Information Security OECD, April 2001 International Computing Centre Managing Information Security Ed Gelbstein, International Computing Centre, Geneva.

Slides:



Advertisements
Similar presentations
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Advertisements

1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Separate Domains of IT Infrastructure
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
Lecture 10 Security and Control.
Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
CYBER CRIME AND SECURITY TRENDS
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Security Guide for Interconnecting Information Technology Systems
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Securing Information Systems
Information Security Technological Security Implementation and Privacy Protection.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Computer Crime and Information Technology Security
Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.
Kholoud AlSafadi Ethical Issues in Information Systems and the Internet.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
C8- Securing Information Systems
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Information Systems Security Operations Security Domain #9.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Security and Ethics Privacy Employment Health Crime Working
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Computer Crime crime accomplished through knowledge or use of computer technology. Computers are tools – we choose how to use / apply the technology.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Managing Operations Chapter 8 Information Systems Management In Practice 6E McNurlin & Sprague.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
Security fundamentals Topic 1 Addressing security threats and vulnerabilities.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
IT-Secrurity Cookbook Enter your login: Enter your password:
Security and Ethics Safeguards and Codes of Conduct.
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham and D. Anandarajah. Slides prepared by Kaye.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Information Management System Ali Saeed Khan 29 th April, 2016.
Chapter 17 Risks, Security and Disaster Recovery
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
INFORMATION SYSTEMS SECURITY and CONTROL
Presentation transcript:

Information Security OECD, April 2001 International Computing Centre Managing Information Security Ed Gelbstein, International Computing Centre, Geneva

Information Security OECD, April 2001 International Computing Centre

Information Security OECD, April 2001 International Computing Centre Asset valuation What is the business value of k Data k Intellectual property k Systems (sw/hw) k Documents k The Organisation’s reputation disclosed modified unavailable destroyed etc

Information Security OECD, April 2001 International Computing Centre How do you respond ? Hackers please note This facility is secured Monday and Friday, 09:00 to 17:00 CET Please do not visit at any other time We thank you for your understanding Option 1 Option 2 Emergency response plan + team

Information Security OECD, April 2001 International Computing Centre Key components Ownership and culture Policies Processes and tools Autopsies, diagnostics, audits

Information Security OECD, April 2001 International Computing Centre Ownership Anybody Somebody Everybody Nobody

Information Security OECD, April 2001 International Computing Centre Culture Security management is a way of life It relies on everyone It requires many processes It may contain many projects but it has no end Only the paranoid survive

Information Security OECD, April 2001 International Computing Centre Threatscape Internal External Physical Logical Sabotage Misuse/ fraud Unauthorised access Unauthorised change Unauthorised disclosure Destruction of data Malicious software Stupidity Weaknesses in systems Weaknesses in products Cyber-attack (DoS/ DDoS) Cyber-attack (EMP) Data blackmail and many more...

Information Security OECD, April 2001 International Computing Centre Threatscape (2) Most pervasiveMost expensive Most publicisedMost frequent Virus, worm, trojan horse Insider fraud, sabotage Theft of proprietary information Attacks on e-business - theft of credit card data - Denial of Service Developers’ mistakes Poor configuration Poor system administration

Information Security OECD, April 2001 International Computing Centre Building blocks Change Control Backup /restore Media management Disaster recovery Business continuity Crisis management Physical access control Logical access control Infrastructure - No single point of failure - UPS and standby - Clusters, fail-soft, alternative routing, RAID, … Diagnostics and monitoring System administration Audits Policies Best practices Standards Action plans Key word: OWNERSHIP

Information Security OECD, April 2001 International Computing Centre Building blocks (2) Confidentiality Integrity Authorisation Authentication Audit trail Non-repudiation Risk assessment Communications Risk management Alert monitoring Tools and products Organisation - incident detection - incident response Staff vetting Training Tests and audits Key word: OWNERSHIP

Information Security OECD, April 2001 International Computing Centre Policies Scope Documentation Dissemination Maintenance Compliance Non-compliance

Information Security OECD, April 2001 International Computing Centre Scope of policies 9  9 Passwords 9 System / Resource access 9 Database administration 9 Encryption 9 Backup/ Restore/ Disaster recovery 9 Physical access and remote access 9 Software installation 9 Change control list continues...

Information Security OECD, April 2001 International Computing Centre Scope of policies (2) 9 Acceptable use 9 Monitoring and audits 9 Mobile computing 9 Wireless computing 9 Privacy 9 Staff background checks and more...

Information Security OECD, April 2001 International Computing Centre policy includes... < Virus, worm, other infectious software < Executable code < Audio and video files < Other large files < Encryption < Non-disclosure < Offensive language/material < Legal liability (harassment, copyright, libel, etc) < Junk and other loss of productivity < Personal use of corporate < Archival and so on...

Information Security OECD, April 2001 International Computing Centre Vigilance Alerts (Vendor, CERT, FBI, other) Attacks (who, when, how) Hacker tools, communiques, websites Disgruntled staff, behavioural changes etc

Information Security OECD, April 2001 International Computing Centre Security rings Data access rights Database security System security LAN and server security Firewall security Authentication etc What does it take to get through each of these layers

Information Security OECD, April 2001 International Computing Centre Tools and products Firewalls and antivirus software Resource access controls Encryption Digital certificates Proxy / Reverse Proxy servers Intrusion detection systems Software integrity checkers Log analysis tools and so on... “out of the box” may not be e-nough many choices

Information Security OECD, April 2001 International Computing Centre Certification, audits, etc d tests d audits d post-mortems d certification Like your annual medical it’s no guarantee of good health but it might diagnose a problem Who tests the testers? How do you know you have not been attacked ?

Information Security OECD, April 2001 International Computing Centre Be vigilant, be silent... Yes, we have been attacked and are very aware of the flaws in our security Our security is superb and we are totally confident in our ability to stay ahead Risk of losing credibility and of inviting trouble A challenge to every cracker and script kiddie to prove you wrong

Information Security OECD, April 2001 International Computing Centre Give it a try? Intrusion test Access a predefined file from a server on your network Report of route taken to access Report of weaknesses found

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.