Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Information Security

No description
by

Sami Alharthi

on 12 November 2012

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Information Security

The Research about The Information Security of Jetsum Tech -Da Gong
-Chen Chen
-Sami Alharti what is the goal? To research and analysis the information security of the Jetsum Tech. Information about Jetsum Tech Jetsum Tech is located in Wuhan city, Hubei province, China. It was established in March 2001. This company specializes in Internet professional services (ISP) and systems and systems integration services. Jetsum Tech is a professional information services provider, which combines research, development, integration, services and consulting together. Security Assessment And Recommendation The Result of Research Security Areas 1 SECURITY POLICY
2 ORGANIZING INFORMATION SECURITY
3 ASSET MANAGEMENT
4 HUMAN RESOURCES SECURITY
5 PHYSICAL AND ENVIRONMENTAL SECURITY
6 COMMUNICATIONS AND OPERATIONS MANAGEMENT
7 ACCESS CONTROL
8 INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE
9 INFORMATION SECURITY INCIDENT MANAGEMENT
10 BUSINESS CONTINUITY MANAGEMENT
11 COMPLIANCE SECURITY POLICY Contact with authorities:Appropriate contacts with relevant authorities should be maintained. They need about four weeks to do that. ORGANIZING INFORMATION SECURITY Inventory of assets
All assets should be clearly identified and an inventory of all important assets drawn up and maintained.Jetsum Tech should identify all assets and document the importance of these assets. They maybe need three months to do this. Roles and responsibilities:
Security roles and responsibilities of employees, contractors and third party users should be defined and documented in accordance with Jetsum Tech's information security policy. They need six months to do that. Jetsum Tech should use Security perimeters to protect areas that contain information and information processing facilities. They need eight months to do that. Produces to handle different type of information security incidents, eg: information system failures and loss of service, malicious code, denial of service
analysis and identification of the cause of the incident, containment, planning and implementation of corrective action to prevent recurrence identify and consider the implementation of additional preventive and mitigating controls
identify sufficient financial, organizational, technical, and environmental resources to address the identified information security requirements safeguard operational systems and audit tools during information systems audits
safeguard the integrity and prevent misuse of audit tools
ensure compliance with legislative, regulatory, and contractual requirements ASSET MANAGEMENT HUMAN RESOURCES SECURITY PHYSICAL AND ENVIRONMENTAL SECURITY INFORMATION SECURITY INCIDENT MANAGEMENT BUSINESS CONTINUITY MANAGEMENT COMPLIANCE COMMUNICATIONS AND OPERATIONS MANAGEMENT ACCESS CONTROL INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE Responsibilities and procedures for the management and operation of all information processing facilities should be established.
Planning and preparation are required to ensure the availability of adequate capacity and resources to deliver the required system performance.
Executing mobile code in a logically isolated environment and activating technical measures as available on a specific system to ensure mobile code is managed. Try their best to prevent unauthorized access to information held in application systems.
Application systems should:
a) Control user access to information and application system functions, in accordance with a defined access control policy;
b) Provide protection from unauthorized access by any utility, operating system software, and malicious software that is capable of overriding or bypassing system or application controls;
c) Not compromise other systems with which information resources are shared. In correct processing in applications, they should to prevent errors, loss, unauthorized modification or misuse of information in applications. And in cryptographic controls and security in development and support processes, they need to protect the confidentiality, authenticity or integrity of information by cryptographic means and to maintain the security of application system software and information. Then, the company will ensure that security is an integral part of information systems. References Questions ? Thank you! Text of ISO/IEC FDIS 17799: 2005-02-11 ― Information techniques ― Security techniques ― Code of practice for information security management (2nd edition), (2005). The security Grade is: 78
Full transcript