1 / 28

Information Security Management

Information Security Management. Awareness and Action. To adequately protect information resources, managers must be aware of the sources of threats to those resources the types of security problems the threats present how to safeguard against both. .

zulema
Télécharger la présentation

Information Security Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Management

  2. Awareness and Action • To adequately protect information resources, managers must be aware of • the sources of threats to those resources • the types of security problems the threats present • how to safeguard against both.

  3. What are the threats to information Security?

  4. Threats to Information Security • Human error and mistakes • Malicious human activity • Natural events and disasters

  5. More info… • Human Error and Mistakes • Could be employee or non-employee • Poorly written programs or procedures • Data entry errors • Misuse • Physical mistake (ex. Unplugging something) • Malicious Activity • Could be employee, former employee, or hacker • Breaking into systems to steal/damage • Introducing worms or viruses • Terrorism

  6. Natural Disasters • Problems when initial loss occurs and during recovery • Fires • Floods • Hurricanes • Earthquakes • Other acts of nature

  7. Problems and Sources

  8. What are the three components to a security program?

  9. Three components to a security program? • Senior management establishes a security policy and manages risks. • Safeguards must be established for all five components of an IS as the figure below demonstrates. • The organization must plan its incident response before any problems occur.

  10. What’s management’s role?

  11. Management’s role • Have an effective security policy • Elements • A general statement of the organization’s security program • Issue-specific policies like personal use of email and the Internet • System-specific policies that ensure the company is complying with laws and regulations. • Manage risks • Risk is the likelihood of an adverse occurrence. • You can reduce risk but always at a cost. The amount of money you spend on security influences the amount of risk you must assume. • Uncertainty is defined as the things we do not know that we do not know.

  12. Risk Assessment • Risk Assessment Factors • Once you’ve assessed the risks to your information system, you must make decisions about how much security you want to pay for. • Some risk is easy and inexpensive. • Some risk is expensive and difficult. • Managers have a fiduciary responsibility to the organization to adequately manage risk.

  13. What are the 5 technical safeguards?

  14. Five Technical Safeguards • For Hardware and Software components of Info System

  15. Identification and Authentication • Includes passwords (what you know), smart cards (what you have), and biometric authentication (what you are). • Often more secure, and easier, to establish a single sign-on for multiple systems. • Wireless systems pose additional problems • Wired Equivalent Privacy (WEP)-first developed • Wi-Fi Protected Access (WPA)-more secure • Wi-Fi Protected Access (WPA2)-newest and most secure

  16. Encryption • Symmetric • Asymmetric • SSL/TLS • Digital Signatures • Digital Certificates

  17. Other Technical Safeguards • Firewall • Should be installed on every computer connected to a network, especially the internet • Malware protection • Protects from spyware and adware • Symptoms of a PC with spyware or adware installed

  18. Protecting Your Own Computer • Install antivirus and antispyware programs. • Scan your computer frequently for malware. • Update malware definitions often or use an automatic update process. • Open email attachments only from known sources and even then be wary. • Promptly install software updates from legitimate sources like Microsoft for your operating system or McAfee for your spyware programs. • Browse only in reputable Internet neighborhoods. Malware is often associated with rogue Web sites.

  19. What are the data safeguards?

  20. Data Safeguards

  21. What are the human safeguards?

  22. Human Safeguards – In House Employees

  23. Human Safeguards - NonEmployees • Ensure any contracts between the organization and other workers include security policies. Third-party employees should be screened and trained the same as direct employees. • Web sites used by third-party employees and the public should be hardened against misuse or abuse. • Protect outside users from internal security problems. If your system gets infected with a virus, you should not pass it on to others.

  24. Human Safeguards – Account Admin • Account management • Establishing new accounts • Modifying existing accounts • Terminating unnecessary accounts • Password management • Immediately change newly created passwords • Change passwords periodically • Sign an account acknowledgment form • Help-desk policies • What do you think some of the problems might be?

  25. Human Safeguards – Security Monitors • Procedures for normal, backup, and recovery processes • Activity log analyses • Security testing • Learning from past problems

  26. Response to Security Incidents • Disaster Preparedness Tasks http://www.availability.sungard.com/Pages/SunGardVirtualTour.aspx

  27. Incident Response Plans

  28. Computer Crime – 2006 Survey

More Related