Innovation or Necessity? ISM 158 By: Sepehr Saeb.

Slides:



Advertisements
Similar presentations
Copyright © 2006 Credit & Management Systems, Inc. All rights reserved. All other product names are trademarks of their respective owners. COMMERCIAL CREDIT.
Advertisements

Presentation to HRPA Algoma January 29, My favourite saying… Fail to plan, Plan to Fail. 2.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,
Copyright Security-Assessment.com 2006 Protecting The Data Data security, compliance, disclosure requirements and what can happen if you get it wrong Presented.
Information Security considerations for Outsourced ICT Services
Unified Governance Brian G Edmondson MIRM CEO netSurity.
Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Computer Security: Principles and Practice
THE PRINCIPLES OF QUALITY MANAGEMENT. DEFINING QUALITY Good Appearance? High Price? The Best? Particular Specification? Not necessarily, but always: Fitness.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Consultancy.
INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.
The purpose and role of an audit committee Neeta Major Chief Internal Auditor.
MnSCU Audit Reports Presentation to the MnSCU Audit Committee Office of the Legislative Auditor September 21, 2004.
Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Presentation to Senior Management MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.
Günter Griesmayr 29. April 2010
© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.
ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.
+ Regulation and Compliance Summary “ Making Great Ideas Become Reality”
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Other Performance Measurement Systems Benchmarking.
SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.
ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.
Kathy Corbiere Service Delivery and Performance Commission
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
Welcome to the ICT Department Unit 3_5 Security Policies.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.
Primary Steps for Achieving ISO Certification.
CMS Policy & Procedures
Lecture 09 Network Security Management through the ISMS
Learn Your Information Security Management System
Information Security Awareness
Information Security based on International Standard ISO 27001
Microsoft Corporation
Project proposal for ISO 27001:2013 implementation
Security Awareness Training: System Owners
ISO/IEC 27001:2005 A brief introduction Kaushik Majumder
Business Impact Analysis 101
Securing the Threats of Tomorrow, Today.
About EverydayComply A Solution designed to:
Awareness and Auditor training kit
Presentation transcript:

Innovation or Necessity? ISM 158 By: Sepehr Saeb

In 2006, Nationwide building society was fined nearly £1 million by the FSA (Financial Services Authority) for failing to have effective systems and controls to manage information security risks. Why? The laptop of one of the employees got stolen from his house so that put the customers into a high risk of financial crime

Today, information is considered as an essential asset for businesses not only as the success factor, but also as an surviving factor. Different Types of Information: 1. Printed or written 2. Stored electronically 3. Transmitted by post 4. Shown on films 5. Spoken in conversation

As soon as the necessity of information is realized by the leaders of a business, Security must be embedded into the system and become standard. If it is implemented correctly: 1. Increased efficiency 2. Greater clarity and visibility of processes 3. Risk reduction 4. Direct improvement 5. Higher credibility within clients

Implementing an Information Security Management System (ISMS) What ISMS Does? Identify and reduce security risks Focus information security Protect information

The Core work needs to be done in implementing ISMS: Scope out the extent of the system and its boundaries in order to protect data A thorough and detailed risk assessment needs to be prepared by identifying the valuable information with possible threats and vulnerabilities followed by the existing controls. The result of these steps will show us which section of business need stronger and more developed security.

After gathering all necessary requirements to implement ISMS: Staff training and awareness Publishing the security policy Documenting the final set of security controls Periodic review of the system is essential to maintain the integrity of the system

Reduction in security breaches Improved understanding of business operations and related critical assets Ensuring compliance to regulatory and legislative requirements Reduced risk to reputation in the market sector Increased protection of key IT assets and related data Enforcing a systematic approach to identifying and handling security incidents. Providing confidence to external financial auditors that security controls are in place and effective.

Security of back up data Staff training and awareness Limited tools to characterize security performance Lack of effective testing systems Poor software licensing controls

Since information is dramatically increasing and getting larger Security risks also is increasing As a result, having a good ISMS is necessity The main issue is to avoid security breaches in the gap between a new vulnerability being published and implementing a patch to fix it which is time consuming

Security-Innovation-or-Necessity/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.