©Dr. Respickius Casmir IT Security & Cybercrime IT & Communication Summit 2010 March 8, 2010 By Respickius Casmir, PhD. University of Dar es Salaam Computing.

Slides:



Advertisements
Similar presentations
4 Information Security.
Advertisements

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Risk Management Vs Risk avoidance William Gillette.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.
Introduction to Network Defense
Your technology solution partner.™ Security Enterprise Protection Gener C. Tongco Product Manager CT Link Systems Inc.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Copyright CryptoTec AG Communication in stealth mode.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Information Security Management BS 7799 now ISO 17799:2000 Paul M Kane nic.AC wwTLD Meeting Argentina April 2005.
Mike Hager Enterprise Security Advisor Unisys Corporation It’s All About The Data.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
Marketing of Information Security Products. The business case for Information Security Management.
Evolving IT Framework Standards (Compliance and IT)
What does “secure” mean? Protecting Valuables
IT Infrastructure for Business
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
NSF and IT Security George O. Strawn NSF CIO. Outline Confessions of a CIO Otoh NSF matters IT security progress at NSF IT security progress in the Community.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Information Warfare Playgrounds to Battlegrounds.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
I MPLEMENTING IT S ECURITY FOR S MALL AND M EDIUM E NTERPRISES Short Presentation by Subhash Uppalapati. - Edgar R. Weippl and Markus Klemen.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
The University of Georgia. /1002 Ensure that the University is appropriately managing risk to information assets and information services.
©Dr. Respickius Casmir IT Security In a Nutshell – Session 1 By Dr. Respickius Casmir.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
ICC Module 3 Lesson 5 – IT Security 1 / 4 © 2015 Ph. Janson Information, Computing & Communication Security – Clip 0 – Introduction School of Computer.
CSCE 548 Secure Software Development Security Operations.
Information Warfare Playgrounds to Battlegrounds.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management.
©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.
UNITED REPUBLIC OF TANZANIA President’s Office-Public Service Management e-Government Agency Information Security Management (ISM) June, © e-Government.
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Computer Security By Duncan Hall.
Introduction to Computer Security
UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,
BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Welcome to the ICT Department Unit 3_5 Security Policies.
ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.
CS457 Introduction to Information Security Systems
Securing Information Systems
Current ‘Hot Topics’ in Information Security Governance Auditing
CHAPTER 4 Information Security.
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
ISMS Information Security Management System
Securing the Threats of Tomorrow, Today.
INFORMATION SYSTEMS SECURITY and CONTROL
Cybersecurity Threat Assessment
3 Do you monitor for unauthorized intrusion activity?
3 Do you monitor for unauthorized intrusion activity?
Presentation transcript:

©Dr. Respickius Casmir IT Security & Cybercrime IT & Communication Summit 2010 March 8, 2010 By Respickius Casmir, PhD. University of Dar es Salaam Computing Centre (UCC)

©Dr. Respickius Casmir Outline Introduction A Conceptual IT System IT Security in a Nutshell IT Security Risks, Threats and Vulnerabilities Why Worry about IT Security and Cybercrime Conclusion and the Way Forward

©Dr. Respickius Casmir Introduction Every progressive organization is governed by a Corporate Strategy. IT Governance is part and parcel of Corporate Strategy. IT Security is an integral part of IT Governance. Therefore, Corporate Strategy, IT Governance, and IT Security are inseparable elements. Cybercrime is a form of crime where the Internet or computers are used as a medium to commit crime.

©Dr. Respickius Casmir A Conceptual IT System Macro View of a Conceptual IT System

©Dr. Respickius Casmir A Conceptual IT System (2) Generalised Model of an IT System

©Dr. Respickius Casmir A Conceptual IT System (3) Technology as part of an IT System

©Dr. Respickius Casmir A Conceptual IT System (4) A non exhaustive List of Data and Information

©Dr. Respickius Casmir A Conceptual IT System (5) People as Part of the IT System

©Dr. Respickius Casmir A Conceptual IT System (5) People include: 1. Insiders (i.e. staff, temporary staff, consultants) 2. Outsiders with access to the inside (i.e. partners, suppliers, customers) 3. Outsiders with some knowledge about the inside (i.e. ex- staff, ex-consultants) 4. Outsiders with certain motivation to launch attacks against your organisation (competitors, hackers, industrial espionages, other attackers)

©Dr. Respickius Casmir IT Security in a Nutshell IT security is all about controlling access to information assets to ensure: Confidentiality – ensuring that information is accessible only to those authorized to have access to it. Integrity – safeguarding the accuracy and completeness of information and processing methods. Availability – ensuring that authorized users have access to information and associated assets when required.

©Dr. Respickius Casmir Security Goals Integrity Confidentiality Availability

©Dr. Respickius Casmir Security Attacks

©Dr. Respickius Casmir Security Attacks Interruption: This is an attack on availability Interception: This is an attack on confidentiality Modification: This is an attack on integrity Fabrication: This is an attack on authenticity

©Dr. Respickius Casmir Security Risks, Threats & Vulnerability

©Dr. Respickius Casmir Budgeting for security precautions Remember the old saying, “Do not place all of your eggs in one basket”?. This wisdom definitely applies to budgeting for your IT security. Do not spend all of your budget on one mode of protection. For example, it does little good to invest $15,000 in fire-walling technology if someone can simply walk through the front door and walk away with your corporate server.

©Dr. Respickius Casmir Budgeting for security precautions (2) The bottom line is to be creative. The further you can stretch your security budget, the more precautions you can take. Security is a proactive expenditure, meaning that we invest money in security precautions to avoid spending additional money later playing for recovery from a network disaster. The more precautions that can be taken, the less likely disaster is to strike.

©Dr. Respickius Casmir IT Security Challenges IT security challenges include: Increased global exposure of Information Assets via the Internet. Ubiquitous security threats and vulnerabilities Increased dependence on IT Systems without proper strategies to deal with security issues Inadequacy of IT security awareness programs for end users Lack of National level/Institutional Strategy for handling IT Security and Cybercrime issues.

©Dr. Respickius Casmir Conclusion and the Way Forward We need to have a national/institutional strategy for handling IT security and cybercrime issues. Such a strategy should include security training and awareness programmes to ensure that all users of IT systems have the basics of security. Adopt International IT security Best Practices such as ISO/IEC family of standards, is an Information Security Management System (ISMS), and Adopt and customize BS :2005 to come up with our own TZ 7799 standard for Information security management systems that is tailored to our own business context.

©Dr. Respickius Casmir Conclusion and the Way Forward It is imperative to note that a well-trained, well-informed workforce is one of the most powerful weapons in an information security manager’s arsenal.

©Dr. Respickius Casmir Thank You! Respickius Casmir, PhD.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.