Presentation is loading. Please wait.

Presentation is loading. Please wait.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Published byMarybeth Owens Modified over 8 years ago

Similar presentations

Presentation on theme: "OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current."— Presentation transcript:

1 OCTAVE-S on TradeSolution Inc.

2 Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current strategy

3 TradeSolutions Inc. TradeSolutions Inc. A mid sized company with an office in Sweden Specialized in providing trading solution and surveillance technology for marketplaces, banks. Develops, customize and maintain trading platform ‘TradePro’. Customers access TradePro using the client application to do trading

4 TradeSolutions Inc. TradeSolutions Inc. 200 local workstations with windows XP running File Server, Web Server, Database Server, MS Exchange 2007 mail server. Production server which hosts TradePro Centrally stored data is located at two different premises (sites 1 and 2) Every employee can access the file server, database server and web server from remote area using VPN

5 Impact Criteria Reputation: Customer loss >10% Finance: Annual financial loss > 5 Million SEK Productivity: Staff work hours increase > 20% Fine: > 2.5 Million SEK

6 Critical Assets Code Repository Production Server Mail Server Personal Computers TradePro team Phase1: Asset-Based Threat Profiles

7 Phase 2: Identify Infrastructure Vulnerabilities Critical IT component

8 Threats with Highest Impact Code Repository Disclosure of the code o Competitors, hackers (External) o Employees (Internal) High impact on reputation, finance and productivity Production server Interruption or destruction o Competitors, hackers (External) o Internal IT team (Internal) o system problem, power supply and natural disaster High impact on reputation and finance Phase 3: Develop Security Strategy and Plans

9 Personal Computers Interruption or destruction o Competitors, hackers (External) o System problems and power supply High impact on reputation and finance. Mail Server Disclosure of the messages o Hackers (External) o Developers and internal IT (Internal) High impact on reputation and finance TradePro Team Unavailability of the team due to illness, family problems, retirement, resignation and lay off High impact on productivity and finance Phase 3: Develop Security Strategy and Plans Threats with Highest Impact

10 Authentication and Authorization (Red) Introduce Role based authorization scheme as a formal mechanism to restrict unauthorized users to access critical assets. Employees should not be given administrative privileges. The security policy should include the proper procedures to review the access rights of any employee. Internal IT team must take care of these issues Phase 3: Develop Security Strategy and Plans Protection Strategy & Risk Mitigation Plans

11 System and Network management (Yellow) Formal mechanisms should be defined to enforce Security Policy Access to USB and CD ROMs should be limited Checking the systems to remove any unnecessary software. Implement an auditing mechanism to verify whether the security requirements are met. Introduce new network managing and monitoring tools to reduce the manual labor. Implement a secure email system. Internal IT decides and tracks this part. Phase 3: Develop Security Strategy and Plans Protection Strategy & Risk Mitigation Plans

12 Security awareness and training (Yellow) For all employees Conduct awareness courses. Workshop for new secure email system Trainers from inside the company Responsibility of senior management For Internal IT Professional Workshop for new purchased security tools to protect code repository, production server and secure mail server. Trainers from outside the company Responsibility of security manager Phase 3: Develop Security Strategy and Plans Protection Strategy & Risk Mitigation Plans

13 Next Step Adequate funding should be allocated. Senior and security management supervision is needed. Security courses should begin just after the deployment of new tools and implementation of authorization policies. Conduct OCTAVE-S six months after the completion of general security awareness courses for all employees.

Download ppt "OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current."

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
Consultancy.

Consultancy.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Copyright 2010, The World Bank Group. All Rights Reserved. Agricultural Coding and Data Processing Section B 1.

Copyright 2010, The World Bank Group. All Rights Reserved. Agricultural Coding and Data Processing Section B 1.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.

Similar presentations

Ads by Google