SlideShare a Scribd company logo

Information Security Management.Introduction

Download as PPT, PDF
Y
yuliana_mar

Information Security Management. Introduction. By Yuliana Martirosyan, Based on Bell G. Reggard, Information Security Management. Concepts and Practices.

1 of 16
Downloaded 35 times
Information Security Management Introduction By Yuliana Martirosyan Based on Bell G. Reggard, (2010) Information Security Management. Concepts and Practices.
Introduction People Network Activities TechnologyData Information Security Management Introduction to Information Security Management
• Introduction • Layers of personnel around an information resources Operator -System- Security Staff Security Administrator System Owner Information Security Management Introduction to Information Security Management
Information Security Management • Why Information Security Matters? • Information drives enterprise business value generation. • Information is the basis of competitive advantage. • Assets are very independent. To protect one asset the whole computing environment should be protected. Introduction to Information Security Management
Information Security Management Information Sensitivity Classification Information sensitivity taxonomy Introduction to Information Security Management Information Sensitivity Public Information Confidential Information Internal Use Proprietary Information Highly Confidential Top Secret
Information Security Management Information Security Governance Corporate governance has to do with how the board of directors and executive management run and control a company IT governance is how technology is used and managed so that it supports business needs. Information security governance is a coherent system of integrated security components • products • personnel • training • processes • policies ... that exist to ensure that the organization survives and hopefully thrives. Introduction to Information Security Management
The Computing Environment Security of an information system Information System Security People security Technology Security Network Security Security of IS Activities Data Security Information Security Management Introduction to Information Security Management
Security of Various Components in the Computer Environments Protecting organization, information system , or any computing environment means following: • Personal security to protect people • Qualification assurance • Specifications of the job • Security clearance • Screening Assurance • Authorizing of process • Security Training • Nondisclosure Agreement Information Security Management Introduction to Information Security Management
Security of an information system 1. Introduction to Information Security Management CIA Triad CIA Triad Confidentiality Integrity Availability
CIA triad suffers from at least 2 drawbacks: Security Star Model Confidentiality Availability Non-Repudiation Integrity Authentication 1. Introduction to Information Security Management The Security Star
Parker’s View of Information Security Parker’s View of Information Security • CIA Triad • Authenticity • Possession Envelope • Utility Possession defines ownership or control of information Authenticity aims at ensuring that the origin of the transmission is correct and that the authorship of the transmitted documents is valid Utility emphasized the usefulness of the information in possession Information Security Management Introduction to Information Security Management
What is Information Security Management 1. Identify computing environment, define its critically, prioritize its contribution to the organization’s business-value-generation capabilities; 2. Identify all security risks, assess them, mitigate them by devising a comprehensive risk- driven security program; 3. Provide continual improvement of the organization’s risk position. Information Security Management Introduction to Information Security Management
Security Controls Managerial Controls: • Risk Assessment • Planning • System and Service acquisition • Certification, accreditation and security assessment Technical Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management Information Security Management Introduction to Information Security Management
Security Controls Operational Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management • Maintenance • System and Information Integrity • Media Protection • Incident Response • Awareness and Training Information Security Management Introduction to Information Security Management
The NSA Triad for Security Assessment Assessment - Security Planning for 3 years Not technical, often qualitative Doesn’t involve any testing Collaborative, often shared by users, managers, and owner Evaluation - How to use technology to support information security Technical but not invasive Passive testing required for self study Collaborative to some extends Involves diagnostic tools Involves internal audit Information Security Management Introduction to Information Security Management
The NSA Triad for Security Assessment Penetration Testing Non-collaborative Technical in nature Invasive in nature Involves external audit Active penetration tests Risk to compromise the target system exists but has to be avoided Active assessment expertise is required Information Security Management Introduction to Information Security Management
Ad

Recommended

Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security
Sammer Qader
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
chauhankapil
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dumindu Pahalawatta
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
Data security
Data securityData security
Data security
ForeSolutions
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
Priyanka Aash
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
HasnolAhmad2
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
Mark Conway
 
IT security
IT securityIT security
IT security
Aman Jain
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
yuliana_mar
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
Ad

More Related Content

What's hot (20)

Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
Data security
Data securityData security
Data security
ForeSolutions
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
Priyanka Aash
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
HasnolAhmad2
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
Mark Conway
 
IT security
IT securityIT security
IT security
Aman Jain
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
Data security
Data securityData security
Data security
ForeSolutions
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
Priyanka Aash
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
HasnolAhmad2
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
Mark Conway
 
IT security
IT securityIT security
IT security
Aman Jain
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 

Viewers also liked (6)

Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
yuliana_mar
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
Understanding Information Security
Understanding Information SecurityUnderstanding Information Security
Understanding Information Security
Sanjaya K Saxena
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
primeteacher32
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systems
primeteacher32
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
yuliana_mar
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
Understanding Information Security
Understanding Information SecurityUnderstanding Information Security
Understanding Information Security
Sanjaya K Saxena
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
primeteacher32
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systems
primeteacher32
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
Ad

Similar to Information Security Management.Introduction (20)

Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
ssuserf98dd4
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
Rimurutempest594985
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
Ndheh
 
Aspects of information security management at a glance.pptx
Aspects of information security management at a glance.pptxAspects of information security management at a glance.pptx
Aspects of information security management at a glance.pptx
Khatore IT Solutions
 
Information Security
Information Security Information Security
Information Security
Alok Katiyar
 
Chapter 1 Introduction about information assurance.pptx
Chapter 1 Introduction about information assurance.pptxChapter 1 Introduction about information assurance.pptx
Chapter 1 Introduction about information assurance.pptx
mc0225225
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
MANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptx
MANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptxMANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptx
MANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptx
Universitas Teknokrat Indonesia
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
TikdiPatel
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptx
RashidSahito1
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
See You Rise Holdings
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
Stephen Abram
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
Wiliam Ferraciolli
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
Inderjeet Singh
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
madunix
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
ssuserf98dd4
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
Rimurutempest594985
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
Ndheh
 
Aspects of information security management at a glance.pptx
Aspects of information security management at a glance.pptxAspects of information security management at a glance.pptx
Aspects of information security management at a glance.pptx
Khatore IT Solutions
 
Information Security
Information Security Information Security
Information Security
Alok Katiyar
 
Chapter 1 Introduction about information assurance.pptx
Chapter 1 Introduction about information assurance.pptxChapter 1 Introduction about information assurance.pptx
Chapter 1 Introduction about information assurance.pptx
mc0225225
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
MANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptx
MANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptxMANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptx
MANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptx
Universitas Teknokrat Indonesia
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
TikdiPatel
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptx
RashidSahito1
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
See You Rise Holdings
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
Stephen Abram
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
Wiliam Ferraciolli
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
Inderjeet Singh
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
madunix
 
Ad

Recently uploaded (20)

Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 

Information Security Management.Introduction

  • 1. Information Security Management Introduction By Yuliana Martirosyan Based on Bell G. Reggard, (2010) Information Security Management. Concepts and Practices.
  • 3. • Introduction • Layers of personnel around an information resources Operator -System- Security Staff Security Administrator System Owner Information Security Management Introduction to Information Security Management
  • 4. Information Security Management • Why Information Security Matters? • Information drives enterprise business value generation. • Information is the basis of competitive advantage. • Assets are very independent. To protect one asset the whole computing environment should be protected. Introduction to Information Security Management
  • 5. Information Security Management Information Sensitivity Classification Information sensitivity taxonomy Introduction to Information Security Management Information Sensitivity Public Information Confidential Information Internal Use Proprietary Information Highly Confidential Top Secret
  • 6. Information Security Management Information Security Governance Corporate governance has to do with how the board of directors and executive management run and control a company IT governance is how technology is used and managed so that it supports business needs. Information security governance is a coherent system of integrated security components • products • personnel • training • processes • policies ... that exist to ensure that the organization survives and hopefully thrives. Introduction to Information Security Management
  • 7. The Computing Environment Security of an information system Information System Security People security Technology Security Network Security Security of IS Activities Data Security Information Security Management Introduction to Information Security Management
  • 8. Security of Various Components in the Computer Environments Protecting organization, information system , or any computing environment means following: • Personal security to protect people • Qualification assurance • Specifications of the job • Security clearance • Screening Assurance • Authorizing of process • Security Training • Nondisclosure Agreement Information Security Management Introduction to Information Security Management
  • 9. Security of an information system 1. Introduction to Information Security Management CIA Triad CIA Triad Confidentiality Integrity Availability
  • 10. CIA triad suffers from at least 2 drawbacks: Security Star Model Confidentiality Availability Non-Repudiation Integrity Authentication 1. Introduction to Information Security Management The Security Star
  • 11. Parker’s View of Information Security Parker’s View of Information Security • CIA Triad • Authenticity • Possession Envelope • Utility Possession defines ownership or control of information Authenticity aims at ensuring that the origin of the transmission is correct and that the authorship of the transmitted documents is valid Utility emphasized the usefulness of the information in possession Information Security Management Introduction to Information Security Management
  • 12. What is Information Security Management 1. Identify computing environment, define its critically, prioritize its contribution to the organization’s business-value-generation capabilities; 2. Identify all security risks, assess them, mitigate them by devising a comprehensive risk- driven security program; 3. Provide continual improvement of the organization’s risk position. Information Security Management Introduction to Information Security Management
  • 13. Security Controls Managerial Controls: • Risk Assessment • Planning • System and Service acquisition • Certification, accreditation and security assessment Technical Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management Information Security Management Introduction to Information Security Management
  • 14. Security Controls Operational Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management • Maintenance • System and Information Integrity • Media Protection • Incident Response • Awareness and Training Information Security Management Introduction to Information Security Management
  • 15. The NSA Triad for Security Assessment Assessment - Security Planning for 3 years Not technical, often qualitative Doesn’t involve any testing Collaborative, often shared by users, managers, and owner Evaluation - How to use technology to support information security Technical but not invasive Passive testing required for self study Collaborative to some extends Involves diagnostic tools Involves internal audit Information Security Management Introduction to Information Security Management
  • 16. The NSA Triad for Security Assessment Penetration Testing Non-collaborative Technical in nature Invasive in nature Involves external audit Active penetration tests Risk to compromise the target system exists but has to be avoided Active assessment expertise is required Information Security Management Introduction to Information Security Management

Editor's Notes

  • #3: A computing environment as Raggad’s taxonomy of information security is made up for five continuously interacting components. Information system is viewed as smaller computing environment made to efficiently achieve information system objectives.
  • #5: Information security cannot just be devised based on the specifications of security solutions; a thorough study of the organization business value generation model and its computing environment is needed before prescribing any security programs. Any security investigation has to be risk driven Off-the -self solutions will not work : 1. security requirements vary depending on vulnerabilities and threats of organization’s computing environment 2. the effect and consequences of similar security incidents vary from one organization to another.
  • #6: Information sensitivity taxonomy proposed by the ISO/IEC 177799 or ISO/IEC 27002.
  • #11: CIA triad suffers from at least 2 drawbacks: The tree security goals are not sufficient and more security goals have to be added A risk-driven model based on CIA is not sufficient to achieve security as long as security management is not incorporated in the security model. Authentication - verifying the identity of an agent before access is granted smart cards, public key, biometrics Non-Repudiation - both ends of transmission cannot deny their involvement in the transmission: Digital signatures
  • #12: Possession: Even if information is securely encrypted in a packet, just loosing the packet is a breach of possession Utility: if information is available to you in an encrypted form, but you have no way to decrypt it this information is not useful to you
  • #13: Provide continual improvement of the organization’s risk position: automatically revising the risk driven security program as security requirements change with changes in computing environment