1 / 15

Advantages of IT Security

Advantages of IT Security. Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T 2006 April 5, 2006, Riga, Latvia. Today's Environment. Collaboration Individuals Business Partners Industries Global businesses

aspen-palmer
Download Presentation

Advantages of IT Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T 2006 April 5, 2006, Riga, Latvia

  2. Today's Environment • Collaboration • Individuals • Business Partners • Industries • Global businesses • Trusted partners

  3. Today's Environment • Traditional • customer business IT support • E-business • customer IT solution business • Trusted IT solutions

  4. Today's Environment • Does IT becomes commodity? • Resources on demand • Standardization • Trusted technologies

  5. Today's Environment • Concerns • Breaches of confidentiality • Disruption of business operations • Theft of intellectual property • “The wonder of the Web is that the customer knows about IT problems the same timeyou do. There’s no camouflage.” Senior VP of Electronic Brokerage Technology The Computer Crime and Security Survey,CSI/FBI, 2005

  6. Competitive Advantage • High service level for customers • Complex technology (additional risk) • Public image and branding • Compliance • Business resilience • New Driver - Trust and Differentiation • Security as a differentiator • Competitiveness • for businesses • for countries

  7. Fundamental Principles of Security • Confidentiality • Passwords, biometric controls, identity management systems, ... • Encryption, VPN, SSL, SET ... • Integrity • Digital signatures, PKI, anti-virus software, ... • Availability • Backup systems, continuity plans, ...

  8. Regulations • State Secrets Law, 1996 • Personal Data Protection Law, 2000 • State Information Systems Law, 2002 • Electronic Documents Law, 2002 • Obligatory technical and organizational requirements for protection of personal data processing systems, Cabinet of Ministers Regulation No.40, January 30, 2001 • Common Security Requirements for State Information Systems, Cabinet of Ministers Regulation No.765, October 11, 2005 • Regulations on Security Audits of Certification Authorities, Cabinet of Ministers Regulations No.357 and No.358, July 1, 2003 • and more ...

  9. Regulations • State Standards • LVS ISO/IEC 17799:2005 Information technology – Code of practice for information security management • LVS ISO/IEC TR 13335:2003 Information technology - Guidelines for the management of IT Security • LVS ISO/IEC 15408:2003 Information technology – Security techniques — Evaluation criteria for IT security • LVS ISO/IEC 12207:2002 Information technology – Software life cycle processes • and more ... • Regulations of the Financial and Capital Market Commission • Regulations on the Security of Information Systems of Financial and Capital Market Participants • Regulations on Information Encryption and Electronic Signing • and more ...

  10. Does a Stronger Lock Help?

  11. Scope of IT Security • Too often IT security issues are treated in the narrow sense as technologies protecting against viruses, spam, spyware, “bad guys”, etc. • Scope of IT security includes also • business continuity planning • software development issues • personnel security • security awareness program • and more...

  12. Scope of IT Security LVS ISO/IEC 17799:2005 • Security Policy • Organization of Information security • Asset Management • Human Resource Security • Physical and Environmental Security • Communications and Operations Management • Access control • IS Acquisition, Development, and Maintenance • Information Security Incident Management • Business Continuity Management • Compliance

  13. Security policy Compliance Organization of Information security Information Security Incident Management Asset Management Integrity Confidentiality Business continuity management Human Resource Security Availability IS Acquisition, Development, and Maintenance Physical and environmental security Communications and operations management Access control IT Security Framework • Use proven values to win competition • COBIT to build IT governance • ISO/IEC 17799 to manage IT security

  14. Scope of IT Audit • Assessment of • IT support for company’s business objectives • IT function compliance with regulatory requirements • IT project cost and schedule control • IT solution benchmarking to industries’ best practice • IT security • Independent audit • ISACA Latvia, 60+ members (www.isaca.lv) • 48 certified IS auditors (CISA) and certified security managers (CISM)

  15. Thank You for Your Attention! uldis.sukovskis@riti.lv www.riti.lv

More Related