building block or appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/andrew... ·...
TRANSCRIPT
5/4/2012
1
Sustain
Building Block or Appendage
Presented by: Andrew A. Nooks
CISSP, CISA,
CISM, CRISC
Execute
Grow
AliciaMarlon
Cer Alka
• A bit about me
• More about you
5/4/2012
2
• Definitions
• Why information security is important• Why information security is important
• Managing security risks
• Security incident response
DEFINITIONS
5/4/2012
3
BUILDING BLOCK
• Element or integral part of somethingElement or integral part of something
– Aligned
– Threat Resistant
– Reduce Risk
– Appropriate Value
– Sustainable
• Subordinate part attached to something
– Reactive
– Quick fix
– Temporary
– Not Aligned
5/4/2012
4
• Protecting information and information f i d dassets from unintended:
– access
– usage
– disclosure
– disruption
difi i– modification
– inspection
– recording or destruction
Utility
Accuracy
Authenticity
Integrity
AvailabilityConfidentiality
Secure Information
5/4/2012
5
Technology Security
• Firewall
• IDS/IPS
Information Security
• Intellectual Property
• Business/Financial IntegrityIDS/IPS
• Malware
• Encryption
• Operating System
Business/Financial Integrity
• Compliance
• Industrial Espionage
• Confidentiality
IMPORTANCE OF INFORMATION SECURITY
5/4/2012
6
• A threat is an object, person, or other entity that represents a constant dangerentity that represents a constant danger to an asset
– System Failures
– Human Errors
– Acts of Nature
– Deliberate Attacks
• People committed to circumvention of computer securitycomputer security. – Competitors
– Employees
– Contractors
– Ethical Security professionals
Neighbors– Neighbors
– Friends
– Customers
– Our Children
5/4/2012
7
ATTACK METHODS
• Electronic
• Physical
• Human (Social Engineering)
Reputation
Compliance
FinancialHuman
Reputation
5/4/2012
8
•If you do not know your enemies nor yourself, you will lose every single battle.
•If you do not know your enemies but do know yourself, you will win one and lose one;
•If you know your enemies and know yourself, you will not lose in a hundred battles; •Adapted from Sun Tzu’s “The Art of War”
IMPLEMENTING SECURITY
5/4/2012
9
SECURING BUSINESS INFORMATION
Know Your “Self” Know Your “Enemy”
• Understand Business Objectives
• Align and Classify
• Conduct Gap Assessment
• Implement controls
• What threatens your business objectives
• Who/What threatens you business assets
• Consequences
p
MANAGING RISKS
Align Business, IT
Implement ControlsAdministrative
Logical
Physical
Monitor & Evaluate
Train/Educate/Awareness
5/4/2012
10
LAYERED DEFENSE
Host/Net
App
Policies Process
Perimeter
Physical
GuidelinesAwareness
I id
Communication Human Resource
Operations Physical and
System Acquisition, Development Maintenance
Business Continuity
Management
ComplianceIncident
Management
Security Policy
OrganizationOf
Information Security
Asset Management
Risk Management
ManagementHuman Resource
Management Environmental
5/4/2012
11
Security PolicyAsset
Management
Preparation Eradication Recovery
IdentificationContainment
Lessons Learned
5/4/2012
12