information security n.
Skip this Video
Download Presentation
Information Security

Loading in 2 Seconds...

play fullscreen
1 / 12

Information Security - PowerPoint PPT Presentation

  • Uploaded on

Innovation or Necessity?. Information Security. ISM 158 By: Sepehr Saeb. In 2006, Nationwide building society was fined nearly £1 million by the FSA (Financial Services Authority) for failing to have effective systems and controls to manage information security risks.  Why?

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Information Security' - abel-oliver

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

In 2006, Nationwide building society was fined nearly £1 million by the FSA (Financial Services Authority) for failing to have effective systems and controls to manage information security risks.

 Why?

The laptop of one of the employees got stolen from his house so that put the customers into a high risk of financial crime

introduction continued

Today, information is considered as an essential asset for businesses not only as the success factor, but also as an surviving factor.

Different Types of Information:

Printed or written

Stored electronically

Transmitted by post

Shown on films

Spoken in conversation

Introduction continued…
managing information security

As soon as the necessity of information is realized by the leaders of a business, Security must be embedded into the system and become standard.

If it is implemented correctly:

Increased efficiency

Greater clarity and visibility of processes

Risk reduction

Direct improvement

Higher credibility within clients

Managing Information Security

Implementing an Information Security Management System (ISMS)

  • What ISMS Does?
    • Identify and reduce security risks
    • Focus information security
    • Protect information
solution continued

The Core work needs to be done in implementing ISMS:

    • Scope out the extent of the system and its boundaries in order to protect data
    • A thorough and detailed risk assessment needs to be prepared by identifying the valuable information with possible threats and vulnerabilities followed by the existing controls.

 The result of these steps will show us which section of business need stronger and more developed security.

Solution continued
solution continued go live

After gathering all necessary requirements to implement ISMS:

    • Staff training and awareness
    • Publishing the security policy
    • Documenting the final set of security controls
    • Periodic review of the system is essential to maintain the integrity of the system
Solution continued (go live)

Reduction in security breaches

Improved understanding of business operations and related critical assets

Ensuring compliance to regulatory and legislative requirements

Reduced risk to reputation in the market sector

Increased protection of key IT assets and related data

Enforcing a systematic approach to identifying and handling security incidents.

Providing confidence to external financial auditors that security controls are in place and effective.


Security of back up data

Staff training and awareness

Limited tools to characterize security performance

Lack of effective testing systems

Poor software licensing controls


Since information is dramatically increasing and getting larger  Security risks also is increasing

As a result, having a good ISMS is necessity

The main issue is to avoid security breaches in the gap between a new vulnerability being published and implementing a patch to fix it which is time consuming