Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.

Slides:



Advertisements
Similar presentations
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Advertisements

Protection of Information Assets I. Joko Dewanto 1.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Security Controls – What Works
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
Building a Successful Security Infrastructure
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Chapter 12 Strategies for Managing the Technology Infrastructure.
Information Systems Security Officer
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
Israel Securities Authority MAGNA – Electronic filing Natan Herscovitz, CIO December 2004.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Securing Information Systems
SEC835 Database and Web application security Information Security Architecture.
Information Security Training for Management Complying with the HIPAA Security Law.
Computer Crime and Information Technology Security
Information Security Update CTC 18 March 2015 Julianne Tolson.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Security Architecture
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Mobile Banking By: Chenyu Gong, Jalal Hafidi, Harika Malineni.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Chapter 1: Security Governance Through Principles and Policies
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Management System Ali Saeed Khan 29 th April, 2016.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Welcome to the ICT Department Unit 3_5 Security Policies.
Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.
I have many checklists: how do I get started with cyber security?
IS4680 Security Auditing for Compliance
PLANNING A SECURE BASELINE INSTALLATION
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations Hundreds of branches Thousands of users Own software developer Range of complex interconnected systems Issues Obligatory legal requirements Great number of threats, communication channels CIA balance Complementary responsibilities Complementary software testing Secure communication Enhanced legal security requirements Challenges of the Ministry of Finance

availability of information, data and services availability of information, data and services; data and system integrity data and system integrity; confidentiality and privacy of information confidentiality and privacy of information; compliance with national Laws and Regulations compliance with national Laws and Regulations; normal mode of exploitation information system in accordance with operation rules. Information security concept is to achieve and substantially maintain:

Information security objectives avoidance or mitigating the risk of unauthorized disclosure and modification of information; business continuity and disaster recovery planning; enforcing accountability;intangible assets management; creating information security culture within the Ministry of Finance.

The Ministry of Finance has created Information Security System including specially adapted legal, organization and technical methods and tools in order to support target level of: integrity, availability, confidentiality, authenticity, safety the data, information and services. Feasible and consistent approach is the main principle of information security framework.

Information security arrangements LegalOrganizationalTechnical Policies, standards and guidelinesRoles and responsibilitiesAccess controlCryptographyControlsPublic key infrastructureAuditEthics and training

Legal Domestic legislation National standards International standards Rules of engagements Confidentiality agreements Guidelines Baselines Roles descriptions Information security arrangements

Information security infrastructure Assets management HR management Mandatory access control at physical and logical layer Information system life cycle management Business continuity and disaster recovery planning Organizational Information security arrangements

Technical Firewalls Antiviruses Cryptography tools Intrusion detection system Traffic analyzers Anomaly detection Audit tools Data leak prevention system Information security arrangements

Public key infrastructure PKI is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates for Belorussian governmental organizations and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of financial information.

Public key infrastructure diagram

Certificate authority 124 Registration and Validation authorities Certified software; Licensed activity; 3000 digital certificates for internal purposes, annual output of 8000 digital certificates; experienced personnel; 24/7 technical support.

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.