KEMBAR78
Information Security Management.Introduction | PPT
Uploaded byyuliana_mar
PPT, PDF1,709 views

Information Security Management.Introduction

This document provides an overview of information security management, highlighting its significance in protecting organizational assets and facilitating business value generation. It discusses the classification of information sensitivity, the CIA triad (confidentiality, integrity, availability), and governance aspects of information security. Additionally, it outlines various security controls and assessment methodologies essential for maintaining a secure computing environment.

Downloaded 35 times
Information Security Management Introduction By Yuliana Martirosyan Based on Bell G. Reggard, (2010) Information Security Management. Concepts and Practices.
Introduction People Network Activities TechnologyData Information Security Management Introduction to Information Security Management
• Introduction • Layers of personnel around an information resources Operator -System- Security Staff Security Administrator System Owner Information Security Management Introduction to Information Security Management
Information Security Management • Why Information Security Matters? • Information drives enterprise business value generation. • Information is the basis of competitive advantage. • Assets are very independent. To protect one asset the whole computing environment should be protected. Introduction to Information Security Management
Information Security Management Information Sensitivity Classification Information sensitivity taxonomy Introduction to Information Security Management Information Sensitivity Public Information Confidential Information Internal Use Proprietary Information Highly Confidential Top Secret
Information Security Management Information Security Governance Corporate governance has to do with how the board of directors and executive management run and control a company IT governance is how technology is used and managed so that it supports business needs. Information security governance is a coherent system of integrated security components • products • personnel • training • processes • policies ... that exist to ensure that the organization survives and hopefully thrives. Introduction to Information Security Management
The Computing Environment Security of an information system Information System Security People security Technology Security Network Security Security of IS Activities Data Security Information Security Management Introduction to Information Security Management
Security of Various Components in the Computer Environments Protecting organization, information system , or any computing environment means following: • Personal security to protect people • Qualification assurance • Specifications of the job • Security clearance • Screening Assurance • Authorizing of process • Security Training • Nondisclosure Agreement Information Security Management Introduction to Information Security Management
Security of an information system 1. Introduction to Information Security Management CIA Triad CIA Triad Confidentiality Integrity Availability
CIA triad suffers from at least 2 drawbacks: Security Star Model Confidentiality Availability Non-Repudiation Integrity Authentication 1. Introduction to Information Security Management The Security Star
Parker’s View of Information Security Parker’s View of Information Security • CIA Triad • Authenticity • Possession Envelope • Utility Possession defines ownership or control of information Authenticity aims at ensuring that the origin of the transmission is correct and that the authorship of the transmitted documents is valid Utility emphasized the usefulness of the information in possession Information Security Management Introduction to Information Security Management
What is Information Security Management 1. Identify computing environment, define its critically, prioritize its contribution to the organization’s business-value-generation capabilities; 2. Identify all security risks, assess them, mitigate them by devising a comprehensive risk- driven security program; 3. Provide continual improvement of the organization’s risk position. Information Security Management Introduction to Information Security Management
Security Controls Managerial Controls: • Risk Assessment • Planning • System and Service acquisition • Certification, accreditation and security assessment Technical Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management Information Security Management Introduction to Information Security Management
Security Controls Operational Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management • Maintenance • System and Information Integrity • Media Protection • Incident Response • Awareness and Training Information Security Management Introduction to Information Security Management
The NSA Triad for Security Assessment Assessment - Security Planning for 3 years Not technical, often qualitative Doesn’t involve any testing Collaborative, often shared by users, managers, and owner Evaluation - How to use technology to support information security Technical but not invasive Passive testing required for self study Collaborative to some extends Involves diagnostic tools Involves internal audit Information Security Management Introduction to Information Security Management
The NSA Triad for Security Assessment Penetration Testing Non-collaborative Technical in nature Invasive in nature Involves external audit Active penetration tests Risk to compromise the target system exists but has to be avoided Active assessment expertise is required Information Security Management Introduction to Information Security Management

More Related Content

PPT
IT Security management and risk assessment
byCAS
 
PDF
Introduction to the management of information security
bySammer Qader
 
PPTX
27001 awareness Training
byDr Madhu Aman Sharma
 
PPTX
Security Policies and Standards
byprimeteacher32
 
PPT
Information security management
byUMaine
 
PDF
Building an effective Information Security Roadmap
byElliott Franklin
 
PPT
The information security audit
byDhani Ahmad
 
PPTX
Business Continuity Planning
byInstitute for Business Continuity Training
 
IT Security management and risk assessment
byCAS
 
Introduction to the management of information security
bySammer Qader
 
27001 awareness Training
byDr Madhu Aman Sharma
 
Security Policies and Standards
byprimeteacher32
 
Information security management
byUMaine
 
Building an effective Information Security Roadmap
byElliott Franklin
 
The information security audit
byDhani Ahmad
 
Business Continuity Planning
byInstitute for Business Continuity Training
 

What's hot

PDF
Security Fundamentals
bySecureIoT H2020 funded project
 
PPT
Information System Security(lecture 1)
byAli Habeeb
 
PPTX
InformationSecurity
bylearnt
 
PPT
Information Assurance And Security - Chapter 1 - Lesson 1
byMLG College of Learning, Inc
 
PPS
ISO 27001 2013 isms final overview
byNaresh Rao
 
PPTX
ISO 27001 - Information security user awareness training presentation - part 3
byTanmay Shinde
 
PPTX
Information Security Governance and Strategy
byDam Frank
 
PPT
Chapter 5 Planning for Security-students.ppt
byShruthi48
 
PDF
From Cybersecurity to Cyber Resilience
byaccenture
 
PPTX
Security management concepts and principles
byDivya Tiwari
 
PPTX
Cybersecurity
byANGIEPAEZ304
 
PPTX
ملخص النهائي لضوابط الامن السيبراني
byNaifAlghamdi31
 
PPT
Chapter 5
bysivadnolram
 
PDF
Cyber Resilience
byIan-Edward Stafrace
 
PDF
Implementing a Security Framework based on ISO/IEC 27002
bypgpmikey
 
PPT
Security policy
byDhani Ahmad
 
PPTX
Physical access control
byAhsin Yousaf
 
PDF
NIST cybersecurity framework
byShriya Rai
 
PDF
A to Z of Information Security Management
byMark Conway
 
PPT
Information security policy_2011
bycodka
 
Security Fundamentals
bySecureIoT H2020 funded project
 
Information System Security(lecture 1)
byAli Habeeb
 
InformationSecurity
bylearnt
 
Information Assurance And Security - Chapter 1 - Lesson 1
byMLG College of Learning, Inc
 
ISO 27001 2013 isms final overview
byNaresh Rao
 
ISO 27001 - Information security user awareness training presentation - part 3
byTanmay Shinde
 
Information Security Governance and Strategy
byDam Frank
 
Chapter 5 Planning for Security-students.ppt
byShruthi48
 
From Cybersecurity to Cyber Resilience
byaccenture
 
Security management concepts and principles
byDivya Tiwari
 
Cybersecurity
byANGIEPAEZ304
 
ملخص النهائي لضوابط الامن السيبراني
byNaifAlghamdi31
 
Chapter 5
bysivadnolram
 
Cyber Resilience
byIan-Edward Stafrace
 
Implementing a Security Framework based on ISO/IEC 27002
bypgpmikey
 
Security policy
byDhani Ahmad
 
Physical access control
byAhsin Yousaf
 
NIST cybersecurity framework
byShriya Rai
 
A to Z of Information Security Management
byMark Conway
 
Information security policy_2011
bycodka
 

Similar to Information Security Management.Introduction

PPTX
ISM-CS5750-01.pptx
byRashidSahito1
 
PPT
information security management
byGurpreetkaur838
 
PPTX
DR PANKAJ SIR (1).pptx
byAdityaMishra105898
 
PPT
Information security background
byNicholas Davis
 
PPT
Information Security Background
byNicholas Davis
 
PDF
Introduction-to-Information-Security-and-Management.pdf
bypatriciajulienetolen2
 
PPT
Information Security
bychenpingling
 
PPTX
Chapter_1_Detailed_Information_Security_Presentation.pptx
byYakob Utama Chandra ,SE., MMSI
 
PPTX
c plus plus ssssssssssssssssssssssssssss
byASKMEDIA
 
PPTX
Chapter 1_Overview hhhhhhhhhhhhhhhhhhhhhhhhhh
byASKMEDIA
 
PPT
chapter 1. Introduction to Information Security
byelmuhammadmuhammad
 
PDF
Information security means protecting information (data) and informa.pdf
byANSAPPARELS
 
PPT
InfoSec Mangement Network and Information Security
bycsmaharma
 
DOCX
Unit 1 Information Security.docx
byPrernaThakwani
 
PPTX
Introduction to Information security ppt
bykrishkiran2408
 
PPTX
Introduction to Information security ppt
bykrishkiran2408
 
PPTX
Ch01_MoIS5e_v02.pptx business business business business
byJawaherAlbaddawi
 
PPTX
D1 security and risk management v1.62
byAlliedConSapCourses
 
PDF
Information Security - Goals, Challenges, and Best Practices Discussed | USCSI®
byUnited States Cybersecurity Institute (USCSI®)
 
PPTX
Computer Literacy Chapter_1_Unit1_2022.ppt
byLwandoMatilose
 
ISM-CS5750-01.pptx
byRashidSahito1
 
information security management
byGurpreetkaur838
 
DR PANKAJ SIR (1).pptx
byAdityaMishra105898
 
Information security background
byNicholas Davis
 
Information Security Background
byNicholas Davis
 
Introduction-to-Information-Security-and-Management.pdf
bypatriciajulienetolen2
 
Information Security
bychenpingling
 
Chapter_1_Detailed_Information_Security_Presentation.pptx
byYakob Utama Chandra ,SE., MMSI
 
c plus plus ssssssssssssssssssssssssssss
byASKMEDIA
 
Chapter 1_Overview hhhhhhhhhhhhhhhhhhhhhhhhhh
byASKMEDIA
 
chapter 1. Introduction to Information Security
byelmuhammadmuhammad
 
Information security means protecting information (data) and informa.pdf
byANSAPPARELS
 
InfoSec Mangement Network and Information Security
bycsmaharma
 
Unit 1 Information Security.docx
byPrernaThakwani
 
Introduction to Information security ppt
bykrishkiran2408
 
Introduction to Information security ppt
bykrishkiran2408
 
Ch01_MoIS5e_v02.pptx business business business business
byJawaherAlbaddawi
 
D1 security and risk management v1.62
byAlliedConSapCourses
 
Information Security - Goals, Challenges, and Best Practices Discussed | USCSI®
byUnited States Cybersecurity Institute (USCSI®)
 
Computer Literacy Chapter_1_Unit1_2022.ppt
byLwandoMatilose
 

Recently uploaded

PPTX
CBD Belgium 2025 - The adventures of a Microsoft 365 Platform Owner.pptx
byJasper Oosterveld
 
PDF
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
PPTX
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
PDF
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
PDF
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
PDF
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
PDF
The Journey Is The Reward - Apple Maps Travel Companion
byJohn Andrews
 
PDF
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
PDF
Session 4 - Specialized AI Associate Series: UiPath Document Understanding O...
byDianaGray10
 
PDF
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
PDF
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
PPTX
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
PDF
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
PPTX
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
PDF
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
PPTX
"Daily workflows with Cursor IDE", Maksym Anisimov
byFwdays
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
PDF
Rivian's Push Notification Sub Stream with Mega Filter by Marcus Kim & Saahil...
byScyllaDB
 
PDF
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
PPTX
WUG-DMV: Workfront Wizards: Tips & Tricks Exchange (Sept 2025)
byWUG-DC MARYLAND VIRGINIA
 
CBD Belgium 2025 - The adventures of a Microsoft 365 Platform Owner.pptx
byJasper Oosterveld
 
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
The Journey Is The Reward - Apple Maps Travel Companion
byJohn Andrews
 
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
Session 4 - Specialized AI Associate Series: UiPath Document Understanding O...
byDianaGray10
 
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
"Daily workflows with Cursor IDE", Maksym Anisimov
byFwdays
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
Rivian's Push Notification Sub Stream with Mega Filter by Marcus Kim & Saahil...
byScyllaDB
 
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
WUG-DMV: Workfront Wizards: Tips & Tricks Exchange (Sept 2025)
byWUG-DC MARYLAND VIRGINIA
 

Information Security Management.Introduction

  • 1.
    Information Security Management Introduction By YulianaMartirosyan Based on Bell G. Reggard, (2010) Information Security Management. Concepts and Practices.
  • 2.
  • 3.
    • Introduction • Layersof personnel around an information resources Operator -System- Security Staff Security Administrator System Owner Information Security Management Introduction to Information Security Management
  • 4.
    Information Security Management •Why Information Security Matters? • Information drives enterprise business value generation. • Information is the basis of competitive advantage. • Assets are very independent. To protect one asset the whole computing environment should be protected. Introduction to Information Security Management
  • 5.
    Information Security Management InformationSensitivity Classification Information sensitivity taxonomy Introduction to Information Security Management Information Sensitivity Public Information Confidential Information Internal Use Proprietary Information Highly Confidential Top Secret
  • 6.
    Information Security Management InformationSecurity Governance Corporate governance has to do with how the board of directors and executive management run and control a company IT governance is how technology is used and managed so that it supports business needs. Information security governance is a coherent system of integrated security components • products • personnel • training • processes • policies ... that exist to ensure that the organization survives and hopefully thrives. Introduction to Information Security Management
  • 7.
    The Computing Environment Securityof an information system Information System Security People security Technology Security Network Security Security of IS Activities Data Security Information Security Management Introduction to Information Security Management
  • 8.
    Security of VariousComponents in the Computer Environments Protecting organization, information system , or any computing environment means following: • Personal security to protect people • Qualification assurance • Specifications of the job • Security clearance • Screening Assurance • Authorizing of process • Security Training • Nondisclosure Agreement Information Security Management Introduction to Information Security Management
  • 9.
    Security of aninformation system 1. Introduction to Information Security Management CIA Triad CIA Triad Confidentiality Integrity Availability
  • 10.
    CIA triad suffersfrom at least 2 drawbacks: Security Star Model Confidentiality Availability Non-Repudiation Integrity Authentication 1. Introduction to Information Security Management The Security Star
  • 11.
    Parker’s View ofInformation Security Parker’s View of Information Security • CIA Triad • Authenticity • Possession Envelope • Utility Possession defines ownership or control of information Authenticity aims at ensuring that the origin of the transmission is correct and that the authorship of the transmitted documents is valid Utility emphasized the usefulness of the information in possession Information Security Management Introduction to Information Security Management
  • 12.
    What is InformationSecurity Management 1. Identify computing environment, define its critically, prioritize its contribution to the organization’s business-value-generation capabilities; 2. Identify all security risks, assess them, mitigate them by devising a comprehensive risk- driven security program; 3. Provide continual improvement of the organization’s risk position. Information Security Management Introduction to Information Security Management
  • 13.
    Security Controls Managerial Controls: •Risk Assessment • Planning • System and Service acquisition • Certification, accreditation and security assessment Technical Controls: • Personnel Security • Physical and environmental protection • Contingency planning • Configuration management Information Security Management Introduction to Information Security Management
  • 14.
    Security Controls Operational Controls: •Personnel Security • Physical and environmental protection • Contingency planning • Configuration management • Maintenance • System and Information Integrity • Media Protection • Incident Response • Awareness and Training Information Security Management Introduction to Information Security Management
  • 15.
    The NSA Triadfor Security Assessment Assessment - Security Planning for 3 years Not technical, often qualitative Doesn’t involve any testing Collaborative, often shared by users, managers, and owner Evaluation - How to use technology to support information security Technical but not invasive Passive testing required for self study Collaborative to some extends Involves diagnostic tools Involves internal audit Information Security Management Introduction to Information Security Management
  • 16.
    The NSA Triadfor Security Assessment Penetration Testing Non-collaborative Technical in nature Invasive in nature Involves external audit Active penetration tests Risk to compromise the target system exists but has to be avoided Active assessment expertise is required Information Security Management Introduction to Information Security Management

Editor's Notes

  • #3 A computing environment as Raggad’s taxonomy of information security is made up for five continuously interacting components. Information system is viewed as smaller computing environment made to efficiently achieve information system objectives.
  • #5 Information security cannot just be devised based on the specifications of security solutions; a thorough study of the organization business value generation model and its computing environment is needed before prescribing any security programs. Any security investigation has to be risk driven Off-the -self solutions will not work : 1. security requirements vary depending on vulnerabilities and threats of organization’s computing environment 2. the effect and consequences of similar security incidents vary from one organization to another.
  • #6 Information sensitivity taxonomy proposed by the ISO/IEC 177799 or ISO/IEC 27002.
  • #11 CIA triad suffers from at least 2 drawbacks: The tree security goals are not sufficient and more security goals have to be added A risk-driven model based on CIA is not sufficient to achieve security as long as security management is not incorporated in the security model. Authentication - verifying the identity of an agent before access is granted smart cards, public key, biometrics Non-Repudiation - both ends of transmission cannot deny their involvement in the transmission: Digital signatures
  • #12 Possession: Even if information is securely encrypted in a packet, just loosing the packet is a breach of possession Utility: if information is available to you in an encrypted form, but you have no way to decrypt it this information is not useful to you
  • #13 Provide continual improvement of the organization’s risk position: automatically revising the risk driven security program as security requirements change with changes in computing environment