UNITED REPUBLIC OF TANZANIA President’s Office-Public Service Management e-Government Agency Information Security Management (ISM) June, 2012 1 © e-Government.

Slides:

Advertisements

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Advertisements

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems.

Agenda COBIT 5 Product Family Information Security COBIT 5 content

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Information Systems Security Officer

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)

Factors to be taken into account when designing ICT Security Policies

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

THE JOINED UP WORLD OF E-RESEARCH Professor Neil McLean National Technical Standards Adviser to the Department of Education Science and Training (DEST)

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

Session 3 – Information Security Policies

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Higher Administration

Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.

Information Security Management. Workshop Agenda Understanding your Information Security EnvironmentUnderstanding your Information Security Environment.

Evolving IT Framework Standards (Compliance and IT)

Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium.

Prepared by: Dinesh Bajracharya Nepal Security and Control.

Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Challenges in Infosecurity Practices at IT Organizations

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.

ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.

©Dr. Respickius Casmir IT Security & Cybercrime IT & Communication Summit 2010 March 8, 2010 By Respickius Casmir, PhD. University of Dar es Salaam Computing.

POLICE OF THE CZECH REPUBLIC NATIONAL DRUG HEADQUARTERS CRIMINAL POLICE AND INVESTIGATION SERVICE Beograd,

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

Module 11: Designing Security for Network Perimeters.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

TMS - Cooperation partner of TÜV SÜD EFFECTIVE SERVICE MANAGEMENT based on ISO/IEC & ISO/IEC

Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.

Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 16.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

MINISTRY OF FINANCE OF THE REPUBLIC OF TAJIKISTAN.

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

Danguolė Morkūnienė Head of Law Division, State Data Protection Inspectorate 16/04/2015 Conference "ID Thefts – Issues, Legal Regulation, International.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

ForrTel: IT Governance Frameworks

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

Primary Steps for Achieving ISO Certification.

CS457 Introduction to Information Security Systems

Cybersecurity - What’s Next? June 2017

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.

Chapter Three Objectives

Business Cointinmuit Framework

Security Engineering.

Module 1: Introduction to Designing Security

LM 8 Data Administration & Database Administration

Cyber security Policy development and implementation

Cybersecurity Threat Assessment

Closing event 16th July 2019 Technical Assistance for Establishing the Institutional Framework for the Implementation of AIS/AES Project funded by the.

Presentation transcript:

UNITED REPUBLIC OF TANZANIA President’s Office-Public Service Management e-Government Agency Information Security Management (ISM) June, © e-Government Agency

Agenda © e-Government Agency 2  Introduction to ISM  Overview of ICT Security Management  Approach  Way Forward

Introduction to Information Security Management The main objective of information security is to protect the interests of those relying on information, and the systems and communications that deliver the information, from harm resulting from failures of availability, confidentiality and integrity The ISM process should be the focal point for all IT security issues, and must ensure that an Information Security Policy is produced, maintained and enforced that covers the use and misuse of all IT systems and services. © e-Government Agency 3

ISM Introduction.. ISM needs to understand the total IT and business security environment, including the: – Business Security Policy and plans – Current business operation and its security requirements – Future business plans and requirements – Legislative requirements – Obligations and responsibilities with regard to security contained within SLAs – The business and IT risks and their management. © e-Government Agency 4

Agenda © e-Government Agency 5  Introduction to ISM  Overview of ICT Security Management  Approach  Way Forward

6 Information security is about protection of ICT assets/resources in terms of Confidentiality Integrity Availability – (information and services) Access Control to Information Involves: Protective/Proactive, Detective, Reactive and/or Recovery Measures An overview of ICT & its security Problem Valuable asset of organizations-Information Operating systems, Application software) set of instructions Software (Operating systems, Application software) set of instructions ICT Holistic View of ICT security Problem

7 continuousprocess whatwhywhat ThreatsVulnerabilitieshow Managing ICT security is a continuous process by which an organisation determines what needs to be protected and why ; what it needs to be protected from (i.e. Threats and Vulnerabilities ); and how (i.e. mechanisms) to protect it for as long as it exists. Virus, worm or denial-of-service attack, Backdoors, salami attacks, spyware, etc.) Malicious software (Virus, worm or denial-of-service attack, Backdoors, salami attacks, spyware, etc.) can be introduced here ! Holistic Approach required Valuable asset of the organizations-Information An overview of ICT security Problem Physical security of the hardware Authorised user abusing his/her privileges e.g. Disgruntled staff

8 An overview of ICT Security Management in the organisations Perception Problem At the strategic level (Absence of ICT Security policy, no defined budget for ICT security, Perceived as technical problem and not business risk) At the operational (perceived to belong to the IT departments and in some cases not coordinated) Absence of designated ICT security personnel/unit.

9 Perception Problem Ad-hoc An overview of ICT Security Management in the organisations -

Agenda © e-Government Agency 10  Introduction to ISM  Overview of ICT Security Management  Approach  Way Forward

11 A Holistic Approach for Managing ICT Security in Organisations Presented in a book: ISBN Nr

12 Each process maps the Holistic View of the security Problem

13 Management team discussing ICT security Problem

Agenda © e-Government Agency 14  Introduction to ISM  Overview of ICT Security Management  Approach  Way Forward

The way Forward - How the Government Reacts Government has purchase ISO Series Toolkit which is the formal standard against which Government may seek certify their ISMS (meaning Government frameworks to design, implement, manage, maintain and enforce information security processes and controls systematically and consistently throughout the MDAs/LGAs) Auditing of the current IT Governance frameworks in all MDAs and LGAs © e-Government Agency 15

ITIL – Framework for Managing IT Security © e-Government Agency 16 Customers – Requirements – Government Needs

Reference ITIL V3 – System Design A Holistic Approach for Managing ICT Security in organizations - Dr. Jabiri Kuwe Bakari © e-Government Agency 17

THE END Thank You For Your Attention 18 © e-Government Agency President’s Office, Public Service Management e-Government Agency / Wakala wa Serikali Mtandao Samora, Avenue, ExTelecoms House, 2nd Floor, P.O Box 4273, Dar es Salaam Telephone: /74 Fax: General CEO Website: