Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Introduction To Information Security

    Încărcat de

    kinverg
    83 vizualizări14 pagini
    Introduction to Information Security by Kinverg. Redirected from http://www.kinverg.com/services/education/information-security

    Titlu original

    Introduction to Information Security

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PPTX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Introduction to Information Security by Kinverg. Redirected from http://www.kinverg.com/services/education/information-security

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    83 vizualizări14 pagini

    Introduction To Information Security

    Încărcat de

    kinverg
    Introduction to Information Security by Kinverg. Redirected from http://www.kinverg.com/services/education/information-security

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 14

    INTRODUCTION TO INFORMATION SECURITY

    IT Governance
    IT Governance is a system for ensuring business value of IT through effective use of resources ,performing risk management of IT assets and measuring performance for continuous improvement of IT

    IT Governance
    Are we achieving (or likely to achieve) the objectives of IT Governance Domains ? Strategic Alignment Does IT strategy support the organizations strategy ? IS IT delivering value to its clients and end users ?

    Performance Measurement

    Do we have competent staff , right sized infrastructure and supporting applications ?

    IT Governance Domains

    Value Delivery

    What are the key risks to IT Assets and How to manage them ?

    Resource Management

    Risk Management

    ISMS Lead Implementer Course

    Information is an asset for any organization

    Information Security

    Preservation of Confidentiality , Integrity and Availability of information (CIA)


    Information is an Asset for any organization

    ISMS Lead Implementer Course

    Information Security Three Pillars


    Confidentiality
    Confidentiality
    Property that information is not made available or disclosed to unauthorized individuals , entities or processes

    Integrity
    Availability Integrity
    Property of protecting the accuracy and completeness of information

    Availability
    Property of being accessible and usable upon demand by an authorized entity

    ISMS Lead Implementer Course

    Business Case of InfoSec


    Why do we Need Information Security ?

    RISK
    ISMS Lead Implementer Course

    Business Case of InfoSec


    If the Corporate Email Server goes down , the communication between employees , clients and vendors will be delayed

    CIA
    If the HR Master Data is not showing the updated records for all the timesheets submitted by the employees ; the payroll may not get processed on timely basis

    CIA
    If the user privileges are not changed after job change ; the user may be able to view unauthorized information

    CIA
    There is no backup site available for continuing critical business operations which may cause reputation and/or client loss

    CIA
    ISMS Lead Implementer Course

    What is a Risk
    Risk is Combination of probability and consequence of an event
    Vul. Risk

    Threat
    Email Server Unavailable
    Vul.

    Due to power failure

    Configuration Change

    Email server can become unavailable due to the power failure causing serious problems in internal and external communication , the probability of such event is high.

    Vul.

    Threat Password Theft


    Vul.

    Weak Password

    Risk

    Social Engineering

    Password theft can occur due to the social engineering resulting in critical information leakage , the probability of such event is medium

    ISMS Lead Implementer Course

    Risk Based Approach to InfoSec


    > Justifies investment on Information Security

    RISK

    > Help analyze the control requirements


    > Prioritize information security efforts and investments

    > Helps in preparing business case for information security


    > Helps in aligning Information Security efforts to the Organizations overall business objectives > Defines what needs to be measures in Information Security

    ISMS Lead Implementer Course

    Risk Classifications
    Following are some classifications of Risk :
    Call Centre Operations ,

    Operational Risk Technology Risk Human Resource Risks Legal Risks Natural Risks (Force Majeure) Contractual Risks
    ISMS Lead Implementer Course
    Data and Privacy Regulations Use of new of State-of-theArt technology

    Social Engineering

    Flood and Natural Disasters , Law and order situation

    Breech of service level agreements

    10

    Risk Based Approach to InfoSec


    Threat for this house is Getting Robbed
    WHAT IS THE RISK ?
    Risk= Probability * Consequence Risk= 0.8 %* 1000 $ = 800 $

    (Vul) Glass windows


    (Vul) No alarm on main gate

    (Vul) No neighbor or watchman


    ISMS Lead Implementer Course

    (Control) Alarm on main gate

    11

    ISMS Implementation Roadmap

    12

    High Level Roadmap


    RFP / TENDER DEVELOPMENT

    GAP ANALYSIS

    EXECUTION & IMPLEMENTATION

    THIRD PARTY CERTIFICATION

    SUPPORT AND OPERATIONS

    13

    Office No. 11 , Level. 10 , Arfa Software Technology Park , 346-B Ferozepur Road Lahore 54000 Pakistan Phone: +92-423-597-2112 Fax: +92-423-595-8117 Email :info [at] kinverg.com URL : kinverg.com Facebook.com/ kinverg Linkedin.com/company/ kinverg Twitter.com/ kinverg

    PAKISTAN | KSA

    S-ar putea să vă placă și