1 / 12

Information Security

Innovation or Necessity?. Information Security. ISM 158 By: Sepehr Saeb. In 2006, Nationwide building society was fined nearly £1 million by the FSA (Financial Services Authority) for failing to have effective systems and controls to manage information security risks.  Why?

asha
Download Presentation

Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Innovation or Necessity? Information Security ISM 158 By: SepehrSaeb

  2. In 2006, Nationwide building society was fined nearly £1 million by the FSA (Financial Services Authority) for failing to have effective systems and controls to manage information security risks.  Why? The laptop of one of the employees got stolen from his house so that put the customers into a high risk of financial crime Introduction

  3. Today, information is considered as an essential asset for businesses not only as the success factor, but also as an surviving factor. Different Types of Information: Printed or written Stored electronically Transmitted by post Shown on films Spoken in conversation Introduction continued…

  4. As soon as the necessity of information is realized by the leaders of a business, Security must be embedded into the system and become standard. If it is implemented correctly: Increased efficiency Greater clarity and visibility of processes Risk reduction Direct improvement Higher credibility within clients Managing Information Security

  5. Implementing an Information Security Management System (ISMS) • What ISMS Does? • Identify and reduce security risks • Focus information security • Protect information Solution

  6. The Core work needs to be done in implementing ISMS: • Scope out the extent of the system and its boundaries in order to protect data • A thorough and detailed risk assessment needs to be prepared by identifying the valuable information with possible threats and vulnerabilities followed by the existing controls.  The result of these steps will show us which section of business need stronger and more developed security. Solution continued

  7. After gathering all necessary requirements to implement ISMS: • Staff training and awareness • Publishing the security policy • Documenting the final set of security controls • Periodic review of the system is essential to maintain the integrity of the system Solution continued (go live)

  8. Reduction in security breaches Improved understanding of business operations and related critical assets Ensuring compliance to regulatory and legislative requirements Reduced risk to reputation in the market sector Increased protection of key IT assets and related data Enforcing a systematic approach to identifying and handling security incidents. Providing confidence to external financial auditors that security controls are in place and effective. Benefits

  9. Security of back up data Staff training and awareness Limited tools to characterize security performance Lack of effective testing systems Poor software licensing controls Weaknesses

  10. Since information is dramatically increasing and getting larger  Security risks also is increasing As a result, having a good ISMS is necessity The main issue is to avoid security breaches in the gap between a new vulnerability being published and implementing a patch to fix it which is time consuming Future

  11. questions

  12. http://www.cxo.eu.com/article/Information-Security-Innovation-or-Necessity/http://www.cxo.eu.com/article/Information-Security-Innovation-or-Necessity/ Resources

More Related