SlideShare a Scribd company logo

People process technology - Information as Asset

Download as PPTX, PDF
Mohamed Sharique Vellikan
Mohamed Sharique Vellikan

Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. The elements are Integrity – maintaining accuracy Availability – available when needed Authenticity – ensure genuine data Non-repudiation – two way transactions The fundamental principles of any business operation are “people,” “processes,” and “technology.” Attention to all three are required to have significant and lasting change on how the organization operates. Strong processes can often help to overcome potential vulnerabilities in a security product, while poor implementation can render good technologies ineffective. Antivirus software is a good example of how people-process-technology all have roles in its effectiveness. Conclusion: Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. Circling back to the beginning of presentation – a focus on only technical security controls may leave you with a system that is not maintained (e.g., insufficient man-power, and/or training for people) and it is not very effective (e.g., poor processes and policies).

Technology
1 of 13
eople, Process andTechnology -Information as Asset Kowshik Madhu Mayur Sharique Vidyashankar
Introduction • Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. • The elements are Integrity – maintaining accuracy Availability – available when needed Authenticity – ensure genuine data Non-repudiation – two way transactions
People-Process-Technology • The fundamental principles of any business operation are “people,” “processes,” and “technology.” Attention to all three are required to have significant and lasting change on how the organization operates. • Strong processes can often help to overcome potential vulnerabilities in a security product, while poor implementation can render good technologies ineffective. • Antivirus software is a good example of how people-process-technology all have roles in its effectiveness.
People In IT Security
Process in IT Security
Adopting International standards for IT security • ISO27001 : Protect , preserve information under confidentiality, integrity, availability. • ISO22301 : Focuses both on the recovery from disasters, but also on maintaining access to and security of information. Process in IT Security
Process in IT Security
Technology in IT Security 1. To improve productivity, efficiency, and process consistency. 2. Develop technical requirements for the submission of change requests, evaluation, approval, and evidence retention. 3. Migrate proven change control procedures and forms into the technology platform. Verify consistency with paper-based methods. 4. Implement technology to identify and track configuration of all hardware's and software’s.
 Cloud Access Security Brokers.  Adaptive Access Control.  Pervasive Sandboxing (Content Detonation) and IOC Confirmation.  Endpoint Detection and Response Solutions.  Big Data Security Analytics at the Heart of Next-generation Security Platforms.  Machine-readable Threat Intelligence, Including Reputation Services.  Containment and Isolation as a Foundational Security Strategy.  Software-defined Security.  Interactive Application Security Testing.  Security Gateways, Brokers and Firewalls to Deal with the Internet of Things.
“Information as Asset” • Like any other corporate asset, an organization's information assets have financial value. The value of asset increases in direct relationship to the number of people who are able to make use of the information • An information asset can be classified according to any criteria, not only by its relative importance or frequency of use. For example, data can be broken down according to topic, when it was created, where it was created or which personnel or departments use it the most. A data classification system can be implemented to make the organization's information assets easy to find, share and maintain • The major steps required for asset classification and controls are: – A. Identification of the assets – B. Accountability of assets – C. Preparing a schema for information classification – D. Implementing the classification schema
A. Identification of assets • Information assets • Software assets • Physical assets • Services B. Accountability of assets • Identifying owners
C. Preparing a schema for classification • Confidentiality – Confidential, Company Only, Shared, Unclassified • Value • Time • Access rights • Destruction D. Implementation of the classification schema • Uniform way of identifying the information • Right amount of protection
Conclusion • Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. • Circling back to the beginning of presentation – a focus on only technical security controls may leave you with a system that is not maintained (e.g., insufficient man-power, and/or training for people) and it is not very effective (e.g., poor processes and policies).

Recommended

Build a Better Business
Build a Better BusinessBuild a Better Business
Build a Better BusinessKathy Herrmann
 
Culture Feasts on Innovation: Here's What you Can Do About It
Culture Feasts on Innovation: Here's What you Can Do About ItCulture Feasts on Innovation: Here's What you Can Do About It
Culture Feasts on Innovation: Here's What you Can Do About ItReuven Gorsht
 
Front End of Innovation Workshop - Your Future Innovation Tools
Front End of Innovation Workshop - Your Future Innovation Tools Front End of Innovation Workshop - Your Future Innovation Tools
Front End of Innovation Workshop - Your Future Innovation Tools Engage // Innovate
 
Technology The Driving Force Behind Remarketing RepossessedSurrendered Vehicl...
Technology The Driving Force Behind Remarketing RepossessedSurrendered Vehicl...Technology The Driving Force Behind Remarketing RepossessedSurrendered Vehicl...
Technology The Driving Force Behind Remarketing RepossessedSurrendered Vehicl...Mohamed Sharique Vellikan
 
Market segmentation
Market segmentationMarket segmentation
Market segmentationMohamed Sharique Vellikan
 
Mohamed sharique(shipping agents)
Mohamed sharique(shipping agents)Mohamed sharique(shipping agents)
Mohamed sharique(shipping agents)Mohamed Sharique Vellikan
 
Mohamed sharique (buying and leasing)
Mohamed sharique (buying and leasing)Mohamed sharique (buying and leasing)
Mohamed sharique (buying and leasing)Mohamed Sharique Vellikan
 
Data mining tools overall
Data mining tools overallData mining tools overall
Data mining tools overallMohamed Sharique Vellikan
 

Recommended

Build a Better Business
Build a Better BusinessBuild a Better Business
Build a Better BusinessKathy Herrmann
 
Culture Feasts on Innovation: Here's What you Can Do About It
Culture Feasts on Innovation: Here's What you Can Do About ItCulture Feasts on Innovation: Here's What you Can Do About It
Culture Feasts on Innovation: Here's What you Can Do About ItReuven Gorsht
 
Front End of Innovation Workshop - Your Future Innovation Tools
Front End of Innovation Workshop - Your Future Innovation Tools Front End of Innovation Workshop - Your Future Innovation Tools
Front End of Innovation Workshop - Your Future Innovation Tools Engage // Innovate
 
Technology The Driving Force Behind Remarketing RepossessedSurrendered Vehicl...
Technology The Driving Force Behind Remarketing RepossessedSurrendered Vehicl...Technology The Driving Force Behind Remarketing RepossessedSurrendered Vehicl...
Technology The Driving Force Behind Remarketing RepossessedSurrendered Vehicl...Mohamed Sharique Vellikan
 
Market segmentation
Market segmentationMarket segmentation
Market segmentationMohamed Sharique Vellikan
 
Mohamed sharique(shipping agents)
Mohamed sharique(shipping agents)Mohamed sharique(shipping agents)
Mohamed sharique(shipping agents)Mohamed Sharique Vellikan
 
Mohamed sharique (buying and leasing)
Mohamed sharique (buying and leasing)Mohamed sharique (buying and leasing)
Mohamed sharique (buying and leasing)Mohamed Sharique Vellikan
 
Data mining tools overall
Data mining tools overallData mining tools overall
Data mining tools overallMohamed Sharique Vellikan
 
Quality control methods
Quality control methodsQuality control methods
Quality control methodsMohamed Sharique Vellikan
 
HR audit
HR auditHR audit
HR auditMohamed Sharique Vellikan
 
Hero motocorp
Hero motocorpHero motocorp
Hero motocorpMohamed Sharique Vellikan
 
big data and cloud computing
big data and cloud computingbig data and cloud computing
big data and cloud computingMohamed Sharique Vellikan
 
Canada vs India Hofstede
Canada vs India HofstedeCanada vs India Hofstede
Canada vs India HofstedeMohamed Sharique Vellikan
 
Chola builders project
Chola builders projectChola builders project
Chola builders projectMohamed Sharique Vellikan
 
CSR - Aditya birla group
CSR - Aditya birla groupCSR - Aditya birla group
CSR - Aditya birla groupMohamed Sharique Vellikan
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

More Related Content

More from Mohamed Sharique Vellikan

More from Mohamed Sharique Vellikan (7)

Quality control methods
Quality control methodsQuality control methods
Quality control methods
 
HR audit
HR auditHR audit
HR audit
 
Hero motocorp
Hero motocorpHero motocorp
Hero motocorp
 
big data and cloud computing
big data and cloud computingbig data and cloud computing
big data and cloud computing
 
Canada vs India Hofstede
Canada vs India HofstedeCanada vs India Hofstede
Canada vs India Hofstede
 
Chola builders project
Chola builders projectChola builders project
Chola builders project
 
CSR - Aditya birla group
CSR - Aditya birla groupCSR - Aditya birla group
CSR - Aditya birla group
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

People process technology - Information as Asset

  • 1. eople, Process andTechnology -Information as Asset Kowshik Madhu Mayur Sharique Vidyashankar
  • 2. Introduction • Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. • The elements are Integrity – maintaining accuracy Availability – available when needed Authenticity – ensure genuine data Non-repudiation – two way transactions
  • 3. People-Process-Technology • The fundamental principles of any business operation are “people,” “processes,” and “technology.” Attention to all three are required to have significant and lasting change on how the organization operates. • Strong processes can often help to overcome potential vulnerabilities in a security product, while poor implementation can render good technologies ineffective. • Antivirus software is a good example of how people-process-technology all have roles in its effectiveness.
  • 4. People In IT Security
  • 5. Process in IT Security
  • 6. Adopting International standards for IT security • ISO27001 : Protect , preserve information under confidentiality, integrity, availability. • ISO22301 : Focuses both on the recovery from disasters, but also on maintaining access to and security of information. Process in IT Security
  • 7. Process in IT Security
  • 8. Technology in IT Security 1. To improve productivity, efficiency, and process consistency. 2. Develop technical requirements for the submission of change requests, evaluation, approval, and evidence retention. 3. Migrate proven change control procedures and forms into the technology platform. Verify consistency with paper-based methods. 4. Implement technology to identify and track configuration of all hardware's and software’s.
  • 9.  Cloud Access Security Brokers.  Adaptive Access Control.  Pervasive Sandboxing (Content Detonation) and IOC Confirmation.  Endpoint Detection and Response Solutions.  Big Data Security Analytics at the Heart of Next-generation Security Platforms.  Machine-readable Threat Intelligence, Including Reputation Services.  Containment and Isolation as a Foundational Security Strategy.  Software-defined Security.  Interactive Application Security Testing.  Security Gateways, Brokers and Firewalls to Deal with the Internet of Things.
  • 10. “Information as Asset” • Like any other corporate asset, an organization's information assets have financial value. The value of asset increases in direct relationship to the number of people who are able to make use of the information • An information asset can be classified according to any criteria, not only by its relative importance or frequency of use. For example, data can be broken down according to topic, when it was created, where it was created or which personnel or departments use it the most. A data classification system can be implemented to make the organization's information assets easy to find, share and maintain • The major steps required for asset classification and controls are: – A. Identification of the assets – B. Accountability of assets – C. Preparing a schema for information classification – D. Implementing the classification schema
  • 11. A. Identification of assets • Information assets • Software assets • Physical assets • Services B. Accountability of assets • Identifying owners
  • 12. C. Preparing a schema for classification • Confidentiality – Confidential, Company Only, Shared, Unclassified • Value • Time • Access rights • Destruction D. Implementation of the classification schema • Uniform way of identifying the information • Right amount of protection
  • 13. Conclusion • Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. • Circling back to the beginning of presentation – a focus on only technical security controls may leave you with a system that is not maintained (e.g., insufficient man-power, and/or training for people) and it is not very effective (e.g., poor processes and policies).