Transcript: Presented By k Gopi Krishna Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization." The terms reasonable and prudent person, due care and due diligence have been used in the fields of Finance, Securities, and Law for many years. •An enterprise-wide issue •Leaders are accountable •Viewed as a business requirement •Risk-based •Roles, responsibilities, and segregation of duties defined •Addressed and enforced in policy •Adequate resources committed •Staff aware and trained •A development life cycle requirement •Planned, managed, measurable, and measured •Reviewed and audited Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. Conclusion A comprehensive treatment of the topic of risk management is beyond the scope of this article. Essentially, procedures or policies are implemented to tell people (administrators, users and operators)how to use products to ensure information security within the organizations. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. Confidentiality Business Continuity Process In 2002, Donn Parker proposed an alternative model for the classic CIA triad that he called the six atomic elements of information. Introduction Availability Contents Abstract Basic Principles Risk Management Security governance Abstract Authenticity Information Security Attributes: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Conclusion Integrity Basic Principles Business continuity is the mechanism by which an organization continues to operate its critical business units, during planned or unplanned disruptions that affect normal business operations, by invoking planned and managed procedures. Business continuity Introduction Risk Management Process
Transcript: The Research about The Information Security of Jetsum Tech -Da Gong -Chen Chen -Sami Alharti what is the goal? To research and analysis the information security of the Jetsum Tech. Information about Jetsum Tech Jetsum Tech is located in Wuhan city, Hubei province, China. It was established in March 2001. This company specializes in Internet professional services (ISP) and systems and systems integration services. Jetsum Tech is a professional information services provider, which combines research, development, integration, services and consulting together. The Result of Research The security Grade is: 78 Security Assessment And Recommendation Security Areas 1 SECURITY POLICY 2 ORGANIZING INFORMATION SECURITY 3 ASSET MANAGEMENT 4 HUMAN RESOURCES SECURITY 5 PHYSICAL AND ENVIRONMENTAL SECURITY 6 COMMUNICATIONS AND OPERATIONS MANAGEMENT 7 ACCESS CONTROL 8 INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE 9 INFORMATION SECURITY INCIDENT MANAGEMENT 10 BUSINESS CONTINUITY MANAGEMENT 11 COMPLIANCE Contact with authorities:Appropriate contacts with relevant authorities should be maintained. They need about four weeks to do that. Inventory of assets All assets should be clearly identified and an inventory of all important assets drawn up and maintained.Jetsum Tech should identify all assets and document the importance of these assets. They maybe need three months to do this. Roles and responsibilities: Security roles and responsibilities of employees, contractors and third party users should be defined and documented in accordance with Jetsum Tech's information security policy. They need six months to do that. Jetsum Tech should use Security perimeters to protect areas that contain information and information processing facilities. They need eight months to do that. Responsibilities and procedures for the management and operation of all information processing facilities should be established. Planning and preparation are required to ensure the availability of adequate capacity and resources to deliver the required system performance. Executing mobile code in a logically isolated environment and activating technical measures as available on a specific system to ensure mobile code is managed. Try their best to prevent unauthorized access to information held in application systems. Application systems should: a) Control user access to information and application system functions, in accordance with a defined access control policy; b) Provide protection from unauthorized access by any utility, operating system software, and malicious software that is capable of overriding or bypassing system or application controls; c) Not compromise other systems with which information resources are shared. In correct processing in applications, they should to prevent errors, loss, unauthorized modification or misuse of information in applications. And in cryptographic controls and security in development and support processes, they need to protect the confidentiality, authenticity or integrity of information by cryptographic means and to maintain the security of application system software and information. Then, the company will ensure that security is an integral part of information systems. Produces to handle different type of information security incidents, eg: information system failures and loss of service, malicious code, denial of service analysis and identification of the cause of the incident, containment, planning and implementation of corrective action to prevent recurrence identify and consider the implementation of additional preventive and mitigating controls identify sufficient financial, organizational, technical, and environmental resources to address the identified information security requirements safeguard operational systems and audit tools during information systems audits safeguard the integrity and prevent misuse of audit tools ensure compliance with legislative, regulatory, and contractual requirements References Text of ISO/IEC FDIS 17799: 2005-02-11 ― Information techniques ― Security techniques ― Code of practice for information security management (2nd edition), (2005). Questions ? Thank you! COMMUNICATIONS AND OPERATIONS MANAGEMENT ACCESS CONTROL HUMAN RESOURCES SECURITY BUSINESS CONTINUITY MANAGEMENT INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE COMPLIANCE INFORMATION SECURITY INCIDENT MANAGEMENT ORGANIZING INFORMATION SECURITY PHYSICAL AND ENVIRONMENTAL SECURITY SECURITY POLICY ASSET MANAGEMENT
Transcript: Availability assures that the resources that need to be accessed are accessible to authorized parties in the ways they are needed. Availability is a natural result of the other two concepts. The concept of Confidentiality in information security pertains to the protection of information and prevention of unauthorized access or disclosure. Threats to confidentiality Integrity deals with prevention of unauthorized modification of intentional or accidental modification. Integrity Which is the quality of being honest and having strong moral principles; moral uprightness. Information Security Which means protecting information and information systems from unauthorized access, use, disruption, modification or destruction Basically Trying to keep something a secret. Confidentiality Information Security Security is a compromise between opening the systems up to the world and locking them down so no one can use them. Authentication and Availability Authentication is the process by which the information system assures that you are who you say you are; how you prove your identity is authentic.
Transcript: Data Information Security Stating the bleedin’ obvious Information is a valuable resource therefore we must protect it from Loss, Corruption, Unauthorised Access or Modification Why is this important? £60,000 £100,000 How is information kept? Paper PC Server Laptop USBs/memory sticks External hard drives CD Rom The Cloud How is information transferred? Face to face Phone Fax Post Through websites Emails Controls Staff training Staff training Over access to rooms Over access to PCs/servers Laptops/USBs/CDs IT system 3 stages Incoming information Storage of information/utilisation at the College Outgoing information Sending information out – post, website, email Taking information offsite/home Disposal – paper/IT IT controls Firewall Anti virus Blocking access to certain websites Filtering emails Not allow staff/students to load software Back ups – not C drive IT user guide Spring 2008
Transcript: Thesis - Integrity - Applets/Active-X Controls Conclusion - Performance of Partial Encryption Comparatively weak in security Kind of Partial Encryption 2) entire encryption - http://msdn.microsoft.com/ko-kr/netframework/default.aspx - http://cafe.naver.com/i2sec.cafe?iframe_url=/ArticleRead.nhn%3Farticleid=198 - http://cafe.naver.com/jjang12pro.cafe?iframe_url=/ArticleRead.nhn%3Farticleid=190 - http://www.cert.org/secure-coding/ 3. Conclusion - Application program using transmitted data 2006270067 - Confidentiality - Managing tools Background - Kind of Partial Encryption 2) Encryption of based on Quadtree 2006270043 Performance of Partial Encryption Information Security 3) partial encryption 2. Main Subject Advatage of partial encryption - Server (deamon / service) - Partial encryption Secure Coding in image processing - Secure coding in image processing - Definition of security - Entire encryption - Solving electricity consumption problem Definition of Security - Background - Situation asked security - Saving time in encryption, decryption - Web application - Kyung-In Ryu, A Study on Secure Partial Encryption for Mobile Contents - Myung-Mook Han, An efficient image ecryption algorithm - Si-Chan Park, Partial image encryption system design for secure of images - Young-Ho Seo, Selectively partial encryption of images in wavelet domain - Image compression and encryption Joo Young-min Situation asked security 1) original Lee Hwa-yeon - More methodology is needed - Importance of information security Secure Coding Image encryption - Availability 1) Block encryption Contents 1. Introduction Reference Secure coding - Extension of Internet
Transcript: Users shall not have the expectation that their email or other electronic communications are private. CHS may capture user activity such as web sites visited. CHS reserves the right, at any time and without prior notice, to examine email, files, and other information stored on CHS information systems. Content of electronic communications should be accurate, sent to recipients with the minimum necessary information based on a need-to-know and sent or posted with appropriate security measures Every user has a responsibility to protect CHS’ public image. Users must avoid communicating anything that might appear inappropriate or misconstrued as inappropriate Do not download any non-standard/non-approved applications to CHS devices. Do not open unknown email attachments. Do not use instant messaging features Shall not copy, release, transmit, sell, loan, alter, purge or destroy any confidential information except as properly authorized Communications Content Ensuring that PHI is exchanged only with properly authorized entities, and that electronic transmissions containing PHI are properly encrypted and secured Security Policies Information Security Promptly reporting any privacy or security concerns to your Facility Security Officer Users are prohibited from installing, distributing, copying or modifying any software programs Confidential Information Single Sign On Never share or disclose user IDs or passwords, nor ask others to do so. Personal Conduct Users are prohibited from installing software from outside sources on their CHS workstations. Such software is not licensed for use by CHS, or may interfere with the operation of other company resources Must be a least 5 characters but no more than 8 long. Passwords Work Station Security Users are responsible for protecting information on their computers, and must use precautions to physically protect equipment and information Dispose of confidential information utilizing company-provided secure receptacles The following behaviors are strictly prohibited: Accessing obscene, sexually explicit, or pornographic material from company resources. Sending harassing, libelous, and disruptive, threatening, racially harassing, or sexually harassing messages, or using any language that could be construed to make the work environment a hostile workplace. Tying up computer resources by downloading music, movies, software or other applications, or using excessive amounts of storage or sending large file attachments. This could cause congestion, delay, or disruption of service to company systems, and degrades the performance of the entire network. Using company systems to advertise, provide services, or sell commercial products. Use of any company information technology resources for personal gain or profit is prohibited. Using company resources in a manner that interferes with performance of employment responsibilities; for example, tying up printers doing non-company related work. Sending messages with religious, racial, political, or sexual overtones; expressing bigotry, hatred, harassment, abuse, or threats of harm to anyone. Creating, copying, or sending frivolous or excessive messages, including chain letters, junk mail, advertising material, or spam. Must be reset every 90 days. Users are responsible for protecting information on their computers, and must use precautions to physically protect equipment and information Must begin with a letter. Case sensitive. Password history. Passwords may not be reused. Complying with use and disclosure processes as if electronic information were paper Removable Media Personal Responsibilities for Security Users should not move or relocate company-provided computing equipment. All computing equipment moves are to be scheduled through the IS Department Stay away from special characters. Do not leave programs running or data visible when computer is unattended. Lock system (press Window key + L) when leaving the computer for any length of time. Use screen savers with activated passwords, and position screens away from public view Laptops shall not be left unattended and unsecured (for example, left on the desk when not in use or overnight in the workplace); they must be locked up. Laptops must not be left in a car, exposed to weather, magnetic fields or radiation. Individually identifiable PHI (protected health information) should not be stored on mobile electronics All personnel must ensure that confidential information is being appropriately protected, in accordance with existing HIPAA federal laws and company policies and associated information security policies and standards. Adhering to all Security policies, standards, procedures, and CHS Code of Conduct No Expectation of Privacy INFORMATION SYSTEMS Non-compliance Important data should not be stored on the local hard drive (the C: drive). Local hard drives are not backed up, and in the case of a hardware failure or theft, the data would be lost. All important data should be stored
Transcript: Thank You D R M Lim sang joon 3. DRM Finger Print (2) 2. Developing a enough secure watermark to endure for the conversion of a variety of compression. Security Threats (2) Security Threats 3. Non-compliant watermarking algorithm. Ryu seung hun 1. It is difficult to cath the file exchange between individuals daily on the Internet Finger Print (1) About DRM Copyright Security Issues 2. Finger Print Algorithm Team Members 2. It is difficult to insert a finger print at P2P List of survey contents Finger Print 3. It is possible to use contents infinitely without DRM 2. DRM will be compliant. Information Security About Finger Print (3) Close Cooperation Improvement (4) (1) Team Name : Vitality 1. Increasing server load Watermark Conclusion 1. All responsibility in the Browser Lack of awareness (3) (1) (4) Algorithm 2. When converting compressed music files and image files, to change the new compression (Ex. MP3 -> WMA, JPG -> JYP), Watermark may be damaged. D R M Algorithm 2. The cracker can decrypt a key. Improvement 1. Only use the compression methods that play or view contents to avoid modification 1. Enhance security and stability of the browser About Watermark 1. Watermark Watermark Improvement D R M D R M Watermark Purpose of the survey (4) 3. Developing devices compliant official watermark algorithm. 2. Uploading fake files 1. Building more server Finger Print (2) Watermark 3. Fingerprint technology can only prevent the first outflow. (3) Security Threats
Transcript: -DEFENCE IN DEPTH For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly The Software Engineering Institute at Carnegie Mellon University, in a publication titled "Governing for Enterprise Security (GES)", defines characteristics of effective security governance. These include: -An enterprise-wide issue -Leaders are accountable -Viewed as a business requirement -Risk-based-Roles, responsibilities, and segregation of duties defined -Addressed and enforced in policy -Adequate resources committed -Staff aware and trained -A development life cycle requirement -Planned, managed, measurable, and measured -Reviewed and audited Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. The never ending process of information security involves ongoing training, assessment, protection, monitoring & detection, incident response & repair, documentation, and review. This makes information security an indispensable part of all the business operations across different domains. -INTEGRITY -AUTHENTICITY - Julius Caesar is credited with the invention of the Caesar cipher which was created in order to prevent his secret messages from being read. 50 B.C -In the mid 19th century more complex classification systems were developed The British Government codified this, to some extent, with the publication of the Official Secrets Act in 1889 -The end of the 20th century and early years of the 21st century rapid advancements in telecommunications, and data encryption were made. These computers quickly became interconnected through a network generically called the Internet. -PHYSICAL: Physical controls monitor and control the environment of the work place and computing facilities. They also monitor and control access to and from such facilities. For e.g, doors, locks, heating and air conditioning, smoke and fire alarms etc. BASIC PRINCIPLES Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. -Information security must protect information throughout the life span of the information. The information must be protected while in motion and while at rest. -To fully protect the information during its lifetime, each component of the information processing system must have its own protection mechanisms - The building up, layering on and overlapping of security measures is called defense in depth. In information security, integrity means that data cannot be modified undetectably -NON-REPUDIATION In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction. CONTROLS photo credit Nasa / Goddard Space Flight Center / Reto Stöckli INFORMATION SECURITY HISTORY -ADMINISTRATIVE: Administrative controls consist of approved written policies, procedures, standards and guidelines. -LOGICAL: Logical controls use software and data to monitor and control access to information and computing systems. for e.g pw. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. -CONFIDENTIALITY Information security means protecting information and information systems from unauthorized access,disclosure, disruption, modification. -KHAWAJA ALI TARIQ - GROUP # 16 INFORMATION SECURITY GOVERNANCE. In computing, e-Business, and information security, it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine CONCLUSION -AVAILABILITY THANK YOU!
Description: The sky’s the limit. Boost your new sales initiative into orbit with an engaging and compelling SKO presentation. This template features a effective sales kickoff theme that makes it easy to be engaging. Like all Prezi SKO templates, it’s fully customizable with your own information.
Description: Add some color to your quarterly business review with this vibrant business presentation template. The bold visuals in this business template will make your next QBR a memorable one.
Description: Storytelling is at the heart of great service. Use this stunning, customizable business presentation template to highlight employees who do exceptional work or position your customers as the heroes of your business.
Description: Catch the eye and engage the imagination with this cool-looking Prezi proposal template. The bold, bright design and highly dynamic theme all but guarantee success for your next sales or marketing proposal. All Prezi presentation templates are easily customized.
Now you can make any subject more engaging and memorable