Presentation is loading. Please wait.

Presentation is loading. Please wait.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Published byLucas Nicholson Modified over 8 years ago

Similar presentations

Presentation on theme: "Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing."— Presentation transcript:

1 Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing

2 Environment for Information Security n Close relationships with suppliers and customers n Portable computers n Internet connections

3 Role of Information Security n Ensure availability of valid information when users need it to run the business n Protect confidentiality of sensitive corporate information n Protect the privacy of users

4 Role of Information Security n Protect information assets from unauthorized modification n Ensure ability to continue operation in event of a disaster

5 What Needs to be Protected? n Not all information has same value or importance n Classify the sensitivity of both information and applications

6 What Needs to be Protected? n Estimate costs to the business if an application were unavailable for one, two days or longer n Estimate damage if competitor gains access or information becomes corrupted

7 Reappraisal Issues n What are the threats and risks? n Who or what is the enemy? n What are the targets? n Who “owns” the targets?

8 Reappraisal Issues n How vulnerable are the targets? n How much loss can the company bear? n Which assets are not worth protecting?

9 Technologies for Security n Expert systems and neural networks – recognizing patterns of behavior – configuring human interface to suit individual users and their permitted accesses

10 Technologies for Security n Expert systems and neural networks – detection of intrusion through sensors – reconfiguring networks and systems to maintain availability and circumvent failed components

11 Technologies for Security n Smart cards – contain own software and data – recognize signatures, voices – store personal identification information – may use cryptographic keys n Personal communications numbers

12 Technologies for Security n Voice recognition n Wireless tokens n Prohibited passwords lists n Third party authentication

13 Threats to Security n Document imaging systems – reading and storing images of paper documents – character recognition of texts for abstracting and indexing – retrieval of stored documents by index entry

14 Threats to Security n Document imaging systems (cont’d.) – manipulation of stored images – appending notes to stored images through text, voice – workflow management tools to program the distribution of documents

15 Threats to Security n Massively parallel mini-supercomputers – used for signal processing, image recognition, large- scale computation, neural networks – can be connected to workstations, file servers, local area networks – good platform for cracking encryption codes

16 Threats to Security n Neural networks – can “learn” how to penetrate a network or computer system n Wireless local area networks – use radio frequencies or infrared transmission – subject to signal interruption or message capture

17 Threats to Security n Wide area network radio communications – direct connectivity no longer needed to connect to a network – uses satellite transmission or radio/telephone technology, wireless modems

18 Threats to Security n Videoconferencing – open telephone lines can be tapped n Embedded systems – computers embedded in mechanical devices – potential to endanger customers – potential to access host computers

19 Threats to Security n Smart cards – can be lost or damaged n Notebooks and palmtop computers – subject to loss or theft – wireless modems

20 Defensive Measures n Frequent backups and storage of backups in secure areas n Highly restricted access to workflow management programs

21 Defensive Measures n Password controls and user profiles n Unannounced audits of high-value documents n Restricted access at the document level

22 What Security Services Are Required? n Policy and procedure development n Employee training, motivation, and awareness n Secure facilities and architectures

23 What Security Services Are Required? n Security for applications n Ongoing operational administration and control n Procedural advisory services n Technical advisory services

24 What Security Services Are Required? n Emergency response support n Compliance monitoring n Public relations

25 Disaster Recovery Needs Assessment n Who should be involved? – computer and network operations staff – information security specialist – systems analysts for mission-critical operations – end users – external consultants

26 Disaster Recovery Needs Assessment n Assessing the disaster plan – what kinds of disasters are anticipated? – which applications are mission-critical? – which computer/communications architectures are covered? – when was the plan last updated?

27 Disaster Recovery Needs Assessment n Assessing the disaster plan – what is the annual cost for maintaining and operating the recovery strategy? – what strategies are used? – how often is the plan tested? – would failure of mission-critical applications incur liability to other firms?

28 Disaster Recovery Models n “Cold site” backup agreement with another firm specializing in backup services n “Hot site” backup through building or leasing another facility with excess capacity n Distributed processing backup n Replacement

Download ppt "Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Similar presentations

Ads by Google