Presentation is loading. Please wait.

Presentation is loading. Please wait.

Innovation or Necessity? ISM 158 By: Sepehr Saeb.

Published byRylan Nutt Modified over 10 years ago

Similar presentations

Presentation on theme: "Innovation or Necessity? ISM 158 By: Sepehr Saeb."— Presentation transcript:

1 Innovation or Necessity? ISM 158 By: Sepehr Saeb

2 In 2006, Nationwide building society was fined nearly £1 million by the FSA (Financial Services Authority) for failing to have effective systems and controls to manage information security risks. Why? The laptop of one of the employees got stolen from his house so that put the customers into a high risk of financial crime

3 Today, information is considered as an essential asset for businesses not only as the success factor, but also as an surviving factor. Different Types of Information: 1. Printed or written 2. Stored electronically 3. Transmitted by post 4. Shown on films 5. Spoken in conversation

4 As soon as the necessity of information is realized by the leaders of a business, Security must be embedded into the system and become standard. If it is implemented correctly: 1. Increased efficiency 2. Greater clarity and visibility of processes 3. Risk reduction 4. Direct improvement 5. Higher credibility within clients

5 Implementing an Information Security Management System (ISMS) What ISMS Does? Identify and reduce security risks Focus information security Protect information

6 The Core work needs to be done in implementing ISMS: Scope out the extent of the system and its boundaries in order to protect data A thorough and detailed risk assessment needs to be prepared by identifying the valuable information with possible threats and vulnerabilities followed by the existing controls. The result of these steps will show us which section of business need stronger and more developed security.

7 After gathering all necessary requirements to implement ISMS: Staff training and awareness Publishing the security policy Documenting the final set of security controls Periodic review of the system is essential to maintain the integrity of the system

8 Reduction in security breaches Improved understanding of business operations and related critical assets Ensuring compliance to regulatory and legislative requirements Reduced risk to reputation in the market sector Increased protection of key IT assets and related data Enforcing a systematic approach to identifying and handling security incidents. Providing confidence to external financial auditors that security controls are in place and effective.

9 Security of back up data Staff training and awareness Limited tools to characterize security performance Lack of effective testing systems Poor software licensing controls

10 Since information is dramatically increasing and getting larger Security risks also is increasing As a result, having a good ISMS is necessity The main issue is to avoid security breaches in the gap between a new vulnerability being published and implementing a patch to fix it which is time consuming

11

12 http://www.cxo.eu.com/article/Information- Security-Innovation-or-Necessity/

Download ppt "Innovation or Necessity? ISM 158 By: Sepehr Saeb."

Similar presentations

Copyright © 2006 Credit & Management Systems, Inc. All rights reserved. All other product names are trademarks of their respective owners. COMMERCIAL CREDIT.

Copyright © 2006 Credit & Management Systems, Inc. All rights reserved. All other product names are trademarks of their respective owners. COMMERCIAL CREDIT.
Presentation to HRPA Algoma January 29, 2015. My favourite saying… Fail to plan, Plan to Fail. 2.

Presentation to HRPA Algoma January 29, My favourite saying… Fail to plan, Plan to Fail. 2.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.

Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,

IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,
Copyright Security-Assessment.com 2006 Protecting The Data Data security, compliance, disclosure requirements and what can happen if you get it wrong Presented.

Copyright Security-Assessment.com 2006 Protecting The Data Data security, compliance, disclosure requirements and what can happen if you get it wrong Presented.
Information Security considerations for Outsourced ICT Services

Information Security considerations for Outsourced ICT Services
Unified Governance Brian G Edmondson MIRM CEO netSurity.

Unified Governance Brian G Edmondson MIRM CEO netSurity.
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
THE PRINCIPLES OF QUALITY MANAGEMENT. DEFINING QUALITY Good Appearance? High Price? The Best? Particular Specification? Not necessarily, but always: Fitness.

THE PRINCIPLES OF QUALITY MANAGEMENT. DEFINING QUALITY Good Appearance? High Price? The Best? Particular Specification? Not necessarily, but always: Fitness.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Consultancy.

Consultancy.
INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.

INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.
The purpose and role of an audit committee Neeta Major Chief Internal Auditor.

The purpose and role of an audit committee Neeta Major Chief Internal Auditor.
MnSCU Audit Reports Presentation to the MnSCU Audit Committee Office of the Legislative Auditor September 21, 2004.

MnSCU Audit Reports Presentation to the MnSCU Audit Committee Office of the Legislative Auditor September 21, 2004.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)

Similar presentations

Ads by Google