SlideShare una empresa de Scribd logo

Introduction to InfoSec Management

Descargar como PPT, PDF
Y
yuliana_mar

Information Security Management. Introduction. By Yuliana Martirosyan, Based on Bell G. Reggard, Information Security Management. Concepts and Practices.

Tecnología
1 de 16
Information Security Management Introduction By Yuliana Martirosyan Based on Bell G. Reggard, (2010) Information Security Management. Concepts and Practices.
Introduction People Network Activities TechnologyData Information Security Management Introduction to Information Security Management
• Introduction • Layers of personnel around an information resources Operator -System- Security Staff Security Administrator System Owner Information Security Management Introduction to Information Security Management
Information Security Management • Why Information Security Matters? • Information drives enterprise business value generation. • Information is the basis of competitive advantage. • Assets are very independent. To protect one asset the whole computing environment should be protected. Introduction to Information Security Management
Information Security Management Information Sensitivity Classification Information sensitivity taxonomy Introduction to Information Security Management Information Sensitivity Public Information Confidential Information Internal Use Proprietary Information Highly Confidential Top Secret
Information Security Management Information Security Governance Corporate governance has to do with how the board of directors and executive management run and control a company IT governance is how technology is used and managed so that it supports business needs. Information security governance is a coherent system of integrated security components • products • personnel • training • processes • policies ... that exist to ensure that the organization survives and hopefully thrives. Introduction to Information Security Management
The Computing Environment Security of an information system Information System Security People security Technology Security Network Security Security of IS Activities Data Security Information Security Management Introduction to Information Security Management
Security of Various Components in the Computer Environments Protecting organization, information system , or any computing environment means following: • Personal security to protect people • Qualification assurance • Specifications of the job • Security clearance • Screening Assurance • Authorizing of process • Security Training • Nondisclosure Agreement Information Security Management Introduction to Information Security Management
Security of an information system 1. Introduction to Information Security Management CIA Triad CIA Triad Confidentiality Integrity Availability
CIA triad suffers from at least 2 drawbacks: Security Star Model Confidentiality Availability Non-Repudiation Integrity Authentication 1. Introduction to Information Security Management The Security Star
Parker’s View of Information Security Parker’s View of Information Security • CIA Triad • Authenticity • Possession Envelope • Utility Possession defines ownership or control of information Authenticity aims at ensuring that the origin of the transmission is correct and that the authorship of the transmitted documents is valid Utility emphasized the usefulness of the information in possession Information Security Management Introduction to Information Security Management
What is Information Security Management 1. Identify computing environment, define its critically, prioritize its contribution to the organization’s business-value-generation capabilities; 2. Identify all security risks, assess them, mitigate them by devising a comprehensive risk- driven security program; 3. Provide continual improvement of the organization’s risk position. Information Security Management Introduction to Information Security Management
Security Controls Managerial Controls: • Risk Assessment • Planning • System and Service acquisition • Certification, accreditation and security assessment Technical Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management Information Security Management Introduction to Information Security Management
Security Controls Operational Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management • Maintenance • System and Information Integrity • Media Protection • Incident Response • Awareness and Training Information Security Management Introduction to Information Security Management
The NSA Triad for Security Assessment Assessment - Security Planning for 3 years Not technical, often qualitative Doesn’t involve any testing Collaborative, often shared by users, managers, and owner Evaluation - How to use technology to support information security Technical but not invasive Passive testing required for self study Collaborative to some extends Involves diagnostic tools Involves internal audit Information Security Management Introduction to Information Security Management
The NSA Triad for Security Assessment Penetration Testing Non-collaborative Technical in nature Invasive in nature Involves external audit Active penetration tests Risk to compromise the target system exists but has to be avoided Active assessment expertise is required Information Security Management Introduction to Information Security Management

Recomendados

Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security Sammer Qader
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Information security
Information securityInformation security
Information securitylinalona515
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organizationTejas Wasule
 

Recomendados

Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security Sammer Qader
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Information security
Information securityInformation security
Information securitylinalona515
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organizationTejas Wasule
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Security Awareness & Training
Security Awareness & TrainingSecurity Awareness & Training
Security Awareness & Trainingnovemberchild
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxChandanChandu928137
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptxKiranKumar24546
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Sécurité des Systèmes d'Information et de l'Information
Sécurité des Systèmes d'Information et de l'InformationSécurité des Systèmes d'Information et de l'Information
Sécurité des Systèmes d'Information et de l'InformationShema Labidi
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Physical Security
Physical SecurityPhysical Security
Physical SecurityKriscila Yumul
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copyyuliana_mar
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligenceguest08b1e6
 

Más contenido relacionado

La actualidad más candente

Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Security Awareness & Training
Security Awareness & TrainingSecurity Awareness & Training
Security Awareness & Trainingnovemberchild
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Sécurité des Systèmes d'Information et de l'Information
Sécurité des Systèmes d'Information et de l'InformationSécurité des Systèmes d'Information et de l'Information
Sécurité des Systèmes d'Information et de l'InformationShema Labidi
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 

La actualidad más candente (20)

Information risk management
Information risk managementInformation risk management
Information risk management
 
Information security
Information securityInformation security
Information security
 
Security Awareness & Training
Security Awareness & TrainingSecurity Awareness & Training
Security Awareness & Training
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
8. operations security
8. operations security8. operations security
8. operations security
 
Sécurité des Systèmes d'Information et de l'Information
Sécurité des Systèmes d'Information et de l'InformationSécurité des Systèmes d'Information et de l'Information
Sécurité des Systèmes d'Information et de l'Information
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Physical Security
Physical SecurityPhysical Security
Physical Security
 

Destacado

Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copyyuliana_mar
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligenceguest08b1e6
 
Understanding Information Security
Understanding Information SecurityUnderstanding Information Security
Understanding Information SecuritySanjaya K Saxena
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Conceptsprimeteacher32
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systemsprimeteacher32
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 

Destacado (6)

Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
Understanding Information Security
Understanding Information SecurityUnderstanding Information Security
Understanding Information Security
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systems
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 

Similar a Introduction to InfoSec Management

Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfssuserf98dd4
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdfsdfghj21
 
Information awareness program
Information awareness programInformation awareness program
Information awareness programkhattar31
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 

Similar a Introduction to InfoSec Management (20)

Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
 
Information security
Information securityInformation security
Information security
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
Information Security
Information Security Information Security
Information Security
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptx
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
Information awareness program
Information awareness programInformation awareness program
Information awareness program
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Último (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Introduction to InfoSec Management

  • 1. Information Security Management Introduction By Yuliana Martirosyan Based on Bell G. Reggard, (2010) Information Security Management. Concepts and Practices.
  • 3. • Introduction • Layers of personnel around an information resources Operator -System- Security Staff Security Administrator System Owner Information Security Management Introduction to Information Security Management
  • 4. Information Security Management • Why Information Security Matters? • Information drives enterprise business value generation. • Information is the basis of competitive advantage. • Assets are very independent. To protect one asset the whole computing environment should be protected. Introduction to Information Security Management
  • 5. Information Security Management Information Sensitivity Classification Information sensitivity taxonomy Introduction to Information Security Management Information Sensitivity Public Information Confidential Information Internal Use Proprietary Information Highly Confidential Top Secret
  • 6. Information Security Management Information Security Governance Corporate governance has to do with how the board of directors and executive management run and control a company IT governance is how technology is used and managed so that it supports business needs. Information security governance is a coherent system of integrated security components • products • personnel • training • processes • policies ... that exist to ensure that the organization survives and hopefully thrives. Introduction to Information Security Management
  • 7. The Computing Environment Security of an information system Information System Security People security Technology Security Network Security Security of IS Activities Data Security Information Security Management Introduction to Information Security Management
  • 8. Security of Various Components in the Computer Environments Protecting organization, information system , or any computing environment means following: • Personal security to protect people • Qualification assurance • Specifications of the job • Security clearance • Screening Assurance • Authorizing of process • Security Training • Nondisclosure Agreement Information Security Management Introduction to Information Security Management
  • 9. Security of an information system 1. Introduction to Information Security Management CIA Triad CIA Triad Confidentiality Integrity Availability
  • 10. CIA triad suffers from at least 2 drawbacks: Security Star Model Confidentiality Availability Non-Repudiation Integrity Authentication 1. Introduction to Information Security Management The Security Star
  • 11. Parker’s View of Information Security Parker’s View of Information Security • CIA Triad • Authenticity • Possession Envelope • Utility Possession defines ownership or control of information Authenticity aims at ensuring that the origin of the transmission is correct and that the authorship of the transmitted documents is valid Utility emphasized the usefulness of the information in possession Information Security Management Introduction to Information Security Management
  • 12. What is Information Security Management 1. Identify computing environment, define its critically, prioritize its contribution to the organization’s business-value-generation capabilities; 2. Identify all security risks, assess them, mitigate them by devising a comprehensive risk- driven security program; 3. Provide continual improvement of the organization’s risk position. Information Security Management Introduction to Information Security Management
  • 13. Security Controls Managerial Controls: • Risk Assessment • Planning • System and Service acquisition • Certification, accreditation and security assessment Technical Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management Information Security Management Introduction to Information Security Management
  • 14. Security Controls Operational Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management • Maintenance • System and Information Integrity • Media Protection • Incident Response • Awareness and Training Information Security Management Introduction to Information Security Management
  • 15. The NSA Triad for Security Assessment Assessment - Security Planning for 3 years Not technical, often qualitative Doesn’t involve any testing Collaborative, often shared by users, managers, and owner Evaluation - How to use technology to support information security Technical but not invasive Passive testing required for self study Collaborative to some extends Involves diagnostic tools Involves internal audit Information Security Management Introduction to Information Security Management
  • 16. The NSA Triad for Security Assessment Penetration Testing Non-collaborative Technical in nature Invasive in nature Involves external audit Active penetration tests Risk to compromise the target system exists but has to be avoided Active assessment expertise is required Information Security Management Introduction to Information Security Management

Notas del editor

  1. A computing environment as Raggad’s taxonomy of information security is made up for five continuously interacting components. Information system is viewed as smaller computing environment made to efficiently achieve information system objectives.
  2. Information security cannot just be devised based on the specifications of security solutions; a thorough study of the organization business value generation model and its computing environment is needed before prescribing any security programs. Any security investigation has to be risk driven Off-the -self solutions will not work : 1. security requirements vary depending on vulnerabilities and threats of organization’s computing environment 2. the effect and consequences of similar security incidents vary from one organization to another.
  3. Information sensitivity taxonomy proposed by the ISO/IEC 177799 or ISO/IEC 27002.
  4. CIA triad suffers from at least 2 drawbacks: The tree security goals are not sufficient and more security goals have to be added A risk-driven model based on CIA is not sufficient to achieve security as long as security management is not incorporated in the security model. Authentication - verifying the identity of an agent before access is granted smart cards, public key, biometrics Non-Repudiation - both ends of transmission cannot deny their involvement in the transmission: Digital signatures
  5. Possession: Even if information is securely encrypted in a packet, just loosing the packet is a breach of possession Utility: if information is available to you in an encrypted form, but you have no way to decrypt it this information is not useful to you
  6. Provide continual improvement of the organization’s risk position: automatically revising the risk driven security program as security requirements change with changes in computing environment