Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
eople, Process andTechnology
-Information as Asset
Kowshik
Madhu
Mayur
Sharique
Vidyashankar
Introduction
• Information security is the practice of
defending information from unauthorized access,
use, disclosure, di...
People-Process-Technology
• The fundamental principles of any business
operation are “people,” “processes,” and
“technolog...
People In IT Security
Process in IT Security
Adopting International standards for IT security
• ISO27001 : Protect , preserve information
under confidentiality, integr...
Process in IT Security
Technology in IT Security
1. To improve productivity, efficiency, and process consistency.
2. Develop technical requiremen...
 Cloud Access Security Brokers.
 Adaptive Access Control.
 Pervasive Sandboxing (Content Detonation) and IOC Confirmati...
“Information as Asset”
• Like any other corporate asset, an organization's information assets have
financial value. The va...
A. Identification of assets
• Information assets
• Software assets
• Physical assets
• Services
B. Accountability of asset...
C. Preparing a schema for
classification
• Confidentiality – Confidential, Company Only, Shared,
Unclassified
• Value
• Ti...
Conclusion
• Information security is the ongoing process of
exercising due care and due diligence to protect
information, ...
Prochain SlideShare
Chargement dans…5
×

People process technology - Information as Asset

1 810 vues

Publié le

Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
The elements are
Integrity – maintaining accuracy
Availability – available when needed
Authenticity – ensure genuine data
Non-repudiation – two way transactions

The fundamental principles of any business operation are “people,” “processes,” and “technology.” Attention to all three are required to have significant and lasting change on how the organization operates.
Strong processes can often help to overcome potential vulnerabilities in a security product, while poor implementation can render good technologies ineffective.
Antivirus software is a good example of how people-process-technology all have roles in its effectiveness.

Conclusion:
Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution.
Circling back to the beginning of presentation – a focus on only technical security controls may leave you with a system that is not maintained (e.g., insufficient man-power, and/or training for people) and it is not very effective (e.g., poor processes and policies).

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

People process technology - Information as Asset

  1. 1. eople, Process andTechnology -Information as Asset Kowshik Madhu Mayur Sharique Vidyashankar
  2. 2. Introduction • Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. • The elements are Integrity – maintaining accuracy Availability – available when needed Authenticity – ensure genuine data Non-repudiation – two way transactions
  3. 3. People-Process-Technology • The fundamental principles of any business operation are “people,” “processes,” and “technology.” Attention to all three are required to have significant and lasting change on how the organization operates. • Strong processes can often help to overcome potential vulnerabilities in a security product, while poor implementation can render good technologies ineffective. • Antivirus software is a good example of how people-process-technology all have roles in its effectiveness.
  4. 4. People In IT Security
  5. 5. Process in IT Security
  6. 6. Adopting International standards for IT security • ISO27001 : Protect , preserve information under confidentiality, integrity, availability. • ISO22301 : Focuses both on the recovery from disasters, but also on maintaining access to and security of information. Process in IT Security
  7. 7. Process in IT Security
  8. 8. Technology in IT Security 1. To improve productivity, efficiency, and process consistency. 2. Develop technical requirements for the submission of change requests, evaluation, approval, and evidence retention. 3. Migrate proven change control procedures and forms into the technology platform. Verify consistency with paper-based methods. 4. Implement technology to identify and track configuration of all hardware's and software’s.
  9. 9.  Cloud Access Security Brokers.  Adaptive Access Control.  Pervasive Sandboxing (Content Detonation) and IOC Confirmation.  Endpoint Detection and Response Solutions.  Big Data Security Analytics at the Heart of Next-generation Security Platforms.  Machine-readable Threat Intelligence, Including Reputation Services.  Containment and Isolation as a Foundational Security Strategy.  Software-defined Security.  Interactive Application Security Testing.  Security Gateways, Brokers and Firewalls to Deal with the Internet of Things.
  10. 10. “Information as Asset” • Like any other corporate asset, an organization's information assets have financial value. The value of asset increases in direct relationship to the number of people who are able to make use of the information • An information asset can be classified according to any criteria, not only by its relative importance or frequency of use. For example, data can be broken down according to topic, when it was created, where it was created or which personnel or departments use it the most. A data classification system can be implemented to make the organization's information assets easy to find, share and maintain • The major steps required for asset classification and controls are: – A. Identification of the assets – B. Accountability of assets – C. Preparing a schema for information classification – D. Implementing the classification schema
  11. 11. A. Identification of assets • Information assets • Software assets • Physical assets • Services B. Accountability of assets • Identifying owners
  12. 12. C. Preparing a schema for classification • Confidentiality – Confidential, Company Only, Shared, Unclassified • Value • Time • Access rights • Destruction D. Implementation of the classification schema • Uniform way of identifying the information • Right amount of protection
  13. 13. Conclusion • Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. • Circling back to the beginning of presentation – a focus on only technical security controls may leave you with a system that is not maintained (e.g., insufficient man-power, and/or training for people) and it is not very effective (e.g., poor processes and policies).

×