Download Presentation Prepared By: Raghda Zahran

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
Document related concepts

Wireless security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Cyberwarfare wikipedia , lookup

Distributed firewall wikipedia , lookup

IT risk management wikipedia , lookup

Airport security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cyberattack wikipedia , lookup

Mobile security wikipedia , lookup

Information security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Social engineering (security) wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Information Technology Security
Assessment
Prepared By: Raghda Zahran
Supervised By: Dr. Lo’ai Tawalbeh
New York Institute of Technology (NYIT)Jordan’s campus-2006
The Global Threat
 Information security is not just a paperwork
drill…there are dangerous adversaries out
there capable of launching serious attacks
on our information systems that can result
in severe or catastrophic damage to the
nation’s critical information infrastructure
and ultimately threaten our economic and
national security…
Critical Infrastructures
Examples









Energy (electrical, nuclear, gas and oil, dams)
Transportation (air, road, rail, port, waterways)
Public Health Systems / Emergency Services
Information and Telecommunications
Defense Industry
Banking and Finance
Postal and Shipping
Agriculture / Food / Water
Chemical
Computer Security Practices in Nonprofit
Organizations
• When asked how employees would
characterize the state of their own
organization's computer security practices,
nearly a third of the respondents (32%)
acknowledged that their computer security
practices needed to be improved.
• How respondents described their own
organization's computer security?
•
Threats to Security
Connectivity
Complexity
Which of the following statements best
describes your organization's computer
security?
Does your organization have a data recovery
plan to implement in the event of catastrophic
data loss?
In your opinion, what are the computer security
issues that your organization needs to address?
The Risks are Real
•
•
•
•
•
•
•
•
• Lost laptops and portable storage devices
• Data/Information “left” on public computers
• Data/Information intercepted in transmission
• Spyware, “malware,” “keystroke logging”
• Unprotected computers infected within seconds
of being connected to the network
• Thousands of attacks on campus networks
every day
Document
Review
Risk
Identification
Vulnerability
Scan
Requirement Study
And
Situation Analysis
Report
&
Briefing
Data
Analysis
Risk Management Flow
• Investigate
• Analyze: Risk Identification Identify the
vulnerability and
• Analyze : Risk Control investigate how to
control vulnerabilities
• Design
• Implement
• Maintain
Information Security Program
Links in the Security Chain: Management, Operational, and Technical Controls
 Risk assessment
 Security planning
 Security policies and procedures
 Contingency planning
 Incident response planning
 Security awareness and training
 Physical security
 Personnel security
 Certification, accreditation, and
security assessments
 Access control mechanisms
 Identification & authentication mechanisms
(Biometrics, tokens, passwords)
 Audit mechanisms
 Encryption mechanisms
 Firewalls and network security mechanisms
 Intrusion detection systems
 Security configuration settings
 Anti-viral software
 Smart cards
Adversaries attack the weakest link…where is yours?
What you need to know
•
•
•
•
•
•
IT resources to be managed
What’s available on your network
Policies, laws & regulations
Security Awareness
Risk Assessment, Mitigation, & Monitoring
Resources to help you
The Golden Rules
Building an Effective Enterprise Information Security Program
 Develop an enterprise-wide information security strategy
and game plan
 Get corporate “buy in” for the enterprise information
security program—effective programs start at the top
 Build information security into the infrastructure of the
enterprise
 Establish level of “due diligence” for information security
 Focus initially on mission/business case impacts—bring in
threat information only when specific and credible
The Golden Rules
Building an Effective Enterprise Information Security Program
 Create a balanced information security program with
management, operational, and technical security controls
 Employ a solid foundation of security controls first, then
build on that foundation guided by an assessment of risk
 Avoid complicated and expensive risk assessments that rely
on flawed assumptions or unverifiable data
 Harden the target; place multiple barriers between the
adversary and enterprise information systems
 Be a good consumer—beware of vendors trying to sell
“single point solutions” for enterprise security problems
The Golden Rules
Building an Effective Enterprise Information Security Program
 Don’t be overwhelmed with the enormity or complexity of
the information security problem—take one step at a time
and build on small successes
 Don’t tolerate indifference to enterprise information security
problems
And finally…
 Manage enterprise risk—don’t try to avoid it!
Thanks
Q
Related documents
Cpt 4
Cpt 4
ROLE OF PROMOTION
ROLE OF PROMOTION
thematic essay packet
thematic essay packet
Golden Mussel *Not detected in Michigan*
Golden Mussel *Not detected in Michigan*
The work with the project «Secret of the gold section»
The work with the project «Secret of the gold section»
Cpt 1
Cpt 1
Lesson 3: The Golden Age of Athens
Lesson 3: The Golden Age of Athens
Market Research powerpoint
Market Research powerpoint
Golden Ratio
Golden Ratio
How is the golden ratio used in music?
How is the golden ratio used in music?
The Golden Rule
The Golden Rule
Guidelines on Recruitment Incentive payments for Nurses
Guidelines on Recruitment Incentive payments for Nurses