Information Technology Security Assessment - PowerPoint PPT Presentation

About This Presentation
Title:

Information Technology Security Assessment

Description:

New York Institute of Technology (NYIT)-Jordan's campus-2006 ... Transportation (air, road, rail, port, waterways) Public Health Systems / Emergency Services ... – PowerPoint PPT presentation

Number of Views:57
Avg rating:3.0/5.0
Slides: 18
Provided by: Rag52
Category:

less

Transcript and Presenter's Notes

Title: Information Technology Security Assessment


1
Information Technology Security Assessment
  • Prepared By Raghda Zahran
  • Supervised By Dr. Loai Tawalbeh
  • New York Institute of Technology (NYIT)-Jordans
    campus-2006

2
The Global Threat
  • Information security is not just a paperwork
    drillthere are dangerous adversaries out there
    capable of launching serious attacks on our
    information systems that can result in severe or
    catastrophic damage to the nations critical
    information infrastructure and ultimately
    threaten our economic and national security

3
Critical InfrastructuresExamples
  • Energy (electrical, nuclear, gas and oil, dams)
  • Transportation (air, road, rail, port, waterways)
  • Public Health Systems / Emergency Services
  • Information and Telecommunications
  • Defense Industry
  • Banking and Finance
  • Postal and Shipping
  • Agriculture / Food / Water
  • Chemical

4
Computer Security Practices in Nonprofit
Organizations
  • When asked how employees would characterize the
    state of their own organization's computer
    security practices, nearly a third of the
    respondents (32) acknowledged that their
    computer security practices needed to be
    improved.
  • How respondents described their own
    organization's computer security?

5
Threats to Security
6
Which of the following statements best describes
your organization's computer security?
7
Does your organization have a data recovery plan
to implement in the event of catastrophic data
loss?
8
In your opinion, what are the computer security
issues that your organization needs to address?
9
The Risks are Real
  • Lost laptops and portable storage devices
  • Data/Information left on public computers
  • Data/Information intercepted in transmission
  • Spyware, malware, keystroke logging
  • Unprotected computers infected within seconds
  • of being connected to the network
  • Thousands of attacks on campus networks
  • every day

10

11
Risk Management Flow
  • Investigate
  • Analyze Risk Identification Identify the
    vulnerability and
  • Analyze Risk Control investigate how to control
    vulnerabilities
  • Design
  • Implement
  • Maintain

12
Information Security Program
Links in the Security Chain Management,
Operational, and Technical Controls
  • Risk assessment
  • Security planning
  • Security policies and procedures
  • Contingency planning
  • Incident response planning
  • Security awareness and training
  • Physical security
  • Personnel security
  • Certification, accreditation, and
  • security assessments
  • Access control mechanisms
  • Identification authentication mechanisms
  • (Biometrics, tokens, passwords)
  • Audit mechanisms
  • Encryption mechanisms
  • Firewalls and network security mechanisms
  • Intrusion detection systems
  • Security configuration settings
  • Anti-viral software
  • Smart cards

Adversaries attack the weakest linkwhere is
yours?
13
What you need to know
  • IT resources to be managed
  • Whats available on your network
  • Policies, laws regulations
  • Security Awareness
  • Risk Assessment, Mitigation, Monitoring
  • Resources to help you

14
The Golden RulesBuilding an Effective Enterprise
Information Security Program
  • Develop an enterprise-wide information security
    strategy and game plan
  • Get corporate buy in for the enterprise
    information security programeffective programs
    start at the top
  • Build information security into the
    infrastructure of the enterprise
  • Establish level of due diligence for
    information security
  • Focus initially on mission/business case
    impactsbring in threat information only when
    specific and credible

15
The Golden RulesBuilding an Effective Enterprise
Information Security Program
  • Create a balanced information security program
    with management, operational, and technical
    security controls
  • Employ a solid foundation of security controls
    first, then build on that foundation guided by an
    assessment of risk
  • Avoid complicated and expensive risk assessments
    that rely on flawed assumptions or unverifiable
    data
  • Harden the target place multiple barriers
    between the adversary and enterprise information
    systems
  • Be a good consumerbeware of vendors trying to
    sell single point solutions for enterprise
    security problems

16
The Golden RulesBuilding an Effective Enterprise
Information Security Program
  • Dont be overwhelmed with the enormity or
    complexity of the information security
    problemtake one step at a time and build on
    small successes
  • Dont tolerate indifference to enterprise
    information security problems
  • And finally
  • Manage enterprise riskdont try to avoid it!

17
Thanks
Q
A
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Technology Security Assessment" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!