Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Information Security Management Working in Iraq Bill Casti, CQA, SSCP, CISM, CISA, CITP, ITIL Foundations ASQ Section 0511 Northern Virginia 20 June.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Information Security Management Working in Iraq Bill Casti, CQA, SSCP, CISM, CISA, CITP, ITIL Foundations ASQ Section 0511 Northern Virginia 20 June."— Presentation transcript:

1 1 Information Security Management Working in Iraq Bill Casti, CQA, SSCP, CISM, CISA, CITP, ITIL Foundations ASQ Section 0511 Northern Virginia 20 June 2007

2 2 Introduction Position: Senior Advisor, IT Information Security Management, eGovernment Services, Economic Governance II Project What are all those letters? CQA = ASQ Certified Quality Auditor SSCP = ISACA Systems Security Certified Practitioner CISA = ISC 2 Certified Information Systems Auditor CISM = ISC 2 Certified Information Security Manager CITP = British Computer Society Chartered IT Professional ITIL Foundations = passed IT Infrastructure Library Foundations exam

3 3 Quality Management in Iraq Short answer: There isn’t any. Longer answer: In order to build effective, consistent, repeatable, documented quality management, you need a stable infrastructure, and that’s not there in Iraq as a whole. Quality Management for this presentation: This slide show has been quality-managed by me, but I can’t tell you much about quality management in the Government of Iraq…there’s no formal or informal system for that. Someday maybe, but not today. Day2Day working environment in Iraq for regular workers: Their big issue is getting to and from work alive. QMS kind of takes a backseat to that.

4 4 Project is USAID-funded Project was just picked up for both of its one-year extension options, runs thru September 2009 Project designed to help restore and rebuild economic governance for the Government of iraq Project parameters include: Fiscal, Tax and Customs Reform; Monetary policy and Central Bank; Financial Reform; Commercial Law and Institutional Reform; Utilities/Regulatory Reform and Government-wide IT; Social Service and Pension Reform; General policy Implementation and Special Projects Econ Gov II Project

5 5 Providing technical assistance to the Iraqi government in order to help them establish for their information requirements the legislation, processes, procedures, and technical requirements required to economically manage the resources, collection, storage, and sharing of information with the goal to provide: Transparency of Government Increased access to Government Decrease in discrimination Increase in commerce Increase in foreign investment Reduction in the cost of government Increased efficiency of government Increased security Private Sector participation My TOR (Terms of Reference)

6 6 TOR (cont.) Tasks Provide assistance to the National CIO Office: 1. Establish Government-wide information security standards that comply with international best practice 2. Establish a plan for implementing IT security standards across all Government Ministries 3. Build capacity and understanding of security standards

7 7 Expected Deliverables In conjunction with team members and the National CIO office develop Government wide IT security standards In conjunction with team members and the National CIO office develop a comprehensive IT security management capacity building program that covers o Security policy o Disaster recovery planning o Risk management o Securing the network o Intrusion detection, hacking o Computer forensics o Implementing PKI Develop and conduct the following training seminars: o Disaster recovery planning o Securing the network o Risk management

8 8 Some Threats to Information Employees : who can you trust? Unstable infrastructure Information transmission risks, both natural and man- made Verbal communications Printed documents Facility security Back-up sites

9 9 Information Security Management The ISO 17799 Way Safeguarding the confidentiality, integrity, and availability of written, spoken and computer information.

10 10 What is Information Security? BS ISO/IEC 17799:2005 defines this as: Confidentiality : ensuring that information is accessible only to those authorized to have access Integrity : safeguarding the accuracy and completeness of information and processing methods Availability : ensuring that authorized users have access to information and associated assets when required

11 11 Security for Advisors Private security service is employed full- time to take advisors to/from venues in the Red Zone To Venues: All Advisors wear body armor during any travel outside the IZ, covered with a dark-colored sweatshirt or casual shirt Lead car is Level 4 armored, low-profile BMW or Mercedes that fits into the milieu of typical cars you see on the street; no big Chevy Suburbans or Ford Excursions with lots of flashing lights and military escorts; two armed guards in front, maximum of two advisors in back Trailing car is soft-side Nissan Altima or similar low profile car with two armed guards.

12 12 Corporate Camp Living

13 13 Camp Living (cont.)

14 14 Camp Living (cont.)

15 15 Camp Living (cont.)

16 16 Camp Living (cont.)

17 17 Camp Living (cont.)

18 18 Camp Living (cont.)

19 19 Camp Living (cont.)

20 20 Thanksgiving 2006

21 21 Thanksgiving 2005

22 22 Traveling to/from the Airport

23 23 Science & Technology Counterparts Sundus MousaDr. Mahmood Sharief Director-General ITD

24 24 Red Zone Pics

25 25 Red Zone Pics

26 26 Red Zone Pics

27 27 Travel to/from BIAP

28 28 Baghdad international Airport

29 29 BIAP

30 30 Note ‘The relevance of any control should be determined in the light of the specific risks an organization is facing. Selection of controls should be based on a risk assessment.’ BS ISO/IEC 17799:2005

31 31 Controls for Best Practice An Information Security Management Plan Documented Roles and Responsibilities Ongoing Information Security Education and Training Ongoing Risk Assessments and Management of Risk Reporting of Information Security Incidents and Events Documented Disaster Recovery and Continuity of Business Operations Plans Leveraging existing or off-the-shelf controls as needed to reduce labor and financial costs and to preclude “reinventing the wheel”

32 32 Customer and Other Contractual Requirement Considerations Security Screening Restricted Access Physical perimeters Data storage Encryption Digital signatures Biometrics

33 33 Questions?

34 34 Contact Information Bill Casti, CQA, SSCP, CISM, CISA, CITP, ITIL Foundations eGovernment Services IT Advisor, eGovernment Services Iraq Economic Governance II Project BearingPoint +964 (0) 790.191.9612 Iraqna Mobile +1.703.879.5635 Skype VoIP Email: bill.casti@bearingpoint.com

Download ppt "1 Information Security Management Working in Iraq Bill Casti, CQA, SSCP, CISM, CISA, CITP, ITIL Foundations ASQ Section 0511 Northern Virginia 20 June."

Similar presentations

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Security and Personnel

Security and Personnel
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.
© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
ITIL A Team GALIP Presentation A. Silverman, N. Elovitz, L. Johnson, M. Saxena, W. Zhao.

ITIL A Team GALIP Presentation A. Silverman, N. Elovitz, L. Johnson, M. Saxena, W. Zhao.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
European Investment Bank Group

European Investment Bank Group
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
11 ►2009 - Led a multi-national team from Nigeria, Kenya, Uganda & South Africa in a co-sourcing Network Security assessment for MTN Nigeria. Reviewed.

11 ► Led a multi-national team from Nigeria, Kenya, Uganda & South Africa in a co-sourcing Network Security assessment for MTN Nigeria. Reviewed.
Chapter 3: Information Security Framework

Chapter 3: Information Security Framework

Similar presentations

Ads by Google