1 / 19

Prepared By Baderdeen J Alsaba Supervised By Dr. Sana’a Wafa Al- Sayegh

University of Palestine College of Information Technology Security System Standards Specification. Prepared By Baderdeen J Alsaba Supervised By Dr. Sana’a Wafa Al- Sayegh. Contact: uk_81@hotmail.com. Agenda. Introduction Definition Provide adequate protection

audra-knowles
Download Presentation

Prepared By Baderdeen J Alsaba Supervised By Dr. Sana’a Wafa Al- Sayegh

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. University of Palestine College of Information TechnologySecurity System Standards Specification PreparedBy Baderdeen J Alsaba Supervised By Dr. Sana’a Wafa Al-Sayegh Contact: uk_81@hotmail.com

  2. Agenda • Introduction • Definition • Provide adequate protection • First dimension: the security of information - Plenary Session • Phase I Evaluation: • Phase II Design: • Phase IIIimplementation: • Phase IV Control: • Second dimension :the security of information - building blocks • I- construction unit: regulations • II-Unit construction Education • III - Building security

  3. Agenda • Third dimension: the security of information - valuable property • Persons:- • Data:- • Infrastructure for the Information Technology • Equipment:- • Networks :- • Operating Systems :- • Applications:- • References:-

  4. Introduction • And the use of the term systems Security and was previously used old methods of the birth of information technology, but found common use, but the actual scope of the activities in the processing and transfer of data by means of computing and communication - specifically the Internet   - Occupied the research and studies security systems are in the broad area of development among the various information technology research, and perhaps even becoming one of the concerns felt by the different actors. - As well as the goal of legislative measures in this field, ensure the availability of the following elements for information

  5. Definition System security • Is the science that looks at the theories and strategies to provide protection system of the risks and activities that threaten to attack them • In terms of technology, the means and tools and procedures to be provided to ensure the protection of the system of internal and external threats. • From a legal perspective, the purpose of legislation to protect the system from illicit activities and illegal targeting of information and systems (computer crimes and Internet piracy)

  6. Provide adequate protection • 1 - CONFIDENTIALITY:- secret or reliability Means to make sure that information does not reveal not disclosed by unauthorized people. • 2 - INTEGRITY:- To make sure that the true content of the information has not been modified or tampered with in particular.

  7. Provide adequate protection • 3 - AVAILABILITY:- To ensure the continued operation of information system and the continued ability to interact with the. • 4 - Non-repudiation:- It is intended to ensure that deny the person who is related to the disposal of their information or deny that it was he who did this act

  8. First dimension: the security of information - Plenary Session Phase I: Evaluation: Each facility must assess the risks that watching them, to learn accurate knowledge of their environment, and has the ability to classify data in terms of sensitivity and importance. • Why protect? (What is the mission property?) • What is? (What are the risks?) • How safeguard? (What are the mechanisms?)

  9. Phase II Design • Assuming that the security chain, the chain measured by the most vulnerable of a link. Therefore, the use of the latest networking barriers Firewalls or even intrusion detection systems (Intrusion Detection Systems) (IDS) does not guarantee full security of the business.

  10. Phase III:implementation: • After structural choose the appropriate security (in design), you will need to implement technical controls you've selected. Perhaps that controls the barrier on the web or intrusion detection system or e-mail server or domain name (DNS). • Buy as much as possible of those techniques is not the solution, and to a series of effort Servers domain name to reduce the risk, and allocate a servant of email within your network, and to take the web-based neutral DMZ)) servant to pass mail Relay Server) ) And out of your network

  11. Phase IVControl • It is well known that we can not find a secure system by 100%, but we always seek to reduce risk to trade, whether legal or financial risk, professional or reputation. And security risks is the kind of professional to be reduced. Upon the expiration of the implementation of risk reduction plan - including network design and the design of security infrastructure, in addition to the employment of security techniques, it is appropriate for you, you should monitor all these facilities 24 hours a day 365 days a year

  12. Second dimensionthe security of information - building blocks • I- construction unit: regulations • The regulations are the heart of any system of information security management (ISMS), it shows clearly what is permitted and not permitted, they found the roles and responsibilities and be clearly determined. The security regulations define accurately forecast its senior management and information security.

  13. II-Unit construction Education • According to one professional breakthrough that "social interaction was the easiest way to penetrate the systems." We often do not look beyond the technical barriers and defenses - including network barriers - and forget the importance of those barriers that lie in our minds a "human barriers".

  14. III - Building security • That the Department must ensure that investment in information security has borne fruit, and asked the advice of a neutral party to identify the degree of safety in infrastructure. This does not stop at that, but we must integrate security in the security program of the business, so that is an integral part of that program to assess the security mechanisms, and to verify that the infrastructure is in accordance with the regulations and requirements set

  15. Third dimensionthe security of information - valuable property • When it comes to information security, the important question is: What you want to protect? • Persons:-People are most valuable to you. Therefore, to maintain their safety is the first priorities in any business. Different roles of these persons: Some regulations, networks, operators, managers, and employees, and the owners of contracts and trading partners. • Data:- Should always ask yourself this simple question: What I want to AHMIA? • The security of data includes everything, it includes documents sent by fax or picked up, and your email messages, and mobile data across your network, and business processes, and databases of customers, and so on.

  16. Infrastructure for the Information Technology • Equipment: - Must prevent unauthorized persons have access to central servers and storage devices, and even be barred from entering the facilities and buildings task. • Networks :- Moving facilities to join the network environments connected to the shared source and built by employing basic recruitment optimal, but the risk exposure of internal and external is possible.

  17. Infrastructure for the Information Technology • Operating Systems :- The systems in urgent need of protection from internal and external threats, whether UNIX systems UNIX)) or Windows (Windows NT/2000/XP/2003). These systems also need to immunization and continued to check on a regular basis. • Applications:- The application is one in which users can deal with your environment technology. These specialized applications in accounting, human resources, logistics, finance and communications are needed to be protected and kept confidential.

  18. References:- • http://www.publications.ksu.edu.sa/IT%20Papers/Information%20Security/IT%20Sec.doc • http://www.27001.net/2007/06/what-is-iso-27001.html • http://www.27001.net/labels/iso%2027001.html • http://www.bsi-global.com/en/Assessment-and-certification-services/management-systems/Standards-and-Schemes/ISO-IEC-27001 • http://www.praxiom.com/27001.htm • http://www.isoqar.com/iso27001/27001intro.htm • http://www.the-dma.org/guidelines/informationsecurity.shtml • http://iso27001security.com/html/iso27000.html • http://www.ccert.edu.cn/education/cissp/hism/ewtoc.html

  19. Any question? Contact: uk_81@hotmail.com

More Related