network:Microsoft Applications

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

SEC835 Database and Web application security Information Security Architecture.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Computers & Employment By Andrew Attard and Stephen Calleja.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Staffing and Training.

Security and Privacy Strategic Global Partners, LLC.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Topic 5: Basic Security.

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

Module 11: Designing Security for Network Perimeters.

Introduction to Information Security

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

The IT Vendor: HIPAA Security Savior for Smaller Health Plans?

CSCE 548 Secure Software Development Security Operations.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.

Sarvajanik college of engineering and technology. Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m) Jarul Mehta(co-m) Topic.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Safe’n’Sec IT security solutions for enterprises of any size.

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Introduction to ITIL and ITIS. CONFIDENTIAL Agenda ITIL Introduction  What is ITIL?  ITIL History  ITIL Phases  ITIL Certification Introduction to.

Best practice of EU countries in implementation of international standards of accounting and financial reporting in the public sector A French example.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

SECURITY MECHANISM & E-COMMERCE

CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

IS4680 Security Auditing for Compliance

IS4680 Security Auditing for Compliance

Incident response and intrusion detection

PLANNING A SECURE BASELINE INSTALLATION

Presentation transcript:

1 Prepared By Baderdeen J Alsaba Baderdeen J Alsaba Supervised By Dr. Sana’a Wafa Al-Sayegh University of Palestine College of Information Technology Security System Standards Specification Contact:

2 Agenda  Introduction  Definition  Provide adequate protection  First dimension: the security of information - Plenary Session  Phase I Evaluation:  Phase II Design :  Phase III implementation:  Phase IV Control:  Second dimension : the security of information - building blocks  I- construction unit: regulations  II-Unit construction Education  III - Building security

3 Agenda  Third dimension : the security of information - valuable property  Persons:-  Data:-  Infrastructure for the Information Technology  Equipment:-  Networks :-  Operating Systems :-  Applications:-  References:-

4 Introduction  And the use of the term systems Security and was previously used old methods of the birth of information technology, but found common use, but the actual scope of the activities in the processing and transfer of data by means of computing and communication - specifically the Internet - Occupied the research and studies security systems are in the broad area of development among the various information technology research, and perhaps even becoming one of the concerns felt by the different actors. - As well as the goal of legislative measures in this field, ensure the availability of the following elements for information

5 Definition System security  Is the science that looks at the theories and strategies to provide protection system of the risks and activities that threaten to attack them  In terms of technology, the means and tools and procedures to be provided to ensure the protection of the system of internal and external threats.  From a legal perspective, the purpose of legislation to protect the system from illicit activities and illegal targeting of information and systems (computer crimes and Internet piracy)

6 Provide adequate protection  1 - CONFIDENTIALITY:- secret or reliability Means to make sure that information does not reveal not disclosed by unauthorized people.  2 - INTEGRITY:- To make sure that the true content of the information has not been modified or tampered with in particular.

7 Provide adequate protection  3 - AVAILABILITY:- To ensure the continued operation of information system and the continued ability to interact with the.  4 - Non-repudiation:- It is intended to ensure that deny the person who is related to the disposal of their information or deny that it was he who did this act

8 First dimension: the security of information - Plenary Session Phase I: Evaluation: Each facility must assess the risks that watching them, to learn accurate knowledge of their environment, and has the ability to classify data in terms of sensitivity and importance.  Why protect? (What is the mission property?)  What is? (What are the risks?)  How safeguard? (What are the mechanisms?)

9 Phase II Design  Assuming that the security chain, the chain measured by the most vulnerable of a link. Therefore, the use of the latest networking barriers Firewalls or even intrusion detection systems (Intrusion Detection Systems) (IDS) does not guarantee full security of the business.

10 Phase III : implementation:  After structural choose the appropriate security (in design), you will need to implement technical controls you've selected. Perhaps that controls the barrier on the web or intrusion detection system or server or domain name (DNS).  Buy as much as possible of those techniques is not the solution, and to a series of effort Servers domain name to reduce the risk, and allocate a servant of within your network, and to take the web-based neutral DMZ)) servant to pass mail Relay Server) ) And out of your network

11 Phase IV Control  It is well known that we can not find a secure system by 100%, but we always seek to reduce risk to trade, whether legal or financial risk, professional or reputation. And security risks is the kind of professional to be reduced. Upon the expiration of the implementation of risk reduction plan - including network design and the design of security infrastructure, in addition to the employment of security techniques, it is appropriate for you, you should monitor all these facilities 24 hours a day 365 days a year

12 Second dimension the security of information - building blocks I- construction unit: regulations  The regulations are the heart of any system of information security management (ISMS), it shows clearly what is permitted and not permitted, they found the roles and responsibilities and be clearly determined. The security regulations define accurately forecast its senior management and information security.

13 II-Unit construction Education  According to one professional breakthrough that "social interaction was the easiest way to penetrate the systems." We often do not look beyond the technical barriers and defenses - including network barriers - and forget the importance of those barriers that lie in our minds a "human barriers".

14 III - Building security  That the Department must ensure that investment in information security has borne fruit, and asked the advice of a neutral party to identify the degree of safety in infrastructure. This does not stop at that, but we must integrate security in the security program of the business, so that is an integral part of that program to assess the security mechanisms, and to verify that the infrastructure is in accordance with the regulations and requirements set

15 Third dimension the security of information - valuable property  When it comes to information security, the important question is: What you want to protect?  Persons:- People are most valuable to you. Therefore, to maintain their safety is the first priorities in any business. Different roles of these persons: Some regulations, networks, operators, managers, and employees, and the owners of contracts and trading partners.  Data:- Should always ask yourself this simple question: What I want to AHMIA? The security of data includes everything, it includes documents sent by fax or picked up, and your messages, and mobile data across your network, and business processes, and databases of customers, and so on.

16 Infrastructure for the Information Technology  Equipment: - Must prevent unauthorized persons have access to central servers and storage devices, and even be barred from entering the facilities and buildings task.  Networks :- Moving facilities to join the network environments connected to the shared source and built by employing basic recruitment optimal, but the risk exposure of internal and external is possible.

17 Infrastructure for the Information Technology  Operating Systems :- The systems in urgent need of protection from internal and external threats, whether UNIX systems UNIX)) or Windows (Windows NT/2000/XP/2003). These systems also need to immunization and continued to check on a regular basis.  Applications:- The application is one in which users can deal with your environment technology. These specialized applications in accounting, human resources, logistics, finance and communications are needed to be protected and kept confidential.

18 References:- y/IT%20Sec.doc services/management-systems/Standards-and-Schemes/ISO-IEC

19 Any question? Contact: