Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT-Secrurity Cookbook Enter your login: Enter your password:

Published byVivian Charles Modified over 9 years ago

Similar presentations

Presentation on theme: "IT-Secrurity Cookbook Enter your login: Enter your password:"— Presentation transcript:

1 IT-Secrurity Cookbook Enter your login: Enter your password:

2 What is IT-Securiry Protection of information, systems and services Against disasters, mistakes and manipulation So that likelihood and impact of security incidents is minimised

3 IT-Security consists of Confidentiality Sensitive business objects Disclosed ONLY to authorised persons Integrity Control modification of objects Ensure that objects are accurate and complete Availability Ensure reliability of services Legal Compliance Legislation of relevant countries

4 IT-Security - Exercise Confidentiality Integrity Availability Legal Compliance Two persons – discuss and present eksamples of the different types of security concepts listed above.

5 The Network is the Computer Common causes of damage: Human error52% Fire15% Water10% Dishonest people10% Technical Sabotage10% Terrorism3%

6 The Network is the Computer Who Causes damage? Current employees81% Outsiders13% Former employees6%

7 The Network is the Computer Types of computer crime Money Theft44% Damage to software16% Theft of information16% Alteration af data12% Theft og services10% Trespass2%

8 How to improve security Knowing what need to be protected Recognising the threats Judging possible impacts Calculating the risks Counter measures Develop startegy to reduce risks

9 Important to observe When improving security remember: Keep it simple Keep it coherent (logical links) Keep to standards Your improvements should be able to function in a crisis situation, where people have no time to think deeply!

10 Bottom-UP approach If you know WHAT to protect from WHOM and to WHAT DEGREE: Create an attack situation (i.e. as if you were the attacker) Summarize weaknesses Judge the impacts Create counter measures

11 Top-Down Approach Start analysing – creating an overview: Define security objectives and analyse threats Make an impact analysis Calculate risk Analyse constraints (from environment) Decide on counter strategy Implement

12 Calculations! Calculate the risk: Risk = impact * likelihood Risk = impact + likelihood + threats

13 Risk planning Description of the risk Costs/ impacts 1(Low) – 5(High) Possibility 1(Low) – 5(High) ImpactsIndica- tors Mitigra-tion strategy Contin- gencyplan Tot- al prio rity Virus and worms 43System stop Slow systems Malfunctio ns System log entries Slow systems Virus protec-tion program- mes Firewall Safe backup Re- installation plan 12 Minor natural disasters 51Damage to HW and SW Rain Storm Remote Backup Re- installation plan 5

14 Security Isues - Exercise Give some examples of security isues based on your project organisation. Use the scheme from the previus slide.

15 Security Organization Roles and responsibilities: Executives: security strategy IT-Security Manager: guidelines, risk analysis Line Managers: awareness of policies Users: responsible for their actions Auditor: independent person

16 Security Processes Security hotline Change management System monitoring Intruder detection (”uninvited” guests) Data backup and recovery Systems audits

17 Crisis Management ”Firecall”: Who is on ”firecall” If ”firecall” can´t solve it: Who is ”emergency standby” Crisis management: Who will be in charge of crisis management on the spot (decide in beforehand on a chain of command) Keep a list of crisis staff off-line!

18 Information Classification Availability classification Classify as to: Maximum allowed server downtime per event Expected availability percentage Sensitivity classification Decide on a concept Decide on who is to declare sensitivity

19 Sensitivity Classification Concept Concept: All data has an owner The owner must classify the information The owner is responsible for the information All documents should be classified Classification: Public / non classified information Internal information Confidential information Secret information

20 Requirements on systems System model i layers: Physical: Buildings, hardware Users and organization Application Network and communication Database or transaction monitor Operating system

21 Requirements to each class Public / non classified data A virus scanner, screen locking, only authorised persons allowed access Internal data Security design philosophy Systems architecture Confidential data Trusted facility manual Secure data transmission Secret data Process isolation, security testing and testing Mandatory access control

Download ppt "IT-Secrurity Cookbook Enter your login: Enter your password:"

Similar presentations

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Security Controls – What Works

Security Controls – What Works
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.

Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
Information Security OECD, April 2001 International Computing Centre Managing Information Security Ed Gelbstein, International Computing Centre, Geneva.

Information Security OECD, April 2001 International Computing Centre Managing Information Security Ed Gelbstein, International Computing Centre, Geneva.

Similar presentations

Ads by Google