Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNITED REPUBLIC OF TANZANIA President’s Office-Public Service Management e-Government Agency Information Security Management (ISM) June, 2012 1 © e-Government.

Published byNigel Lawson Modified over 9 years ago

Similar presentations

Presentation on theme: "UNITED REPUBLIC OF TANZANIA President’s Office-Public Service Management e-Government Agency Information Security Management (ISM) June, 2012 1 © e-Government."— Presentation transcript:

1 UNITED REPUBLIC OF TANZANIA President’s Office-Public Service Management e-Government Agency Information Security Management (ISM) June, 2012 1 © e-Government Agency

2 Agenda © e-Government Agency 2  Introduction to ISM  Overview of ICT Security Management  Approach  Way Forward

3 Introduction to Information Security Management The main objective of information security is to protect the interests of those relying on information, and the systems and communications that deliver the information, from harm resulting from failures of availability, confidentiality and integrity The ISM process should be the focal point for all IT security issues, and must ensure that an Information Security Policy is produced, maintained and enforced that covers the use and misuse of all IT systems and services. © e-Government Agency 3

4 ISM Introduction.. ISM needs to understand the total IT and business security environment, including the: – Business Security Policy and plans – Current business operation and its security requirements – Future business plans and requirements – Legislative requirements – Obligations and responsibilities with regard to security contained within SLAs – The business and IT risks and their management. © e-Government Agency 4

5 Agenda © e-Government Agency 5  Introduction to ISM  Overview of ICT Security Management  Approach  Way Forward

6 6 Information security is about protection of ICT assets/resources in terms of Confidentiality Integrity Availability – (information and services) Access Control to Information Involves: Protective/Proactive, Detective, Reactive and/or Recovery Measures An overview of ICT & its security Problem Valuable asset of organizations-Information Operating systems, Application software) set of instructions Software (Operating systems, Application software) set of instructions ICT Holistic View of ICT security Problem

7 7 continuousprocess whatwhywhat ThreatsVulnerabilitieshow Managing ICT security is a continuous process by which an organisation determines what needs to be protected and why ; what it needs to be protected from (i.e. Threats and Vulnerabilities ); and how (i.e. mechanisms) to protect it for as long as it exists. Virus, worm or denial-of-service attack, Backdoors, salami attacks, spyware, etc.) Malicious software (Virus, worm or denial-of-service attack, Backdoors, salami attacks, spyware, etc.) can be introduced here ! Holistic Approach required Valuable asset of the organizations-Information An overview of ICT security Problem Physical security of the hardware Authorised user abusing his/her privileges e.g. Disgruntled staff

8 8 An overview of ICT Security Management in the organisations Perception Problem At the strategic level (Absence of ICT Security policy, no defined budget for ICT security, Perceived as technical problem and not business risk) At the operational (perceived to belong to the IT departments and in some cases not coordinated) Absence of designated ICT security personnel/unit.

9 9 Perception Problem Ad-hoc An overview of ICT Security Management in the organisations -

10 Agenda © e-Government Agency 10  Introduction to ISM  Overview of ICT Security Management  Approach  Way Forward

11 11 A Holistic Approach for Managing ICT Security in Organisations Presented in a book: ISBN Nr 91-7155-383-8

12 12 Each process maps the Holistic View of the security Problem

13 13 Management team discussing ICT security Problem

14 Agenda © e-Government Agency 14  Introduction to ISM  Overview of ICT Security Management  Approach  Way Forward

15 The way Forward - How the Government Reacts Government has purchase ISO 27000 Series Toolkit which is the formal standard against which Government may seek certify their ISMS (meaning Government frameworks to design, implement, manage, maintain and enforce information security processes and controls systematically and consistently throughout the MDAs/LGAs) Auditing of the current IT Governance frameworks in all MDAs and LGAs © e-Government Agency 15

16 ITIL – Framework for Managing IT Security © e-Government Agency 16 Customers – Requirements – Government Needs

17 Reference ITIL V3 – System Design A Holistic Approach for Managing ICT Security in organizations - Dr. Jabiri Kuwe Bakari © e-Government Agency 17

18 THE END Thank You For Your Attention 18 © e-Government Agency President’s Office, Public Service Management e-Government Agency / Wakala wa Serikali Mtandao Samora, Avenue, ExTelecoms House, 2nd Floor, P.O Box 4273, Dar es Salaam Telephone: +255222129868/74 Fax: +255222129878 General eMail: info@ega.go.tz CEO eMail: ceo@ega.go.tz Website: http://www.ega.co.tz

Download ppt "UNITED REPUBLIC OF TANZANIA President’s Office-Public Service Management e-Government Agency Information Security Management (ISM) June, 2012 1 © e-Government."

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems.

Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Systems Security Officer

Information Systems Security Officer
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
THE JOINED UP WORLD OF E-RESEARCH Professor Neil McLean National Technical Standards Adviser to the Department of Education Science and Training (DEST)

THE JOINED UP WORLD OF E-RESEARCH Professor Neil McLean National Technical Standards Adviser to the Department of Education Science and Training (DEST)
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
Higher Administration

Higher Administration
Consultancy.

Consultancy.
Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.

Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.
Information Security Management. Workshop Agenda Understanding your Information Security EnvironmentUnderstanding your Information Security Environment.

Information Security Management. Workshop Agenda Understanding your Information Security EnvironmentUnderstanding your Information Security Environment.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)

Similar presentations

Ads by Google