1 / 20

Managing Information Security

Managing Information Security. Prepared by: Elsa Antonio Mark Jeremy B. Ducusin Jocelyn Cabrera Jobette Andres . Introduction. Information Security The Threats Data Thefts: The Biggest Worry and Insider Threats Scope of Security Management An Array of Perils

tal
Download Presentation

Managing Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Information Security Prepared by: Elsa Antonio Mark Jeremy B. Ducusin Jocelyn Cabrera Jobette Andres

  2. Introduction • Information Security • The Threats • Data Thefts: The Biggest Worry and Insider Threats • Scope of Security Management • An Array of Perils • Security’s Five Pillars • Technical Countermeasures • Playing Cat and Mouse: Tools for Computer Security • Management Countermeasures

  3. Planning for Business Continuity • Using Internal Resources • Using External Resources • Security is a Core Competency

  4. Information Security • Information security is more than just protecting hardware and software from being crushed… • It’s about protecting the information resources that keep the company operating • Goals are to ensure: • Data integrity, availability and confidentiality • Business continuity

  5. Worry and insider threats • is a method of triggering a risk event that is dangerous • Here are a few example of possible criminal acts from an insider of a company; • A computer staff illegally accesses employees’ e mails to steal information that could be used for malicious insert • An employee who is angry about the low bonus he receives brings down the entire company’s computer system by deleted sensitive data records • A system is not happy with his life and decides to change the code of legacy system, creating bad data • A marketing salesperson steals sensitive data and sells them to a competitor • Threats are getting more and more sophisticated, cat-and-mouse game

  6. Scope of security management • Personnel security • Application security • Operating systems security • Network security • Middleware and Wed services security • Facility security • Egress security should be enforced

  7. Case example • Credit cards fraud • One Bug in a Software Package • Two Foreign Cybercriminals • Simple Steps to Protect Credit Card • Steps to protect Credit Cards • Do not lend card • Do not write PIN on card • Do not carry too many cards at the same time • Write down telephone number of credit banks and keep them, safe but handy • Immediately report lost or stolen card • Check your credit card activities frequently (online) • Set automated alert/notification

  8. An array of perils • Cracking the password • Tricking someone • Network sniffing • Misusing administrative tools • Playing middleman • Denial of service • Viruses or worms

  9. Security’s five pillars ☺Authentication: verifying the authenticity of users Eg. Authenticity of digital signature; biometric authentication . ☺Identification: identifying users to grant them appropriate access. Eg. Password protection, spyware ☺ Privacy: protecting information from being seen. Eg. Spyware installed without consent in a computer to collect information.

  10. ☺Integrity: keeping information in its original form Eg. Bots that alter document consents; instant messaging intercepted and altered. ☺Non-repudiation: preventing parties from denying actions they have taken Eg. Proof-of-origin to prove that a particular message(placing a stock order) is associate with a particular individual.

  11. Technical countermeasures • FIREWALLS: hardware/software to control access between networks/blocking unwanted access • ENCRYPTION/DECRYPTION: using an algorithm (cipher) to make a plan text unreadable to anyone that has a key. • VIRTUAL PRIVATE NETWORKS: (VPNs): allow strong protection for data communications.

  12. Playing cat and mouse: tools for computer security • HARDWARE TOOLS *include locks, security cables, secured buildings preventing signal (wave) interception. *dedicated database servers that are not connected to the internet. • SOFTWARE TOOLS *security modules built in operating system to monitor activities *security scanners observing traffic activities for entire networks.

  13. case example • An internet service company *Planning and building for security System architecture for security Information policy *Monitoring Logs of bugs, attacks, Security breaches simulator drills *Education The key to improving security

  14. CounterMeasures® • is a scalable web-based program that is usually delivered as a pay-as-you-go web-service. (Though we do offer client-hosted solutions when they are specially requested.) With CounterMeasures® •  risk assessment services, you also get access to the world class service and support both to help extend your success in risk management. • a countermeasure is a way to stop a threat from triggering a risk event

  15. management countermeasure is acountermeasure that addresses any concern related to risk, system planning, or security assessment by an organization’s management. •  is a proven risk analysis solution that has been applied to address a wide range of risk disciplines including physical security, operations security, critical infrastructure, information security, port security, anti-terrorism force protection, and school security.

  16. Planning for business continuity • What is business continuity planning? • are processes that help organizations prepare for disruptive events—whether those event might include a hurricane or simply a power outage caused by a backhoe in the parking lot. • -A proactive planning process to ensure that critical services or products are delivered during a disruption. Critical services or products delivered to:  • Ensure survival • Avoid causing injury • Meet legal or other obligations of a business.

  17. Benefits of a business continuity plan • Enhance your business image with employees, shareholders and customers by demonstrating a proactive attitude. • Improve efficiency in the overall organization. • Identify the relationship of assets both human and financial resources with respect to critical services and deliverables. •  helps ensure that your business has the resources and information needed to deal with an emergency.

  18. Using Internal resources Internal sources of funding have the advantage of being less expensive and taking less time to secure. The disadvantages of using internal sources of funding may include not having a close relationship with an outside lending source when one is needed, not accumulating a credit history, and inconsistency in the available cash because of fluctuations in the company's cash flow situation.

  19. Using external resources • external resources enables you to notify one or more provisionary about pending requests, including detailed information about what is being provisioned.

  20. CORE COMPETENCIES OF SECURITY OPERATIONS • Core competencies refer to the fundamental abilities a protective program needs in order for it to deliver services. These needs will vary according to the type of organization, its size and geography, recent history, criticality of resources, vulnerability to losses, and other factors.

More Related