Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity classification and protection of information

Published byJoaquín Barbero García Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity classification and protection of information"— Presentation transcript:

1 Cybersecurity classification and protection of information
Lic. Claudio Jorge Tana Gerente de Consultoría NeoSecure S.A. LA LA25999 – CISM - CBCP May 2016

2 Index Cyber Security and Information Protection Reasons for Identification and Classification Main concepts Goals Implementation Summary

3 CyberSecurity Protecting information assets, through treatment of threats that exposed risk the information is processed, stored and transported by information systems that are interconnected. ISACA (Information Systems Audit and Control Association) Monterrey Chapter

4 Differences Between Cybersecurity and Information Security
Seeks to protect information that may affect risk in its different forms and states. Focus on information in digital format and interconnected systems that process, store or transmit. Methodologies, standards, techniques, tools, organizational structures, technology and other elements that support the idea of protection in the various facets of information. Approach with Security. It involves the implementation and management of appropriate security measures, through a holistic approach. Threats and vulnerabilities in cyberspace. Information threats and infrastructure threats. Information Classification. Cybersecurity Information Sharing Classification System.

5 Reasons for classifying information in digital format
Companies need to protect their information today more than ever. The need is obvious but solutions are not. Management must ensure company information is protected. Mobile Technology Cloud Computing Distinguishing Information Classification and Cybersecurity Information Sharing Classification System.

6 Principal Objectives Understand what an effective information classification system should accomplish. Be easy to understand, use and maintain. Focus only on confidentiality. Specially in “Private” and “Confidential” Information. Protecting it from inappropriate access. Apply “least privilege” / “need to know” concepts. Strategy for Information Sharing and Safeguarding.

7 Successful implementation
Identify all information sources and media that need to be protected. Identify information protection measures Authentication Role based Access Encryption Administrative controls Technology control Assurance Map information protection measures to information classes. Classify information. Repeat as needed.

8 Iterative and an on-going process.
Summary Iterative and an on-going process. Information security policy (updated). Standards and procedures (updated). Updated on new technologies. Security awareness. If this sounds like too much work, consider… Without data classification, all decisions about information protection are being made by the discretion and judgement of security, system, and database administrators only

9 Presencia Local en: Argentina Chile Colombia Perú Argentina Carlos Pellegrini 1265 – 6to Piso Teléfono:

Download ppt "Cybersecurity classification and protection of information"

Similar presentations

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Policies and Standards

Information Security Policies and Standards
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risk Management Vs Risk avoidance William Gillette.

Risk Management Vs Risk avoidance William Gillette.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2.

Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Architecture

Security Architecture
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.

Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
Chapter 6 of the Executive Guide manual Technology.

Chapter 6 of the Executive Guide manual Technology.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Similar presentations

Ads by Google