Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

Published byMae King Modified over 8 years ago

Similar presentations

Presentation on theme: "IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies."— Presentation transcript:

1 IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies

2 IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter Objectives Understand IT Security issues Study IT security strategies for the organization Study methods for risk assessment Study how to formulate security strategies Study of framework for secure information management Study of legal and business aspects of IT security

3 IT Strategy for Business © Oxford University Press 2008 All rights reserved Introduction Information security is a technical and business problem. Security is about availability, integrity, privacy, non- repudiation, authenticity and confidentiality Availability: Network and information availabilities make it possible to have systems available to users on timely basis and in required form Integrity: Integrity is the quality or the property of the system that guarantees that data are not changed arbitrarily Privacy: Protection of personal information Non-repudiation: This is the guarantee that something came from a company or individual or the source it claims. Authenticity: This means that the source as well as the information is authentic

4 IT Strategy for Business © Oxford University Press 2008 All rights reserved Security strategy framework

5 IT Strategy for Business © Oxford University Press 2008 All rights reserved Security strategy framework The business objective occupies the apex of the pyramid, while security forms the foundation. Availability and confidentiality support the pyramid from both sides. These exposures are controlled by security architecture formed by people, processes, and technologies

6 IT Strategy for Business © Oxford University Press 2008 All rights reserved Objectives of Security strategies Secure the information: Let information be available to those who are authorized to access it. Use of security of information for competitive advantage: The assured information security helps in building the competitive advantage. Use of security to minimize risks: The security strategy should asses the risks. The risks are minimized by insuring or by taking different measures to protect Balancing availability and security: The availability and security need to be balanced to meet the business objectives without loosing any competitive advantage

7 IT Strategy for Business © Oxford University Press 2008 All rights reserved Security Strategies: Factors and Measures Security needs at various stages: During various stages of an organization and its knowledge life cycle, there are different security needs. Information and its classification: The security strategy should seek to strike a balance between availability and security. Continuous exposure analysis: Analysis of various points of exposure of the system. Study of the possibility of threat from the points of exposure. Identification of threats and sources: The identification of threats is important. Once the threat is identified, the strategic decision of protection can be taken. Preventive measures: The preventive measures are typically technical measures, business measures, and financial measures.

8 IT Strategy for Business © Oxford University Press 2008 All rights reserved Security Strategies: Factors and Measures Insurance policy: The organization needs to decide its insurance policy as a part of its security strategy. Legal aspects of exposure and security: Attacks from a particular point of exposure can be tracked and the possibility of taking legal actions against the culprit is very high. Technical measure to enhance the security: The different technical measures such as the use of latest encryption algorithms and the use of advanced authentication algorithms should support the overall security strategy.

9 IT Strategy for Business © Oxford University Press 2008 All rights reserved Threat Identification: Steps Do threat exist? What are the types of threats? Analysis of Impact of the threat on the system and the overall business objective Classification of threat Prioritisation and action plan

10 IT Strategy for Business © Oxford University Press 2008 All rights reserved Threats Intrusion Hacking Energy variations Viruses Unhappy employees Denial of Service Destructive attacks

11 IT Strategy for Business © Oxford University Press 2008 All rights reserved Outsourcing and off shoring related security challenges Information transfer: The security has a challenge to make sure seamless and secured information transfer. Information Sharing: Make sure of security in distributed environment IP Protection: IP protection in distributed environment and in different legal infrastructures Decision about information sharing

12 IT Strategy for Business © Oxford University Press 2008 All rights reserved Security Threats

13 IT Strategy for Business © Oxford University Press 2008 All rights reserved Defense Strategies Prevention and deterrence: Properly designed controls may prevent errors from occurring, deter criminals from attacking the system, and deny access to unauthorized people.. Detection Minimizing the damage and forecasting the risk Recovery and reinitiating the system in normal way Correcting and fixing fundamental problem Awareness and compliance (Dealing with soft- aspects)

14 IT Strategy for Business © Oxford University Press 2008 All rights reserved Defence mechanism

15 IT Strategy for Business © Oxford University Press 2008 All rights reserved Business Continuity and Recovery Plan

16 IT Strategy for Business © Oxford University Press 2008 All rights reserved Security Initiatives and Control Decisions

17 IT Strategy for Business © Oxford University Press 2008 All rights reserved Risk Management Model

18 IT Strategy for Business © Oxford University Press 2008 All rights reserved Cyber Laws and Other Legal Aspects Selection of insuring agency: The insuring agency should have covered all important security aspects in insurance.. IP protection and strategic initiatives: The IP- strategic initiatives include selection of employees, access control, and legally protecting the IP Patenting: Patenting the important inventions and business processes give legal protection to the organization. Getting non-disclosure agreements signed: The non-disclosure agreements should be signed by the employees, customers, and all extended organizations that come into contact with the organization.

19 IT Strategy for Business © Oxford University Press 2008 All rights reserved Cyber Laws and Other Legal Aspects Deciding the clauses and the legalities about the non-disclosure agreements: The clauses of the non- disclosure agreements should be legally valid across the countries the organization operates Deciding insurance-related strategies with all aspects of insurance (fire insurance, flood insurance, theft insurance, etc.): The insurance strategies should consider all possible threats and prioritisation of the threats for the insurance Legalities of responsibilities of employees: There are certain responsibilities of the employees and from security perspective the legalities of the same should be considered. For instance, cheating the employer may be illegal and organization should have guidelines for such conduct and behaviour.

20 IT Strategy for Business © Oxford University Press 2008 All rights reserved Security Policy Checklist (1) Creation of security culture (2) Up-to-date security policies (3) Calculate return on investment (ROI) on security spending (4) Procedures to ensure compliance requirements (5) Have contingency plan to respond to emergency (6) Regular security audits (7) Insurance

21 IT Strategy for Business © Oxford University Press 2008 All rights reserved Summary Appropriate use and security of information can make or break a business. The information may also include important IP of the organization, newly developed algorithms, important business policies, business strategy document, confidential letters, or the customers’ data that could enable someone to access his bank account. To make a business successful in this environment, customer also needs to access information all the time. Security is about Availability, Privacy, non- repudiation, integrity and confidentiality The IT security strategy is all legal and technical positioning and planned actions to protect this information.

22 IT Strategy for Business © Oxford University Press 2008 All rights reserved End of Chapter 12

Download ppt "IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies."

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Security Controls – What Works

Security Controls – What Works
Chapter 1 – Introduction

Chapter 1 – Introduction
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Session 3 – Information Security Policies

Session 3 – Information Security Policies

Similar presentations

Ads by Google