Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Slides:



Advertisements
Similar presentations
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Advertisements

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Securing Information Systems
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Defining Security Issues
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
BUSINESS B1 Information Security.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Chapter 6 of the Executive Guide manual Technology.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Information Systems Security Operational Control for Information Security.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Information Systems Security Operations Security Domain #9.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Law College 1 Techno-Legal Security For Information Assets Naavi August 29, 2003.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Working with HIT Systems
Chapter 2 Securing Network Server and User Workstations.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Introduction to Information Security
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
NETWORK INFRASTRUCTURE SECURITY Domain 5. Computer Security “in short, the average computer is about as secure as a wet paper bag, and it is one of the.
Chap1: Is there a Security Problem in Computing?.
1 © 2007 Chapter 10 Information Technology and Systems Infrastructure Assessment.
Communications and Networks Chapter 9 9-1Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
Welcome to the ICT Department Unit 3_5 Security Policies.
UNIT V Security Management of Information Technology.
Information Security Management Goes Global
Information Systems Security
Components of information systems
Secure Software Confidentiality Integrity Data Security Authentication
Current ‘Hot Topics’ in Information Security Governance Auditing
INFORMATION SYSTEMS SECURITY and CONTROL
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing

Environment for Information Security n Close relationships with suppliers and customers n Portable computers n Internet connections

Role of Information Security n Ensure availability of valid information when users need it to run the business n Protect confidentiality of sensitive corporate information n Protect the privacy of users

Role of Information Security n Protect information assets from unauthorized modification n Ensure ability to continue operation in event of a disaster

What Needs to be Protected? n Not all information has same value or importance n Classify the sensitivity of both information and applications

What Needs to be Protected? n Estimate costs to the business if an application were unavailable for one, two days or longer n Estimate damage if competitor gains access or information becomes corrupted

Reappraisal Issues n What are the threats and risks? n Who or what is the enemy? n What are the targets? n Who “owns” the targets?

Reappraisal Issues n How vulnerable are the targets? n How much loss can the company bear? n Which assets are not worth protecting?

Technologies for Security n Expert systems and neural networks – recognizing patterns of behavior – configuring human interface to suit individual users and their permitted accesses

Technologies for Security n Expert systems and neural networks – detection of intrusion through sensors – reconfiguring networks and systems to maintain availability and circumvent failed components

Technologies for Security n Smart cards – contain own software and data – recognize signatures, voices – store personal identification information – may use cryptographic keys n Personal communications numbers

Technologies for Security n Voice recognition n Wireless tokens n Prohibited passwords lists n Third party authentication

Threats to Security n Document imaging systems – reading and storing images of paper documents – character recognition of texts for abstracting and indexing – retrieval of stored documents by index entry

Threats to Security n Document imaging systems (cont’d.) – manipulation of stored images – appending notes to stored images through text, voice – workflow management tools to program the distribution of documents

Threats to Security n Massively parallel mini-supercomputers – used for signal processing, image recognition, large- scale computation, neural networks – can be connected to workstations, file servers, local area networks – good platform for cracking encryption codes

Threats to Security n Neural networks – can “learn” how to penetrate a network or computer system n Wireless local area networks – use radio frequencies or infrared transmission – subject to signal interruption or message capture

Threats to Security n Wide area network radio communications – direct connectivity no longer needed to connect to a network – uses satellite transmission or radio/telephone technology, wireless modems

Threats to Security n Videoconferencing – open telephone lines can be tapped n Embedded systems – computers embedded in mechanical devices – potential to endanger customers – potential to access host computers

Threats to Security n Smart cards – can be lost or damaged n Notebooks and palmtop computers – subject to loss or theft – wireless modems

Defensive Measures n Frequent backups and storage of backups in secure areas n Highly restricted access to workflow management programs

Defensive Measures n Password controls and user profiles n Unannounced audits of high-value documents n Restricted access at the document level

What Security Services Are Required? n Policy and procedure development n Employee training, motivation, and awareness n Secure facilities and architectures

What Security Services Are Required? n Security for applications n Ongoing operational administration and control n Procedural advisory services n Technical advisory services

What Security Services Are Required? n Emergency response support n Compliance monitoring n Public relations

Disaster Recovery Needs Assessment n Who should be involved? – computer and network operations staff – information security specialist – systems analysts for mission-critical operations – end users – external consultants

Disaster Recovery Needs Assessment n Assessing the disaster plan – what kinds of disasters are anticipated? – which applications are mission-critical? – which computer/communications architectures are covered? – when was the plan last updated?

Disaster Recovery Needs Assessment n Assessing the disaster plan – what is the annual cost for maintaining and operating the recovery strategy? – what strategies are used? – how often is the plan tested? – would failure of mission-critical applications incur liability to other firms?

Disaster Recovery Models n “Cold site” backup agreement with another firm specializing in backup services n “Hot site” backup through building or leasing another facility with excess capacity n Distributed processing backup n Replacement

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.