Multimedia Information Security Architecture Framework

Size: px
Start display at page:

Download "Multimedia Information Security Architecture Framework"

Transcription

1 Multimedia Information Security Architecture Framework Heru Susanto PMC Information Security Technology King Saud University - Kingdom of Saudi Arabia & Indonesian Institute of Sciences Fahad bin Muhaya PMC Information Security Technology King Saud University Riyadh - Kingdom of Saudi Arabia Abstract - This paper presents a state-of-the-art overview of distinguishable approaches, overview of some writings that have themes and a similar discussion, with the background to provide an overview to the readers of control and things related to multimedia information security, all attempting to define multimedia information security architecture, followed by a proposition of requirements for multimedia integrated security architecture. Multimedia information security as part of Information security has holistic approach towards the implementation of information security by introducing the concept and model of multimedia security architecture. Keywords - Multimedia information security, ISA architecture, MISA architecture, PDCA, CIA I. INTRODUCTION In the early days of computing, security breaches mainly included viruses and worms that would flash a message or advertisement on the screen without causing any serious damage to the information or systems being used. Organizations across the globe conduct communication in an interconnected and information rich environment. Security in a company has many forms and variations; operational security, machinery & production security, political security, environmental security, etc [7]. There are many types of data and information to be communicated by the parties that interact. Both type of information are multimedia information and information nonmultimedia. Some aspects will greatly affect the treatment of both types of information above. Multimedia information security is a necessary and absolutely needed to transfer information from one place to another places. In this paper, our contribution is to propose and introduce architecture and security model for multimedia information. This architecture and security model refers to the information security architecture (ISA) which was introduced by Eloff []. Other ISA reference is the architecture that was introduced by Rees [] which has main phases in its architecture. Tudor [9] introduced about risk awareness, the assessment of current controls. Also architecture introduced by Gunnar Paterson [9] regarding Provides a framework for understanding disparate design and process considerations. II. RELATED WORK State of the art of this paper are about information security architecture introduced that provides a framework for understanding disparate design and process considerations; [9] to organize architecture and actions toward improving enterprise security. [] Introduced security architecture includes the process of developing risk awareness, the assessment of current controls, and finally the alignment of current and new controls to meet the organization s information security requirements. This integrated information security architecture (ISA) is the mechanism to ensure that all individuals know their responsibilities and how they need to go about protecting the company s information security resources. [9] His architecture is based on the balanced and holistic mix of five different aspects; there are security infrastructures; security policies, security culture; monitoring compliance; and security program. Referring to the previous paper, we propose a security architecture that focus on multimedia security multimedia information security architecture (MISA). III. ISMS The Information Security Management System (ISMS) is proposed in ISO 7799 Part, also COBIT (00) []. This ISMS is based on the continuous cycle of activities as proposed by the so-called PDCA model (Plan-Do-Check-Act) figure. The ISMS is a cyclic model that aims to ensure that the best practices of an organization are documented, reinforced and improved over time. During the Plan phase, the scope of the ISMS will be defined and the Information Security policy be established. If the organization has a security policy, it will be evaluated in order to determine whether it is still valid and appropriate /0/$ IEEE

2 The Plan Do Check Act process []: Plan phase will establish a security policy and relevant procedures and controls; then prepare a statement of the scope of its application, justifying why the controls were selected and why others were not. The formulation of a security policy is done at e planning stage []. Do phase implements the security policy and relevant procedures approach refers to the ISO 7799 code-ofpractice, which provides a comprehensive set of controls covering aspects such as information security policy, personnel security, network security, business continuity management and compliance. The Check phase implemented assesses and measure the process performance, and report the results to management The Act phase takes appropriate corrective actions. The decision as to what is appropriate depends upon understanding the risks and costs involved. Since risk appraisal includes all organizations and all departments, areas, staff and activities, the rationality and conformity of the appraisal is still a topic for research []. Understanding the risk means knowing what the assets are, what the possible threats to those assets are, and the likelihood and possible impact of a security breach on the business. The goal of information security is to suitably protect this asset in order to ensure business continuity, minimize business damage, and maximize return on investments [8]. As defined by ISO 7799, information security is characterized as the preservation of CIA []: Confidentiality ensuring that information is accessible only to those authorized to have access. Integrity safeguarding the accuracy and completeness of information and processing methods. Availability ensuring that authorized users have access to information and associated assets when required. V. ISO 7799 Part vs. ISO 7799 Part It is important things to understand the distinctions and differences between Part and Part of the ISO 7799 standard in order to understand the dilemma facing architecture and standardize of information security right issues. Figure : PDCA Model to ISM Process IV. SECURITY MANAGEMENT STANDARD ISO 7799 ISO 7799 is designed to assure the confidentiality, integrity and availability of information assets. ISO 7799 is exclusive to information security, and only addresses that issue []. The key areas identified by ISO 7799 for the implementation of an information security management system are: An information security policy Allocation of information security responsibilities within the organisation Asset classification and control Personnel security, responsibilities and training Physical and environmental security Communications and operational systems security Access controls Part is an implementation guide, based on suggestions. It is used as a means to evaluate and build comprehensive information security infrastructure. It details information security concepts an organization should do. ISO 7799 Part can also be referred to as Information Technology - Code of practice for information security management Part is an auditing guide based on requirements. It details information security concepts an organization shall do. ISO 7799 Part can also be referred to as Information Security Management Systems - Specification with guidance for use. Focused on how to implement an Information security management system (ISMS), referring to the information security management structure and controls identified this rigidity precluded widespread acceptance and support [8]. VI. E-BUSINESS SECURITY ARCHITECTURE Rees et al [] was initially developed for e-commerce activities but has since been adapted to address the security policy needs of any organization involved in information technology and Internet operations. It is important to note that suggest constant feedback throughout all four phases.

3 Each of these phases as indicated below: Assess phase policy assessment and risk assessment Plan phase policy development and requirements definitions Deliver phase definition and implementation of controls Operate phase monitoring of operations, review of trends and management of events VII. INFORMATION SECURITY ARCHITECTURE Tudor [9] introduced security architecture includes the process of developing risk awareness, the assessment of current controls, and finally the alignment of current and new controls to meet the organization s information security requirements. Clearly states that the security architecture is a process, Information Security Architecture is not something one can purchase. This integrated information security architecture (ISA) is the mechanism to ensure that all individuals know their responsibilities and how they need to go about protecting the company s information security resources. The architecture is based on the balanced and holistic mix of five different aspects; there are security infrastructures; security policies, security culture; monitoring compliance; and security program, figure. ISA. Security infrastructure. Security Policies. Security Culture. Monitoring Compliance. Security Program Figure : Information Security Architecture - ISA ISA Figure : Continuous Feed Back Approach for ISA The purpose of the information security architecture is to bring focus to the key areas of concern for the highlighting decision criteria and context for each domain [9]. Figure, provides a framework for understanding disparate design and process considerations; to organize architecture and actions toward improving enterprise security. Policy & Standards Identify Vulnerability Threat Goals Risk Management Data Application Host Network Assurance Security Management Risk Report Domain Figure : Information Security Architecture Blueprint by Gunnar Peterson VIII. MULTIMEDIA INFORMATION SECURITY ARCHITECTURE -MISA After we discussed the various kinds and types of framework and architecture from various kinds of information security and everything related to information security. Now we discuss about the architecture for multimedia information security. Basically multimedia information security is part of information security itself. Multimedia is media and content that uses a combination of different content forms. Multimedia includes a combination of text, audio, still images, animation, video, and interactivity content forms. Multimedia is usually recorded and played, displayed or accessed by information content processing devices, such as computerized and electronic devices, but can also be part of a live performance. Multimedia also describes electronic media devices used to store and experience multimedia content. Multimedia is distinguished from mixed media in fine art; by including audio,

4 for example, it has a broader scope. The term "rich media" is synonymous for interactive multimedia. Hypermedia can be considered one particular multimedia application. IX. PROPOSED MISA In order to meet the requirements of information security [], speed and ease of access to multimedia information retrieval from the place, it is necessary to consider several criteria and parameters that must be met [], which refers to the information security architecture that has been presented by some previous authors. In this paper the author provides alternatives and asks about the multimedia information security architecture (MISA). The MISA is a development of the ISA which has many known and proposed by the authors of previous papers. The development is meant to include a multimedia object, or issue into the existing architecture. To propose Multimedia Information Security Architecture authors take reference from the ISA architecture proposed by Eloff [] which has main components, which in the main component itself occurred updating, monitoring and evaluation of himself, figure. With this reference the author developed MISA architecture has 8 major components. Why 8 components? Because of the multimedia information security has a difficulty level higher than the general security of information issues, figure. ISA architecture introduced by Peterson [9] also has several advantages. In the last stage there is the layer that serves as an evaluation and monitoring of information assurance as an important requirement of information security itself. Figure 6, explained that the multimedia information sharing and security issue - policy has several stages down more detailed it to Encryption to include multimedia information that will be sharing these activities performed by the server (provider), while users are doing Decryption for restore information that has been in encrypt. Intruders can perform actions through a channel or a part that is not secure, as shown figure 7, so do the multimedia safety information through Encryption and Decryption methods are absolutely necessary to maintain the security of multimedia information. This method, often known as the Key and Lock methods, each side, servers and users, has the identical key to open the door of information. Cryptographic algorithms are needed to transform plaintext into ciphertext and vice versa [8] ISA MISA Figure : Proposed of Multimedia Information Security Architecture MISA A. Security Compliance / Governance Recognizing the importance of bringing collaboration and governance process many corporate governance guidelines have been published over the last decade [7]. Realizing that information security is a corporate governance responsibility [6] and clearly a Corporate Governance responsibility [6]. B. Security Program The purpose of security program is to make recommendations for improving the security of computer systems and the information residing on them and provide security initiative recommendations and priorities, and to perform high level threat and risk analysis. Reducing risks is the target of ISMS protection mechanism []. C. Multimedia Information Sharing It is critical to establish relationships and communication, architecture given alternative has developed key relationships. Security infrastructure. Security Policies. Security Culture. Monitoring Compliance. Security Program. Security Infrastructure. Security Policies. Security Culture. Monitoring Compliance. Security Program 6. Multimedia Information Sharing 7. Enterprise Security 8. Security Awareness

5 and started key initiatives to share information with other important and relevant components. Why should involve other components? The answer is because the philosophy of multimedia itself which is a good combination and harmony between the format of data and information in plain text and data or information in the format of audio and video. E. Security Awareness Security awareness training is a vital component of the MISA overall approach. Information security awareness is a dynamic process, made even more difficult in that risks continuously change [0]. MISA is a key issue of the Multi-State Multimedia Information Sharing. The MISA, whose mission is to provide a common mechanism for raising multimedia security readiness, for whole user. D. Enterprise Security Enterprise Architecture has led initiatives to create technology standards. One key goal is to ensure that architecture are using and deploying security technology in a consistent manner. Key security technology standards that have been deployed and managed include: Enterprise Antivirus. A centralized solution resulting in consistent support, consistent enforcement, and enterprise reporting. Enterprise Patch Management. A centralized solution which enables agencies to manage their own patching but allows for enterprise compliance reporting. Enterprise Security Agent. Primarily defense against insider threats and zero-day worms. Internet Content Filtering & Access Control. A standard implementation of a Web filtering solution and enterprise policy to enforce a minimum filter set. Enterprise Administrator Monitoring. Figure 6: Multimedia Information Security Channel Approached by Proposed MISA Figure7: Potential Intruder to Hack Multimedia Unsecure Channel It ensures that users are familiar with information technology security especially in multimedia information security, best practices, policies, procedures and standards as well as the importance of protecting confidential and sensitive information. X. CONCLUSION REMARKS I discussed and showed definitions on keywords used in multimedia information security architecture -MISA. I showed step by step how I came MISA management and theory. The theory is about how to finding and coolaborate ISA architecture, security awareness and governance for defining multimedia information security itself. XI. REFERENCES [] Andrew Ren-Wei Fung, Kwo-Jean Farn & Abe C. Lin. Paper: a study on the certification of the information security management system. Computer Standards & Interfaces (00) 7-6. Elsevier Science Ltd. [] A. Da Veiga & J.H.P. Eloff A Framework and assessment instrument for information security culture. Computer & Security XXX (009) -. Elsevier Science Ltd. [] Basie Von Solms. 00. Information Security A Multidimensional Discipline. Computer & Security 0(00) Elsevier Science Ltd. [] Basie von Solms. 00. Information Security Governance: COBIT or ISO 7799 or both? Computer & Security Journal. Elsevier. Science Direct. [] Basie von Solms. 00. Information Security Governance Compliance Management vs Operational Management. Computer & Security Journal. Elsevier. Science Direct. [6] Basie von Solms & Rossouw von Solms. 00. The 0 deadly sins of Information Security Management. Computer & Security (00) Elsevier Science Ltd. [7] Debi Ashenden Information Security Management: A Human Challenge? Information Security Technical Report (008) 9-0. Elsevier Science Ltd. [8] Denis Trcek. 00. An integral framework for information system security management. Computer & Security (00) Elsevier Science Ltd. [9] Gunnar Peterson Security Architecture Blueprint. Arctec Group

6 [0] H.A. Kruger & W.D. Kearney. A Prototype for assessing information security. Computer & Security (006) Elsevier Science Ltd. [] J.H.P. Eloff, M.M. Eloff. 00. Information Security Architecture. Computer Fraud & Security. [] Kwo-Jean Farn. Shu-Kuo Lin & Andrew Ren-Wei Fung. 00. A Study on information security management evaluation-assets, threat and vulnerability. Computer Standards & Interfaces 6 (00) 0-. Elsevier Science Ltd. [] Maria Karyda, Evangelos Kiountouzis & Spyros Kokolakis. 00. Information System Security Policies: a Contextual Perspective. Computer & Security (00) Elsevier Science Ltd. [] Mikko Siponen & Robert Willison Information security standards: Problems and Solution. Information & Management 6(009) Elsevier Science Ltd. [] Rees J, Bandyopadhyay S & Spafford EH. 00 PFIRES: A Policy Framework for Information Security. Communications of the ACM July 00/Vol.6 (7) pp [6] Rossouw von Solmsa, S.H. (Basie) von Solmsb Information security governance: Due care. Computer & Security Journal. Elsevier. Science Direct. [7] Thomas Finne A conceptual Framework for Information Security Management. Computer & Security, 7 (998) Elsevier Science Ltd. [8] Tom Carlson. 00. Information Security Management: Understanding ISO Lucent Technologies Worldwide Services. [9] Tudor JK Information Security Architecture. Proceedings of the 6th International Conference on Software Engineering (ICSE 0) 070-7/0 $ IEEE.

I-SolFramework: An Integrated Solution Framework Six Layers Assessment on Multimedia Information Security Architecture Policy Compliance

I-SolFramework: An Integrated Solution Framework Six Layers Assessment on Multimedia Information Security Architecture Policy Compliance International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 12 No: 01 20 I-SolFramework: An Integrated Solution Framework Six Layers Assessment on Multimedia Information Architecture Policy

More information

Information security governance control through comprehensive policy architectures

Information security governance control through comprehensive policy architectures Information security governance control through comprehensive policy architectures Rossouw Von Solms Director: Institute of ICT Advancement NMMU Port Elizabeth, South Africa rossouw.vonsolms@nmmu.ac.za

More information

Heru Susanto 123, Mohammad Nabil Almunawar 1, Yong Chee Tuan 1, Mehmet Sabih Aksoy 3 and Wahyudin P Syam 4

Heru Susanto 123, Mohammad Nabil Almunawar 1, Yong Chee Tuan 1, Mehmet Sabih Aksoy 3 and Wahyudin P Syam 4 Integrated Solution Modeling Software: A New Paradigm on Information Security Review and Assessment Heru Susanto 123, Mohammad Nabil Almunawar 1, Yong Chee Tuan 1, Mehmet Sabih Aksoy 3 and Wahyudin P Syam

More information

Integrated Solution Modeling Software: A New Paradigm on Information Security Review and Assessment

Integrated Solution Modeling Software: A New Paradigm on Information Security Review and Assessment Integrated Solution Modeling Software: A New Paradigm on Information Security Review and Assessment Heru Susanto 123, Mohammad Nabil Almunawar 1, Yong Chee Tuan 1, Mehmet Sabih Aksoy 3 and Wahyudin P Syam

More information

This is the author s version of a work that was submitted/accepted for publication in the following source:

This is the author s version of a work that was submitted/accepted for publication in the following source: This is the author s version of a work that was submitted/accepted for publication in the following source: Corpuz, Maria (2011) The enterprise information security policy as a strategic within the corporate

More information

Methodological approach to security awareness program

Methodological approach to security awareness program Methodological approach to security awareness program Abstract Predrag Tasevski Security in Computer Systems and Communications Eurecom, France e-mail: tasevski@eurecom.fr Currently, humans coupled with

More information

Secure USB Flash Drive. Biometric & Professional Drives

Secure USB Flash Drive. Biometric & Professional Drives Secure USB Flash Drive Biometric & Professional Drives I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE FLASH DRIVE... 3 DESCRIPTION... 3 IV. MODULES OF SECURE

More information

Integrated Information Management Systems

Integrated Information Management Systems Integrated Information Management Systems Ludk Novák ludek.novak@anect.com ANECT a.s. Brno, Czech Republic Abstract The article tries to find consensus in these tree different types of the systems the

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

Information Security Management System for Cloud Computing

Information Security Management System for Cloud Computing ICT Innovations 2011 Web Proceedings ISSN 1857-7288 49 Information Security Management System for Cloud Computing Sashko Ristov, Marjan Gushev, and Magdalena Kostoska Ss. Cyril and Methodius University

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

Security aspects of e-tailing. Chapter 7

Security aspects of e-tailing. Chapter 7 Security aspects of e-tailing Chapter 7 1 Learning Objectives Understand the general concerns of customers concerning security Understand what e-tailers can do to address these concerns 2 Players in e-tailing

More information

A WEB SECURITY SYSTEM MODEL TO ASSIST CIS/MIS COURSES DESIGN

A WEB SECURITY SYSTEM MODEL TO ASSIST CIS/MIS COURSES DESIGN A WEB SECURITY SYSTEM MODEL TO ASSIST CIS/MIS COURSES DESIGN Kuan C. Chen, Ph.D. School of Management Purdue University Calumet E-mail: kchen@calumet.purdue.edu ABSTRACT This paper demonstrates a model

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges Agenda Overview of Information Security Management Information

More information

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, 2013. p i.

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, 2013. p i. New York, NY, USA: Basic Books, 2013. p i. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=2 New York, NY, USA: Basic Books, 2013. p ii. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=3 New

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Concepts for a standard based crossorganizational information security management system in the context of a nationwide EHR

Concepts for a standard based crossorganizational information security management system in the context of a nationwide EHR Concepts for a standard based crossorganizational information security management system in the context of a nationwide EHR Alexander Mense University of Applied Sciences Technikum Wien MedInfo 2013 August

More information

IT Security. Securing Your Business Investments

IT Security. Securing Your Business Investments Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information

More information

An Approach to Information Security Management

An Approach to Information Security Management An Approach to Information Security Management Anene L. Nnolim, Annette L. Steenkamp College of Management Lawrence Technological University Abstract This paper reports on part of a doctoral dissertation

More information

Road map for ISO 27001 implementation

Road map for ISO 27001 implementation ROAD MAP 1 (5) ISO 27001 adopts the "Plan-Do-Check-Act" (PDCA) model, which is applied to structure all ISMS processes: PDCA Plan (establish the ISMS) Do (implement and operate the ISMS) Descriprion Establish

More information

SecSDM: A Model for Integrating Security into the Software Development Life Cycle

SecSDM: A Model for Integrating Security into the Software Development Life Cycle SecSDM: A Model for Integrating Security into the Software Development Life Cycle Lynn Futcher, Rossouw von Solms Centre for Information Security Studies, Nelson Mandela Metropolitan University, Port Elizabeth,

More information

Executive's Guide to

Executive's Guide to Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

ISMS Implementation Guide

ISMS Implementation Guide atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-615-7300 Fax: 512-615-7301 www.atsec.com ISMS Implementation Guide atsec information security ISMS Implementation

More information

IT Security Management 100 Success Secrets

IT Security Management 100 Success Secrets IT Security Management 100 Success Secrets 100 Most Asked Questions: The Missing IT Security Management Control, Plan, Implementation, Evaluation and Maintenance Guide Lance Batten IT Security Management

More information

An Analysis of Data Security Threats and Solutions in Cloud Computing Environment

An Analysis of Data Security Threats and Solutions in Cloud Computing Environment An Analysis of Data Security Threats and Solutions in Cloud Computing Environment Rajbir Singh 1, Vivek Sharma 2 1, 2 Assistant Professor, Rayat Institute of Engineering and Information Technology Ropar,

More information

VARIABILITY MODELING FOR CUSTOMIZABLE SAAS APPLICATIONS

VARIABILITY MODELING FOR CUSTOMIZABLE SAAS APPLICATIONS VARIABILITY MODELING FOR CUSTOMIZABLE SAAS APPLICATIONS Ashraf A. Shahin 1, 2 1 College of Computer and Information Sciences, Al Imam Mohammad Ibn Saud Islamic University (IMSIU) Riyadh, Kingdom of Saudi

More information

Strategic Information Systems Planning : A Brief Review

Strategic Information Systems Planning : A Brief Review IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.5, May 2011 179 Strategic Information Systems Planning : A Brief Review Fahad N. Al-Aboud King Saud University, Riyadh Kingdom

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 14 Risk Mitigation Objectives Explain how to control risk List the types of security policies Describe how awareness and training

More information

PCI Data Security Standards (DSS)

PCI Data Security Standards (DSS) ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants

More information

Information Security Awareness Training

Information Security Awareness Training Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information

More information

GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001

GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001 1 GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001 Tolga MATARACIOGLU 1 and Sevgi OZKAN 2 1 TUBITAK National Research Institute of Electronics and Cryptology (UEKAE), Department of

More information

Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013

Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013 Transition guide Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013 The new international standard for information security management systems ISO/IEC 27001 - Information Security Management - Transition

More information

CONTENTS. 1.0 Introduction

CONTENTS. 1.0 Introduction CONTENTS 1.0 Introduction 2.0 Why we are different? 2.1 What can a Firewall do? 2.2 What can an Intrusion Detection System do? 2.3 What can a Mail Security System do? 2.4 What can Defencity NetSecure do?

More information

Data Leakage: What You Need to Know

Data Leakage: What You Need to Know Data Leakage: What You Need to Know by Faith M. Heikkila, Pivot Group Information Security Consultant Data leakage is a silent type of threat. Your employee as an insider can intentionally or accidentally

More information

I. Introduction to Privacy: Common Principles and Approaches

I. Introduction to Privacy: Common Principles and Approaches I. Introduction to Privacy: Common Principles and Approaches A. A Modern History of Privacy a. Descriptions and definitions b. Historical and social origins c. Information types i. Personal and non-personal

More information

November Version 01.3

November Version 01.3 November 2012 Version 01.3 The Experts in certifying Professionals e-mail: info@peoplecert.org, www.peoplecert.org Copyright 2012 PEOPLECERT International Ltd. All rights reserved. No part of this publication

More information

Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University.

Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University. Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University P a g e 1 P a g e 2 Table of Contents Abstract... 3 Introduction... 3 Previous

More information

Achieving Compliance with the PCI Data Security Standard

Achieving Compliance with the PCI Data Security Standard Achieving Compliance with the PCI Data Security Standard June 2006 By Alex Woda, MBA, CISA, QDSP, QPASP This article describes the history of the Payment Card Industry (PCI) data security standards (DSS),

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

Basics of Internet Security

Basics of Internet Security Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational

More information

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Information Security in Big Data using Encryption and Decryption

Information Security in Big Data using Encryption and Decryption International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842 Information Security in Big Data using Encryption and Decryption SHASHANK -PG Student II year MCA S.K.Saravanan, Assistant Professor

More information

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY HTTP://SCIENCE.HAMPTONU.EDU/COMPSCI/ The Master of Science in Information Assurance focuses on providing

More information

Evaluate the Usability of Security Audits in Electronic Commerce

Evaluate the Usability of Security Audits in Electronic Commerce Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka

More information

Achieving SOX Compliance with Masergy Security Professional Services

Achieving SOX Compliance with Masergy Security Professional Services Achieving SOX Compliance with Masergy Security Professional Services The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called

More information

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all

More information

Security Threat Risk Assessment: the final key piece of the PIA puzzle

Security Threat Risk Assessment: the final key piece of the PIA puzzle Security Threat Risk Assessment: the final key piece of the PIA puzzle Curtis Kore, Information Security Analyst Angela Swan, Director, Information Security Agenda Introduction Current issues The value

More information

White Paper: Cloud Security. Cloud Security

White Paper: Cloud Security. Cloud Security White Paper: Cloud Security Cloud Security Introduction Due to the increase in available bandwidth and technological advances in the area of virtualisation, and the desire of IT managers to provide dynamically

More information

ISO/IEC 27002 INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management

ISO/IEC 27002 INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 27002 First edition 2005-06-15 Information technology Security techniques Code of practice for information security

More information

Information Security Measurement Roles and Responsibilities

Information Security Measurement Roles and Responsibilities Information Security Measurement Roles and Responsibilities Margareth Stoll and Ruth Breu Abstract An adequate information security management system (ISMS) to minimize business risks and maximize return

More information

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY 229 Information Security Fundamentals

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY 229 Information Security Fundamentals RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE CISY 229 Information Security Fundamentals I. Basic Course Information A. Course Number & Title: CISY-229 Information Security Fundamentals B. New or Modified

More information

Aadhaar. Security Policy & Framework for UIDAI Authentication. Version 1.0. Unique Identification Authority of India (UIDAI)

Aadhaar. Security Policy & Framework for UIDAI Authentication. Version 1.0. Unique Identification Authority of India (UIDAI) Aadhaar Security Policy & Framework for UIDAI Authentication Version 1.0 Unique Identification Authority of India (UIDAI) Table of Contents ACRONYMS AND TERMS... 3 1. INTRODUCTION... 4 2. SECURITY CONSIDERATION...

More information

IT Security Procedure

IT Security Procedure IT Security Procedure 1. Purpose This Procedure outlines the process for appropriate security measures throughout the West Coast District Health Board (WCDHB) Information Systems. 2. Application This Procedure

More information

This is a free 15 page sample. Access the full version online.

This is a free 15 page sample. Access the full version online. AS/NZS ISO/IEC 17799:2001 This Joint Australian/New Zealand Standard was prepared by Joint Technical Committee IT-012, Information Systems, Security and Identification Technology. It was approved on behalf

More information

HEC Security & Compliance

HEC Security & Compliance HEC Security & Compliance SAP Security, Risk & Compliance Office November, 2014 Public Version 2.0 Details Introduction Overview Security Offering Approach Certifications Introduction Dear Customer, Information

More information

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security

More information

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES SOX COMPLIANCE Achieving SOX Compliance with Professional Services The Sarbanes-Oxley (SOX)

More information

Information Technology Security Program

Information Technology Security Program Information Technology Security Program Office of the CIO December, 2008 1 AGENDA What is it? Why do we need it? An international Standard Program Components Current Status Next Steps 2 What is It? A Policy

More information

Technical Standards for Information Security Measures for the Central Government Computer Systems

Technical Standards for Information Security Measures for the Central Government Computer Systems Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

More information

Information Security Development Trends

Information Security Development Trends Information Security Development Trends E. von Solms a Prof J.H.P Eloff b b a Department Computer Science and Information Systems, University of South Africa, Pretoria, SA, vsolme@unisa.ac.za Department

More information

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Risk Analysis in Skype Software Security

Risk Analysis in Skype Software Security Risk Analysis in Skype Software Security Afnan AlOmrani, Rasheed AlZahrani, Eyas ElQawasmeh Information System Department College of Computer and Information Sciences King Saud University Riyadh, Saudi

More information

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

AN OVERVIEW OF INFORMATION SECURITY STANDARDS AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction Contents Acknowledgments Introduction 1. Governance Overview How Do We Do It? What Do We 1 Get Out of It? 1.1 What Is It? 1 1.2 Back to Basics 2 1.3 Origins of Governance 3 1.4 Governance Definition 5

More information

A Model for Improving e-security in Australian Universities

A Model for Improving e-security in Australian Universities 1 and 2 1 Queensland University of Technology, Information Security Institute, l.may@qut.edu.au 2 Queensland University of Technology, Information Security Institute, tlane@scu.edu.au Received 04 December

More information

Vs Encryption Suites

Vs Encryption Suites Vs Encryption Suites Introduction Data at Rest The phrase "Data at Rest" refers to any type of data, stored in the form of electronic documents (spreadsheets, text documents, etc.) and located on laptops,

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

INTERNATIONAL JOURNAL OF ADVANCES IN COMPUTING AND INFORMATION TECHNOLOGY An International online open access peer reviewed journal

INTERNATIONAL JOURNAL OF ADVANCES IN COMPUTING AND INFORMATION TECHNOLOGY An International online open access peer reviewed journal INTERNATIONAL JOURNAL OF ADVANCES IN COMPUTING AND INFORMATION TECHNOLOGY An International online open access peer reviewed journal Research Article ISSN 2277 9140 ABSTRACT An e-college Time table Retrieval

More information

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire

More information

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure IBM Global Small and Medium Business Keep Your IT Infrastructure and Assets Secure Contents 2 Executive overview 4 Monitor IT infrastructure to prevent malicious threats 5 Protect IT assets and information

More information

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles

More information

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002 INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before

More information

Security metrics to improve information security management

Security metrics to improve information security management Security metrics to improve information security management Igli TASHI, Solange GHERNAOUTIHÉLIE HEC Business School University of Lausanne Switzerland Abstract The concept of security metrics is a very

More information

Network & Information Security Policy

Network & Information Security Policy Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk

More information

DeltaV System Cyber-Security

DeltaV System Cyber-Security January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...

More information

A Method for Eliciting Security Requirements from the Business Process Models

A Method for Eliciting Security Requirements from the Business Process Models A Method for Eliciting Security Requirements from the Business Process Models Naved Ahmed and Raimundas Matulevičius Institute of Computer Science, University of Tartu J. Liivi 2, 50409 Tartu, Estonia

More information

INFORMATION SECURITY AWARENESS: Baseline Education and Certification

INFORMATION SECURITY AWARENESS: Baseline Education and Certification INFORMATION SECURITY AWARENESS: Baseline Education and Certification LINDIE DU PLESSIS AND ROSSOUW VON SOLMS Port Elizabeth Technikon, s9944977@student.petech.ac.za rossouw@petech.ac.za Key words: Information

More information

Logging the Pillar of Compliance

Logging the Pillar of Compliance WHITEPAPER Logging the Pillar of Compliance Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 Open-eyed management 4 ISO 27001 5 PCI DSS 5 Sarbanes

More information

The Human Factor of Cyber Crime and Cyber Security

The Human Factor of Cyber Crime and Cyber Security The Human Factor of Cyber Crime and Cyber Security Challenges: September 11th has marked an important turning point that exposed new types of security threats and disclosed how cyber criminals pursuit

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Analyzing the Content Protection Mechanisms in Open Source Web Content Management Systems

Analyzing the Content Protection Mechanisms in Open Source Web Content Management Systems Analyzing the Content Protection Mechanisms in Open Source Web Content Management Systems Fatma Al-Terkestany, Samir El-Masri Information Systems Department College of Computer & Information Sciences King

More information

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance

More information

(Instructor-led; 3 Days)

(Instructor-led; 3 Days) Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of

More information

Management Standards for Information Security Measures for the Central Government Computer Systems

Management Standards for Information Security Measures for the Central Government Computer Systems Management Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 1.1 General...

More information

Supporting FISMA and NIST SP 800-53 with Secure Managed File Transfer

Supporting FISMA and NIST SP 800-53 with Secure Managed File Transfer IPSWITCH FILE TRANSFER WHITE PAPER Supporting FISMA and NIST SP 800-53 with Secure Managed File Transfer www.ipswitchft.com Adherence to United States government security standards can be complex to plan

More information

Metrics to Assess and Manage Software Application Security Risk. M. Sahinoglu, S. Stockton, S. Morton, P. Vasudev, M. Eryilmaz

Metrics to Assess and Manage Software Application Security Risk. M. Sahinoglu, S. Stockton, S. Morton, P. Vasudev, M. Eryilmaz Metrics to Assess and Manage Software Application Security Risk M. Sahinoglu, S. Stockton, S. Morton, P. Vasudev, M. Eryilmaz Auburn University at Montgomery (AUM) and ATILIM University, Ankara msahinog@aum.edu,

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

10 Hidden IT Risks That Threaten Your Financial Services Firm

10 Hidden IT Risks That Threaten Your Financial Services Firm Your firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your business without IT. Today,

More information

Our Commitment to Information Security

Our Commitment to Information Security Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as

More information

Policy Title: HIPAA Security Awareness and Training

Policy Title: HIPAA Security Awareness and Training Policy Title: HIPAA Security Awareness and Training Number: TD-QMP-7011 Subject: HIPAA Security Awareness and Training Primary Department: TennDent/Quality Monitoring/Improvement Effective Date of Policy:

More information

A New Proposed Software Engineering Methodologyfor Healthcare Applications Development

A New Proposed Software Engineering Methodologyfor Healthcare Applications Development Vol. 3, Issue. 3, May.-June. 2013 pp-1566-1570 ISSN: 2249-6645 A New Proposed Software Engineering Methodologyfor Healthcare Applications Development Abdullah Al-Dahmash, Samir El-Masri Department of Information

More information

Local email server VS Cloud email service A real scenario

Local email server VS Cloud email service A real scenario Local email server VS Cloud email service A real scenario Contents 1. Introduction... 3 2. In- house email solution design... 3 3. Problem... 5 4. New infrastructure... 5 a. Time of completion... 6 b.

More information

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance 3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security

More information

University of Pittsburgh Security Assessment Questionnaire (v1.5)

University of Pittsburgh Security Assessment Questionnaire (v1.5) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided

More information