Innovation or Necessity?. Information Security. ISM 158 By: Sepehr Saeb. In 2006, Nationwide building society was fined nearly £1 million by the FSA (Financial Services Authority) for failing to have effective systems and controls to manage information security risks. Why?
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
In 2006, Nationwide building society was fined nearly £1 million by the FSA (Financial Services Authority) for failing to have effective systems and controls to manage information security risks.
The laptop of one of the employees got stolen from his house so that put the customers into a high risk of financial crimeIntroduction
Today, information is considered as an essential asset for businesses not only as the success factor, but also as an surviving factor.
Different Types of Information:
Printed or written
Transmitted by post
Shown on films
Spoken in conversationIntroduction continued…
As soon as the necessity of information is realized by the leaders of a business, Security must be embedded into the system and become standard.
If it is implemented correctly:
Greater clarity and visibility of processes
Higher credibility within clientsManaging Information Security
The result of these steps will show us which section of business need stronger and more developed security.
Improved understanding of business operations and related critical assets
Ensuring compliance to regulatory and legislative requirements
Reduced risk to reputation in the market sector
Increased protection of key IT assets and related data
Enforcing a systematic approach to identifying and handling security incidents.
Providing confidence to external financial auditors that security controls are in place and effective.Benefits
Security of back up data ISMS:
Staff training and awareness
Limited tools to characterize security performance
Lack of effective testing systems
Poor software licensing controlsWeaknesses
Since information is dramatically increasing and getting larger Security risks also is increasing
As a result, having a good ISMS is necessity
The main issue is to avoid security breaches in the gap between a new vulnerability being published and implementing a patch to fix it which is time consumingFuture