Information Security - PowerPoint PPT Presentation

About This Presentation
Title:

Information Security

Description:

... systems, hardening systems or forensic analysis but also risk management), We have in mind security management processes but we need to define them : ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 6
Provided by: foo86
Category:

less

Transcript and Presenter's Notes

Title: Information Security


1
Information Security Applying processes to
security management
  • Security is a process, not a product." Bruce
    Schneier
  • Alexandre Dulaunoy - GT-SECSI - Clussil

2
Information Security and processes
  • Information Security Management is composed of
    processes (think about patching systems,
    hardening systems or forensic analysis but also
    risk management),
  • We have in mind security management processes but
    we need to define them
  • Developing process steps can be difficult but the
    most difficult is to only focus on the important
    steps (steps must be also clear for every
    participant in a process),
  • the simplest version is preferred - Occam's
    Razor principle complexity and security
    management are enemies,
  • Describing processes permits to define required
    operation management

3
Security Management and existing standards
  • CobiT (metrics and assessment are well defined
    but practical approach is out of scope)
  • ITIL and itSMF (IT processes and services well
    defined)
  • ISO 17799 and alike (auditing and security
    controls)
  • RFC2196 and various practical standards (good
    practical approach and how-to )
  • All standards are complementary and can be
    implemented together
  • Evaluate standards and pick the standards fitting
    your organization

4
Security Management and Operations Management
  • Information systems are managed by various
    operation and security management processes,
  • Security management is not a standalone process
    and is being part of operational management
  • Security measures are tested during operation,
  • Configuration and Asset Management is part of the
    security process (e.g. vulnerability or inventory
    assessment),
  • Incident Management can be a source of
    information for security management or security
    management can be the source of the incident,
  • Security is everywhere in the IT management
    framework

5
Conclusion
  • Security Management can be enhanced with the help
    of standards (e.g. clear definition of processes,
    enhance interaction between users and IT
    persons),
  • Clever link between security management, risk
    management and IT management can ease security
    monitoring and incident detection,
  • The never ending iterative process of information
    security (assess-gtprotect-gtaudit) must be part of
    the IT management framework,
  • Document the security management processes and
    test/evaluate your processes before going live,
  • Information Security Management and standards can
    be good friends if correctly implemented.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Security " is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!