Meletis Belsis MPhil/MRes/BSc, profile picture
Uploaded byMeletis Belsis MPhil/MRes/BSc
PPT, PDF315 views

Meletis BelsisManaging and enforcing information security

This document provides an overview of key topics in information security: - It discusses the challenges of implementing information security programs and outlines the importance of processes over products. - An Information Security Management System (ISMS) is presented as the foundation for establishing security policies, procedures, and responsibilities. - Authentication and provisioning systems are described as ways to centrally manage user identities and access across applications. - The importance of vulnerability assessment, policy compliance, and log monitoring tools is highlighted to help detect threats, ensure compliance, and aid auditing. - Endpoint security, access control, and data leakage prevention are outlined as methods to enforce security policies across networked devices and sensitive data.

Download to read offline
Managing and Enforcing Information SecurityManaging and Enforcing Information Security June 2008June 2008 Belsis Meletis MPhil, MRes, BSc CWNA, CWSP, Network+, C|EH, ISO27001LA
AgendaAgenda • Information Security • ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection
Information SecurityInformation Security • Information Security is difficult to implement due to the following: • The cost of implementing a security system should not exceed the value of the data to be secured. • Industries pay huge amount of money for industrial espionage. • Users feel that security is going to take their freedom away and so they often sabotage the security measures. • Computer prices have fallen dramatically and the number of hackers have been multiplied. • Security managers work under strict money and time schedule. • Hackers often cooperate with known criminals. • Almost 80% of attacks come from Internal threats and partners. • The number of technologies, standards and methodologies exist today are enough to confuse even experts.
Information SecurityInformation Security “In the real world, security involves processes. It involves preventive technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process.…. ” Bruce Schneier (Secrets and Lies, Wiley and Sons Inc.)
Information SecurityInformation Security • Security contains a number of tools , processes and techniques. • These in general cover three main requirements: – Confidentiality – Integrity – Availability • Depending on the security requirements a system has, one can concentrate only on one of the previous or all of them. • A new requirement enforced today is non-repudiation.
AgendaAgenda • Information Security • ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection
ISMSISMS • Security should always start with the development of an ISMS system. • The Information Security Management System(ISMS) is the part of the overall management system, based on business risk approach, to establish, implement, operate , monitor, review, maintain and improve information security (ISO 27001 Standard). • The management system should include: • Organisational structure and Responsibilities • Policies, Procedures , Processes and Practises • Planning Activities and Resources
Information Security Management Program ImplementationInformation Security Management Program Implementation Policy & Standards Physicalaccess RemoteAccess InternetPolicy Appl.Security Policy System Policy Technology Standards VPN Tokens Firewalls Implementation GuidelinesInstallation and configuration Operational Management Corporate Policy Operations Host-Sec. ContentSec. ProcessManagemen t
ISO27001 AdvantagesISO27001 Advantages • ISO 27001 is an International Standard giving requirements related to Information Security Management System. • The advantages of an ISO27001 Certification : • Ensure confidentiality, integrity and availability of information to maintain competitive edge, cash-flow, profitability and commercial image. • Comply with legal, statutory, regulatory and contractual requirements. • Improve corporate governance and assurance to stakeholders such as shareholders, clients, consumers and suppliers. • Identify threats to assets, vulnerabilities, likelihood of occurrence and potential impact to appropriate allocate investment.
AgendaAgenda • Information Security • ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection
Authentication and ProvisioningAuthentication and Provisioning • The management Headache  Applications and Locations are added almost daily.  Changes to headcounts have by multiplied.  The cost of IT Management has been increased (e.g. it is estimated that the cost to reset a password in a medium size organisation is $20)  Maintain Security Standards compliance is necessary (i.e. ISO27001,SoX,PCI).  Many man-hours of management time spent approving resource requests
Authentication and ProvisioningAuthentication and Provisioning • The Security Headache  User provisioning for all applications is time consuming  13%-15% of help desk phone calls involve password reset.  Users use yellow stickers to write and remember the different passwords.  Long lag time between user termination & disablement of IDs.  Users have to access different applications and platforms (i.e. HPUX, Linux, Windows2003) .  Security Auditors require many different information.  Authentication method may be different for each application (e.g. Password Policies, Tokens, Idle Timeout) User needs to manually sign in to every application! User Mainframe Apps Intranet Web Apps
Identity ChaosIdentity Chaos Enterprise Directory HRHR SystemSystem InfraInfra ApplicationApplication LotusLotus Notes AppsNotes Apps In-HouseIn-House ApplicationApplication COTSCOTS ApplicationApplication NOSNOS In-HouseIn-House ApplicationApplication •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authorization •Identity Data •Authentication •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data
Authentication and ProvisioningAuthentication and Provisioning • Identity Management Systems allows individuals to use a user name, password or other personal identification to sign on to the enterprise applications • IDM Systems Offer • Centralized management of all user identities and access rights. • Automated (de-)provisioning of accounts • Centralized access management for heterogeneous networks (e.g. Web applications, Systems ) • Strong and flexible password management policies • User Account Self Management • Identification/removal of inactive accounts • Full automated workflow approval path • Reset passwords (revalidate users) • Monitor all Identity related events • IDM requires Roles and Processes to be clearly defined • IDM reduces the Organization Cost and increases Productivity
Identity ManagementIdentity Management •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authorization •Identity Data •Authentication •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data IdentityIntegrationServerIdentityIntegrationServer Enterprise Directory HRHR SystemSystem InfraInfra ApplicationApplication LotusLotus Notes AppsNotes Apps In-HouseIn-House ApplicationApplication COTSCOTS ApplicationApplication NOSNOS
Authentication and ProvisioningAuthentication and Provisioning • Single Sign On (SSO) allow users to log in to virtually any system using a single log on procedure, • Allows administrators to choose an authentication method (e.g. Tokes, Passwords, Biometrics) • Seamless authentication for heterogeneous environments. • Centrally provide Session Management • End-to-end audits of user activity across disparate systems • Reduces frustrations from multiple passwords • Reduces the threats from the yellow stickers • Provide Workstation features like • Station Lock • Proximity Detectors and RF Badges • Single Sing Off • Session Migration • SSO Integrates with user provisioning solutions to further Increase productivity time. User ID &User ID & PasswordPassword TokenToken SmartSmart CardCard MS CAPIMS CAPI CertificateCertificate BiometricsBiometrics LDAPLDAP RF BadgeRF Badge ju9$7%%a&uju9$7%%a&u r2d2q3 &%$@((^g%$@#&&%$@((^g%$@#& dk4&4j7%w#psikep84m$sodk4&4j7%w#psikep84m$so PKIPKI CertificateCertificate encryptedencrypted passtickepassticke tt Sign-OnSign-On ServerServer Application HostsApplication Hosts NT/UNIXNT/UNIX OS/390OS/390 NovellNovell AS400AS400 Web ServersWeb Servers
INNOVA S.A.INNOVA S.A. AgendaAgenda • Information Security • ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection • Innova S.A
Monitoring and ComplianceMonitoring and Compliance • What Do I Need To Do? – Businesses everywhere are attempting to cost effectively comply with multiple external & internal mandates (e.g. ISO27001,SoX,PCI). – Administrators have to defend their systems against new vulnerabilities. – Security experts need to identify incidents. – Auditors need to see proof of due care that IT security policies are sufficient, in place, and effective • How Do I Do It? – Automatically test platforms for security compliance on a scheduled basis – Regularly test systems for new vulnerabilities. – Enforce the regular analysis of log files to detect unauthorized actions.
Vulnerability Assessment ToolsVulnerability Assessment Tools • Regular tests ensure that systems are protected from new vulnerabilities. • Vulnerability Assessment tools have databases with thousands of vulnerabilities. • Frequent update of these tools are necessary. • Two types of VA tools • Internet Based Services • Network Internal • Some of these tools offer compliance scans with different standards i.e. PCI • VA tools allows managers to schedule automated assessment jobs. • Reports from these tools are used to patch vulnerable systems and/or develop strategic security plans. • Reports can also be submitted to Security Auditors.
Policy CompliancePolicy Compliance • Enterprises are finding that implementing new regulatory policies and procedures in an automated and efficient manner is very challenging. • The effort of translating the policy into actual technical controls and triggers is complicated and cumbersome • Policy Compliant platforms connect to corporate systems and test system configuration against pre specified security policies (i.e. size and type of passwords, Administrator access type) • Policy Compliance platforms: • Assist Enterprises to maintain configuration baseline over time. • Maps industry-accepted frameworks, standards (i.e. ISO27001, PCI, SoX) and corporate policies to a set of technical controls and policies • Provide assessment of heterogeneous systems (i.e. Unix, Windows). • Provide risk-based reports and proposed remediation techniques. • Improve Operational Cost and ensure policy compliance. • Prove Compliance to internal and external Auditors
Monitoring and AnalysisMonitoring and Analysis • Enterprise IT Infrastructure elements provide a number of Audit/log records • Logs grow large to be viewed using manual techniques • Log and audit data are usually written in the local platforms • Cross platform analysis of log data are almost impossible • Monitoring tools collect records from different platforms. • Collected logs can be correlated, analyzed and viewed in real time. • Provide advance visualization techniques of the status of the Infrastructure • Forensics analysis help respond to security incidents and identify malicious acts. • Help Engineers in detecting and solving network problems. • Assist in the Audit process by being able to produce proofs. • Provides an "information warehouse" for corporate data that can be mined as a knowledge resource using built-in index and search technologies
AgendaAgenda • Information Security • ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection
Endpoint SecurityEndpoint Security • Today Enterprise Infrastructures are not isolated • Sales employees use laptop computers and PDAs to connect to the corporate networks. • Teleworking is a new trend to reduce corporate OpEx • Standby engineers use laptop to connect to the corporate networks almost daily. • Threats to the endpoints can be easily provide a door for adversaries to access the corporate network (e.g. Virus, Trojan Horses, Unpatched Systems). • Endpoint security software ensures that endpoints are compliant with the corporate security Policy: • Endpoint security provides central control over the endpoint devices used by employees and partners. • Spec aliased endpoint clients can be installed on the enterprise Critical Infrastructure Servers. • Host Intrusion Protection • Antivirus • Buffer Overflow Protection • File/Disk Encryption • Personal Firewall • Application Control • Host Integrity Checking • Patch Management
Endpoint SecurityEndpoint Security 2 4 Mobile User SSL VPN On-Demand NAC Wireless On-Demand and 802.1x NAC Mobile User or Guest Home User Partner or Supplier Web Application On-Demand NAC WAN Router In Line NAC Ethernet 802.1x NAC Ethernet DHCP NAC Remote Office Embedded Windows Device Wired User Wired User IPSec VPN API NAC
Access ControlAccess Control • Enterprises today based their business almost solely on the data stored in their IT Systems. • Controlling access on these data is vital for the protection of the Enterprise. • Access Control platforms allow Administrators to centrally control and enforce access on the Corporate data: • Enforce access accountability and segregation of duties • Centrally apply access control policies and rules to reduce administrative cost and complexity • Enforce fine level of control on • Files and Folders • Processes • Privileged Programs • Network Connections • Terminals • Reduce cross-platform management overhead and meet internal and external audit requirement • Access control tools required that a defined access control policy exist
Data LeakageData Leakage • Data leakage tools provide finer level of control on the access restrictions allowed on the corporate data. • Data leakage enforces the corporate access control policy by providing deep content inspection: • Automated discovery of corporate confidential information stored on endpoints and servers. • Network Scan to detect and stop confidential information transmitted using different types of applications and protocols e.g. IM, Emails, HTTP,FTP. • Controls the distribution of information using USB Drives, CDROMS, Emails, and printouts at the point of use where information is accessed and stored. • Display alerts for data access violation and develop Incident Response Workflows. • Control data input /output from heterogeneous applications and databases. • Provide a cost effective way to receive Standards Compliance for Legacy and Web Applications. EMAIL & WEB UPLOADS IM / FTP / P2P FILE TRANSFER REMOVABLE MEDIA (CD, USB…) HARDCOPY (Printers, PDF) NETWORK RESOURCES LEGACY APPS ENTERPRISE APPLICATIONS (Clipboard, Exports) UNSTRUCTURED DATA & FILE SHARING (Copy, Move…)
INNOVA S.A.INNOVA S.A. AgendaAgenda • Information Security • ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection
Questions ?
Meletis BelsisManaging and enforcing information security

More Related Content

PDF
Information Security Management 101
byJerod Brennen
 
PPT
Information security management
byUMaine
 
PPTX
MIS: Information Security Management
byJonathan Coleman
 
PPTX
Information Security Blueprint
byZefren Edior
 
PDF
Ooredoo%20Security%20Managed%20Services
byMuhammad Mudassar
 
PPT
2008: Web Application Security Tutorial
byNeil Matatall
 
PDF
Information Security
byWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
PDF
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
byIGN MANTRA
 
Information Security Management 101
byJerod Brennen
 
Information security management
byUMaine
 
MIS: Information Security Management
byJonathan Coleman
 
Information Security Blueprint
byZefren Edior
 
Ooredoo%20Security%20Managed%20Services
byMuhammad Mudassar
 
2008: Web Application Security Tutorial
byNeil Matatall
 
Information Security
byWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
byIGN MANTRA
 

What's hot

PPTX
Information security
byavinashbalakrishnan2
 
PPTX
Soc
byMukesh Chaudhari
 
PDF
Chapter 1 introduction(web security)
byKirti Ahirrao
 
PDF
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
PPT
information security management
byGurpreetkaur838
 
PPT
Introduction to information security
byKumawat Dharmpal
 
PPTX
information security (Audit mechanism, intrusion detection, password manageme...
byZara Nawaz
 
PPT
Security technologies
byDhani Ahmad
 
PPT
Information Security Background
byNicholas Davis
 
PPT
CompTIA Security+ Module1: Security fundamentals
byGanbayar Sukhbaatar
 
PPT
Introduction to information security
byDhani Ahmad
 
PPTX
Security Awareness and Training
byPriyank Hada
 
PPT
1. security management practices
by7wounders
 
PPTX
Information security management best practice
byparves kamal
 
PPT
Information security
byrazendar79
 
PPT
Introduction to Information Security
byDr. Loganathan R
 
PPTX
Security & control in mis
byVishal Patyal
 
PPTX
IBM i Security: Identifying the Events That Matter Most
byPrecisely
 
PPTX
Introduction to information security
byKATHEESKUMAR S
 
PPTX
CISSP Certification- Security Engineering-part1
byHamed Moghaddam
 
Information security
byavinashbalakrishnan2
 
Soc
byMukesh Chaudhari
 
Chapter 1 introduction(web security)
byKirti Ahirrao
 
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
information security management
byGurpreetkaur838
 
Introduction to information security
byKumawat Dharmpal
 
information security (Audit mechanism, intrusion detection, password manageme...
byZara Nawaz
 
Security technologies
byDhani Ahmad
 
Information Security Background
byNicholas Davis
 
CompTIA Security+ Module1: Security fundamentals
byGanbayar Sukhbaatar
 
Introduction to information security
byDhani Ahmad
 
Security Awareness and Training
byPriyank Hada
 
1. security management practices
by7wounders
 
Information security management best practice
byparves kamal
 
Information security
byrazendar79
 
Introduction to Information Security
byDr. Loganathan R
 
Security & control in mis
byVishal Patyal
 
IBM i Security: Identifying the Events That Matter Most
byPrecisely
 
Introduction to information security
byKATHEESKUMAR S
 
CISSP Certification- Security Engineering-part1
byHamed Moghaddam
 

Similar to Meletis BelsisManaging and enforcing information security

PPTX
ISO 27001 2022 REQUIREMENTS EXPLAINED 4.pptx
byJustinNickaf3
 
PPT
Info.ppt
byMuhammadJunaid838607
 
PDF
ISMS_of ISO 27001-2022-awareness training
byHananZayed4
 
PDF
ISO27001: Implementation & Certification Process Overview
byShankar Subramaniyan
 
PDF
ISO 27001
byn|u - The Open Security Community
 
PPTX
Governance and management of IT.pptx
byPrashant Singh
 
PDF
GDPR compliance and information security: Reducing data breach risks
byIT Governance Ltd
 
PDF
1678784047-mid_sem-2.pdf
byRimurutempest594985
 
PPTX
ISO27k Awareness presentation v2.pptx
byNapoleon NV
 
PDF
Introduction-to-Information-Security-and-Management (2).pdf
bypatriciajulienetolen2
 
PPTX
ISO27k Awareness presentation.pptx
byharigopala
 
PDF
Chapter 7 Managing Secure System.pdf
byAbuHanifah59
 
PPTX
Dancyrityshy 1foundatioieh
byAnne Starr
 
PDF
Information Security It's All About Compliance
byDinesh O Bareja
 
PDF
20CS024 Ethics in Information Technology
byKathirvel Ayyaswamy
 
PDF
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
byIGN MANTRA
 
PPTX
D1 security and risk management v1.62
byAlliedConSapCourses
 
PDF
CNIT 160 4d Security Program Management (Part 4)
bySam Bowne
 
PPT
University iso 27001 bgys intro and certification lami kaya may2012
byHakem Filiz
 
PDF
Valiente Balancing It SecurityCompliance, Complexity & Cost
byGuardEra Access Solutions, Inc.
 
ISO 27001 2022 REQUIREMENTS EXPLAINED 4.pptx
byJustinNickaf3
 
Info.ppt
byMuhammadJunaid838607
 
ISMS_of ISO 27001-2022-awareness training
byHananZayed4
 
ISO27001: Implementation & Certification Process Overview
byShankar Subramaniyan
 
ISO 27001
byn|u - The Open Security Community
 
Governance and management of IT.pptx
byPrashant Singh
 
GDPR compliance and information security: Reducing data breach risks
byIT Governance Ltd
 
1678784047-mid_sem-2.pdf
byRimurutempest594985
 
ISO27k Awareness presentation v2.pptx
byNapoleon NV
 
Introduction-to-Information-Security-and-Management (2).pdf
bypatriciajulienetolen2
 
ISO27k Awareness presentation.pptx
byharigopala
 
Chapter 7 Managing Secure System.pdf
byAbuHanifah59
 
Dancyrityshy 1foundatioieh
byAnne Starr
 
Information Security It's All About Compliance
byDinesh O Bareja
 
20CS024 Ethics in Information Technology
byKathirvel Ayyaswamy
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
byIGN MANTRA
 
D1 security and risk management v1.62
byAlliedConSapCourses
 
CNIT 160 4d Security Program Management (Part 4)
bySam Bowne
 
University iso 27001 bgys intro and certification lami kaya may2012
byHakem Filiz
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
byGuardEra Access Solutions, Inc.
 

More from Meletis Belsis MPhil/MRes/BSc

PPT
Meletis Belsis -CSIRTs
byMeletis Belsis MPhil/MRes/BSc
 
PPT
Meletis Belsis - Introduction to information security
byMeletis Belsis MPhil/MRes/BSc
 
PDF
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
byMeletis Belsis MPhil/MRes/BSc
 
PPT
Meletis Belsis - IMS Security
byMeletis Belsis MPhil/MRes/BSc
 
PDF
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
byMeletis Belsis MPhil/MRes/BSc
 
PPT
Meletis Belsis - Voip security
byMeletis Belsis MPhil/MRes/BSc
 
PPT
Meletis Belsis - Workflow based Incident Management Model
byMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis -CSIRTs
byMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Introduction to information security
byMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
byMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - IMS Security
byMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
byMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Voip security
byMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Workflow based Incident Management Model
byMeletis Belsis MPhil/MRes/BSc
 

Recently uploaded

PDF
Categorisation_of_Cyber_Attacks for hnd pearson level 4 students
byhawa175590
 
PDF
Submission Start Now....! International Journal of Ubiquitous Computing (IJU)
byijujournal
 
PDF
Submit Your Research Papers...! IJCI welcomes conferences to publish their p...
byIJCI JOURNAL
 
PDF
Missouri Mobile App Development Company Addresses Safety Concerns After UPS P...
byMike Brown
 
PPT
Tools in communication technologies - CT
byswisssom2025
 
PPTX
C++ chapter 1-Introduction to Computer Programming.pptx
byfirehiwot8
 
PPTX
Intellectual Property Code of the Philippines_20251030_085011_0000.pptx
byronthefourth
 
PDF
Top 10 Countries to Hire Remote Developers in 2025 copy.pdf
byOuranos Technologies Pvt Ltd
 
PPTX
C++ Chapter about pointers in programming
byfirehiwot8
 
PPTX
SaferNet: Simplifying Security with Smart Device Management
bySafernet
 
PPTX
Презентация Филимонов (английский).pptx
bydragonnonext
 
PPT
C++ Chapter 6-pointers about pointers in programming
byfirehiwot8
 
PDF
Viktor Huszag - Amadeus IT Group - Anti-Fraud Policy
byViktor Huszag
 
PPTX
Elastic meetup - From Search to Smart: Python + Elastic ELSER.pptx
bysmollinga
 
PPTX
Mod 2-ICT as the medium for advocacy.pptx
byMelyangIntong
 
PDF
10 Interesting Facts About Infinite Craft
byMiranda Croftoon
 
PDF
What is Crypto SIP & How It Works | Beginner’s Guide to Crypto SIP Investments
by3verseTV
 
PDF
The walking dead series-Apresentation free dowload.pdf
byDinisPires6
 
Categorisation_of_Cyber_Attacks for hnd pearson level 4 students
byhawa175590
 
Submission Start Now....! International Journal of Ubiquitous Computing (IJU)
byijujournal
 
Submit Your Research Papers...! IJCI welcomes conferences to publish their p...
byIJCI JOURNAL
 
Missouri Mobile App Development Company Addresses Safety Concerns After UPS P...
byMike Brown
 
Tools in communication technologies - CT
byswisssom2025
 
C++ chapter 1-Introduction to Computer Programming.pptx
byfirehiwot8
 
Intellectual Property Code of the Philippines_20251030_085011_0000.pptx
byronthefourth
 
Top 10 Countries to Hire Remote Developers in 2025 copy.pdf
byOuranos Technologies Pvt Ltd
 
C++ Chapter about pointers in programming
byfirehiwot8
 
SaferNet: Simplifying Security with Smart Device Management
bySafernet
 
Презентация Филимонов (английский).pptx
bydragonnonext
 
C++ Chapter 6-pointers about pointers in programming
byfirehiwot8
 
Viktor Huszag - Amadeus IT Group - Anti-Fraud Policy
byViktor Huszag
 
Elastic meetup - From Search to Smart: Python + Elastic ELSER.pptx
bysmollinga
 
Mod 2-ICT as the medium for advocacy.pptx
byMelyangIntong
 
10 Interesting Facts About Infinite Craft
byMiranda Croftoon
 
What is Crypto SIP & How It Works | Beginner’s Guide to Crypto SIP Investments
by3verseTV
 
The walking dead series-Apresentation free dowload.pdf
byDinisPires6
 

Meletis BelsisManaging and enforcing information security

  • 1.
    Managing and EnforcingInformation SecurityManaging and Enforcing Information Security June 2008June 2008 Belsis Meletis MPhil, MRes, BSc CWNA, CWSP, Network+, C|EH, ISO27001LA
  • 2.
    AgendaAgenda • Information Security •ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection
  • 3.
    Information SecurityInformation Security •Information Security is difficult to implement due to the following: • The cost of implementing a security system should not exceed the value of the data to be secured. • Industries pay huge amount of money for industrial espionage. • Users feel that security is going to take their freedom away and so they often sabotage the security measures. • Computer prices have fallen dramatically and the number of hackers have been multiplied. • Security managers work under strict money and time schedule. • Hackers often cooperate with known criminals. • Almost 80% of attacks come from Internal threats and partners. • The number of technologies, standards and methodologies exist today are enough to confuse even experts.
  • 4.
    Information SecurityInformation Security “Inthe real world, security involves processes. It involves preventive technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process.…. ” Bruce Schneier (Secrets and Lies, Wiley and Sons Inc.)
  • 5.
    Information SecurityInformation Security •Security contains a number of tools , processes and techniques. • These in general cover three main requirements: – Confidentiality – Integrity – Availability • Depending on the security requirements a system has, one can concentrate only on one of the previous or all of them. • A new requirement enforced today is non-repudiation.
  • 6.
    AgendaAgenda • Information Security •ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection
  • 7.
    ISMSISMS • Security shouldalways start with the development of an ISMS system. • The Information Security Management System(ISMS) is the part of the overall management system, based on business risk approach, to establish, implement, operate , monitor, review, maintain and improve information security (ISO 27001 Standard). • The management system should include: • Organisational structure and Responsibilities • Policies, Procedures , Processes and Practises • Planning Activities and Resources
  • 8.
    Information Security ManagementProgram ImplementationInformation Security Management Program Implementation Policy & Standards Physicalaccess RemoteAccess InternetPolicy Appl.Security Policy System Policy Technology Standards VPN Tokens Firewalls Implementation GuidelinesInstallation and configuration Operational Management Corporate Policy Operations Host-Sec. ContentSec. ProcessManagemen t
  • 9.
    ISO27001 AdvantagesISO27001 Advantages •ISO 27001 is an International Standard giving requirements related to Information Security Management System. • The advantages of an ISO27001 Certification : • Ensure confidentiality, integrity and availability of information to maintain competitive edge, cash-flow, profitability and commercial image. • Comply with legal, statutory, regulatory and contractual requirements. • Improve corporate governance and assurance to stakeholders such as shareholders, clients, consumers and suppliers. • Identify threats to assets, vulnerabilities, likelihood of occurrence and potential impact to appropriate allocate investment.
  • 10.
    AgendaAgenda • Information Security •ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection
  • 11.
    Authentication and ProvisioningAuthenticationand Provisioning • The management Headache  Applications and Locations are added almost daily.  Changes to headcounts have by multiplied.  The cost of IT Management has been increased (e.g. it is estimated that the cost to reset a password in a medium size organisation is $20)  Maintain Security Standards compliance is necessary (i.e. ISO27001,SoX,PCI).  Many man-hours of management time spent approving resource requests
  • 12.
    Authentication and ProvisioningAuthenticationand Provisioning • The Security Headache  User provisioning for all applications is time consuming  13%-15% of help desk phone calls involve password reset.  Users use yellow stickers to write and remember the different passwords.  Long lag time between user termination & disablement of IDs.  Users have to access different applications and platforms (i.e. HPUX, Linux, Windows2003) .  Security Auditors require many different information.  Authentication method may be different for each application (e.g. Password Policies, Tokens, Idle Timeout) User needs to manually sign in to every application! User Mainframe Apps Intranet Web Apps
  • 13.
    Identity ChaosIdentity Chaos EnterpriseDirectory HRHR SystemSystem InfraInfra ApplicationApplication LotusLotus Notes AppsNotes Apps In-HouseIn-House ApplicationApplication COTSCOTS ApplicationApplication NOSNOS In-HouseIn-House ApplicationApplication •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authorization •Identity Data •Authentication •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data
  • 14.
    Authentication and ProvisioningAuthenticationand Provisioning • Identity Management Systems allows individuals to use a user name, password or other personal identification to sign on to the enterprise applications • IDM Systems Offer • Centralized management of all user identities and access rights. • Automated (de-)provisioning of accounts • Centralized access management for heterogeneous networks (e.g. Web applications, Systems ) • Strong and flexible password management policies • User Account Self Management • Identification/removal of inactive accounts • Full automated workflow approval path • Reset passwords (revalidate users) • Monitor all Identity related events • IDM requires Roles and Processes to be clearly defined • IDM reduces the Organization Cost and increases Productivity
  • 15.
  • 16.
    Authentication and ProvisioningAuthenticationand Provisioning • Single Sign On (SSO) allow users to log in to virtually any system using a single log on procedure, • Allows administrators to choose an authentication method (e.g. Tokes, Passwords, Biometrics) • Seamless authentication for heterogeneous environments. • Centrally provide Session Management • End-to-end audits of user activity across disparate systems • Reduces frustrations from multiple passwords • Reduces the threats from the yellow stickers • Provide Workstation features like • Station Lock • Proximity Detectors and RF Badges • Single Sing Off • Session Migration • SSO Integrates with user provisioning solutions to further Increase productivity time. User ID &User ID & PasswordPassword TokenToken SmartSmart CardCard MS CAPIMS CAPI CertificateCertificate BiometricsBiometrics LDAPLDAP RF BadgeRF Badge ju9$7%%a&uju9$7%%a&u r2d2q3 &%$@((^g%$@#&&%$@((^g%$@#& dk4&4j7%w#psikep84m$sodk4&4j7%w#psikep84m$so PKIPKI CertificateCertificate encryptedencrypted passtickepassticke tt Sign-OnSign-On ServerServer Application HostsApplication Hosts NT/UNIXNT/UNIX OS/390OS/390 NovellNovell AS400AS400 Web ServersWeb Servers
  • 17.
    INNOVA S.A.INNOVA S.A. AgendaAgenda •Information Security • ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection • Innova S.A
  • 18.
    Monitoring and ComplianceMonitoringand Compliance • What Do I Need To Do? – Businesses everywhere are attempting to cost effectively comply with multiple external & internal mandates (e.g. ISO27001,SoX,PCI). – Administrators have to defend their systems against new vulnerabilities. – Security experts need to identify incidents. – Auditors need to see proof of due care that IT security policies are sufficient, in place, and effective • How Do I Do It? – Automatically test platforms for security compliance on a scheduled basis – Regularly test systems for new vulnerabilities. – Enforce the regular analysis of log files to detect unauthorized actions.
  • 19.
    Vulnerability Assessment ToolsVulnerabilityAssessment Tools • Regular tests ensure that systems are protected from new vulnerabilities. • Vulnerability Assessment tools have databases with thousands of vulnerabilities. • Frequent update of these tools are necessary. • Two types of VA tools • Internet Based Services • Network Internal • Some of these tools offer compliance scans with different standards i.e. PCI • VA tools allows managers to schedule automated assessment jobs. • Reports from these tools are used to patch vulnerable systems and/or develop strategic security plans. • Reports can also be submitted to Security Auditors.
  • 20.
    Policy CompliancePolicy Compliance •Enterprises are finding that implementing new regulatory policies and procedures in an automated and efficient manner is very challenging. • The effort of translating the policy into actual technical controls and triggers is complicated and cumbersome • Policy Compliant platforms connect to corporate systems and test system configuration against pre specified security policies (i.e. size and type of passwords, Administrator access type) • Policy Compliance platforms: • Assist Enterprises to maintain configuration baseline over time. • Maps industry-accepted frameworks, standards (i.e. ISO27001, PCI, SoX) and corporate policies to a set of technical controls and policies • Provide assessment of heterogeneous systems (i.e. Unix, Windows). • Provide risk-based reports and proposed remediation techniques. • Improve Operational Cost and ensure policy compliance. • Prove Compliance to internal and external Auditors
  • 21.
    Monitoring and AnalysisMonitoringand Analysis • Enterprise IT Infrastructure elements provide a number of Audit/log records • Logs grow large to be viewed using manual techniques • Log and audit data are usually written in the local platforms • Cross platform analysis of log data are almost impossible • Monitoring tools collect records from different platforms. • Collected logs can be correlated, analyzed and viewed in real time. • Provide advance visualization techniques of the status of the Infrastructure • Forensics analysis help respond to security incidents and identify malicious acts. • Help Engineers in detecting and solving network problems. • Assist in the Audit process by being able to produce proofs. • Provides an "information warehouse" for corporate data that can be mined as a knowledge resource using built-in index and search technologies
  • 22.
    AgendaAgenda • Information Security •ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection
  • 23.
    Endpoint SecurityEndpoint Security •Today Enterprise Infrastructures are not isolated • Sales employees use laptop computers and PDAs to connect to the corporate networks. • Teleworking is a new trend to reduce corporate OpEx • Standby engineers use laptop to connect to the corporate networks almost daily. • Threats to the endpoints can be easily provide a door for adversaries to access the corporate network (e.g. Virus, Trojan Horses, Unpatched Systems). • Endpoint security software ensures that endpoints are compliant with the corporate security Policy: • Endpoint security provides central control over the endpoint devices used by employees and partners. • Spec aliased endpoint clients can be installed on the enterprise Critical Infrastructure Servers. • Host Intrusion Protection • Antivirus • Buffer Overflow Protection • File/Disk Encryption • Personal Firewall • Application Control • Host Integrity Checking • Patch Management
  • 24.
    Endpoint SecurityEndpoint Security 24 Mobile User SSL VPN On-Demand NAC Wireless On-Demand and 802.1x NAC Mobile User or Guest Home User Partner or Supplier Web Application On-Demand NAC WAN Router In Line NAC Ethernet 802.1x NAC Ethernet DHCP NAC Remote Office Embedded Windows Device Wired User Wired User IPSec VPN API NAC
  • 25.
    Access ControlAccess Control •Enterprises today based their business almost solely on the data stored in their IT Systems. • Controlling access on these data is vital for the protection of the Enterprise. • Access Control platforms allow Administrators to centrally control and enforce access on the Corporate data: • Enforce access accountability and segregation of duties • Centrally apply access control policies and rules to reduce administrative cost and complexity • Enforce fine level of control on • Files and Folders • Processes • Privileged Programs • Network Connections • Terminals • Reduce cross-platform management overhead and meet internal and external audit requirement • Access control tools required that a defined access control policy exist
  • 26.
    Data LeakageData Leakage •Data leakage tools provide finer level of control on the access restrictions allowed on the corporate data. • Data leakage enforces the corporate access control policy by providing deep content inspection: • Automated discovery of corporate confidential information stored on endpoints and servers. • Network Scan to detect and stop confidential information transmitted using different types of applications and protocols e.g. IM, Emails, HTTP,FTP. • Controls the distribution of information using USB Drives, CDROMS, Emails, and printouts at the point of use where information is accessed and stored. • Display alerts for data access violation and develop Incident Response Workflows. • Control data input /output from heterogeneous applications and databases. • Provide a cost effective way to receive Standards Compliance for Legacy and Web Applications. EMAIL & WEB UPLOADS IM / FTP / P2P FILE TRANSFER REMOVABLE MEDIA (CD, USB…) HARDCOPY (Printers, PDF) NETWORK RESOURCES LEGACY APPS ENTERPRISE APPLICATIONS (Clipboard, Exports) UNSTRUCTURED DATA & FILE SHARING (Copy, Move…)
  • 27.
    INNOVA S.A.INNOVA S.A. AgendaAgenda •Information Security • ISMS • Authentication and Provisioning • Monitoring and Compliance • Data Protection
  • 28.