Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Guide for Interconnecting Information Technology Systems

Published byCharleen Justina Anderson Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Guide for Interconnecting Information Technology Systems"— Presentation transcript:

1 Security Guide for Interconnecting Information Technology Systems
ANUSHA KAMINENI SECURITY MANAGEMENT

2 AGENDA Introduction Background Lifecycle of System Interconnection

3 EXECUTIVE SUMMARY Security guide for Interconnecting systems
Life-Cycle Management Planning a system interconnection Establishing a system interconnection Maintaining a system interconnection Disconnecting a system interconnection ISA and MOU/A System Interconnection Implementation plan

4 INTRODUCTION Authority Purpose Scope Audience Document Structure

5 Figure 1: Interconnection Components
BACKGROUND Figure 1: Interconnection Components

6 Why to interconnect IT systems?
Exchange data & information Provide customized levels Collaborate on Joint projects Provide full time communications Provide online training Provide secure storage of data

7 PLANNING A SYSTEM INTERCONNECTION
Figure 2. Steps to plan a system interconnection

8 PLANNING A SYSTEM INTERCONNECTION
Establish a Joint planning team Define the Business case Perform C & A Determine Interconnection Requirements Document Interconnection Agreement Approve or Reject Interconnection

9 Determine Interconnection Requirements
Level and method of interconnection Impact on existing Infrastructure and Operations Hardware Requirements Software Requirements Data Sensitivity User Community Services and Applications Security controls Segregation of Duties Incident Reporting and Response Contingency Planning

10 …..continued Determine Interconnection Requirements
Data element naming and ownership Data Backup Change Management Rules of Behavior Security Training and Awareness Roles and Responsibilities Scheduling Costs and Budgeting

11 Document Interconnection Agreement
Develop an interconnection security agreement Establish a memorandum of Understanding

12 Approve or Reject Interconnection
Approve the interconnection Grant interim approval Reject the interconnection

13 ESTABLISHING A SYSTEM INTERCONNECTION
Fig 3. Steps to Establish a system Interconnection

14 ESTABLISHING A SYSTEM INTERCONNECTION
Develop Implementation Plan Execute Implementation Plan Activate Interconnection

15 Execute Implementation Plan
Implement or configure security controls Firewalls Intrusion Detection Auditing Identification and Authentication Logical Access controls Virus scanning Encryption Physical and Environmental security

16 …. continued Execute Implementation Plan
Install or configure hardware and software Communications line VPN Routers and switches Hubs Servers Computer Workstations Integrate Applications Conduct operational and security testing Conduct security Training and awareness Update systems security plans Perform Recertification and Reaccreditation

17 MAINTAINING A SYSTEM INTERCONNECTION
Maintain clear lines of communication Maintain equipment Manage user Profiles Conduct security reviews Analyze audit logs Report & respond to security incidents Coordinate contingency planning activities Perform Change management Maintain system security plans

18 DISCONNECTING A SYSTEM INTERCONNECTION
Planned disconnection Emergency disconnection Restoration of interconnection

19 EXECUTIVE SUMMARY Security guide for Interconnecting systems
Life-Cycle Management Planning a system interconnection Establishing a system interconnection Maintaining a system interconnection Disconnecting a system interconnection ISA and MOU/A System Interconnection Implementation plan

20 IMPORTANT TERMS Audit Trail Integrated Services Digital Network(ISDN)
Interconnection Security Agreement(ISA) Intrusion Detection System (IDS) Memorandum of Understanding/Agreement(MOU/A) RADIUS (Remote Authentication Dial-In User Service) Security Controls System interconnection Virtual Private Network(VPN)

21 QUESTIONS?

Download ppt "Security Guide for Interconnecting Information Technology Systems"

Similar presentations

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Controls for Information Security

Controls for Information Security
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Similar presentations

Ads by Google