Multimedia Information Security Architecture Framework
|
|
- Whitney Fleming
- 8 years ago
- Views:
Transcription
1 Multimedia Information Security Architecture Framework Heru Susanto PMC Information Security Technology King Saud University - Kingdom of Saudi Arabia & Indonesian Institute of Sciences hsusanto@ksu.edu.sa Fahad bin Muhaya PMC Information Security Technology King Saud University Riyadh - Kingdom of Saudi Arabia fmuhaya@ksu.edu.sa Abstract - This paper presents a state-of-the-art overview of distinguishable approaches, overview of some writings that have themes and a similar discussion, with the background to provide an overview to the readers of control and things related to multimedia information security, all attempting to define multimedia information security architecture, followed by a proposition of requirements for multimedia integrated security architecture. Multimedia information security as part of Information security has holistic approach towards the implementation of information security by introducing the concept and model of multimedia security architecture. Keywords - Multimedia information security, ISA architecture, MISA architecture, PDCA, CIA I. INTRODUCTION In the early days of computing, security breaches mainly included viruses and worms that would flash a message or advertisement on the screen without causing any serious damage to the information or systems being used. Organizations across the globe conduct communication in an interconnected and information rich environment. Security in a company has many forms and variations; operational security, machinery & production security, political security, environmental security, etc [7]. There are many types of data and information to be communicated by the parties that interact. Both type of information are multimedia information and information nonmultimedia. Some aspects will greatly affect the treatment of both types of information above. Multimedia information security is a necessary and absolutely needed to transfer information from one place to another places. In this paper, our contribution is to propose and introduce architecture and security model for multimedia information. This architecture and security model refers to the information security architecture (ISA) which was introduced by Eloff []. Other ISA reference is the architecture that was introduced by Rees [] which has main phases in its architecture. Tudor [9] introduced about risk awareness, the assessment of current controls. Also architecture introduced by Gunnar Paterson [9] regarding Provides a framework for understanding disparate design and process considerations. II. RELATED WORK State of the art of this paper are about information security architecture introduced that provides a framework for understanding disparate design and process considerations; [9] to organize architecture and actions toward improving enterprise security. [] Introduced security architecture includes the process of developing risk awareness, the assessment of current controls, and finally the alignment of current and new controls to meet the organization s information security requirements. This integrated information security architecture (ISA) is the mechanism to ensure that all individuals know their responsibilities and how they need to go about protecting the company s information security resources. [9] His architecture is based on the balanced and holistic mix of five different aspects; there are security infrastructures; security policies, security culture; monitoring compliance; and security program. Referring to the previous paper, we propose a security architecture that focus on multimedia security multimedia information security architecture (MISA). III. ISMS The Information Security Management System (ISMS) is proposed in ISO 7799 Part, also COBIT (00) []. This ISMS is based on the continuous cycle of activities as proposed by the so-called PDCA model (Plan-Do-Check-Act) figure. The ISMS is a cyclic model that aims to ensure that the best practices of an organization are documented, reinforced and improved over time. During the Plan phase, the scope of the ISMS will be defined and the Information Security policy be established. If the organization has a security policy, it will be evaluated in order to determine whether it is still valid and appropriate /0/$ IEEE
2 The Plan Do Check Act process []: Plan phase will establish a security policy and relevant procedures and controls; then prepare a statement of the scope of its application, justifying why the controls were selected and why others were not. The formulation of a security policy is done at e planning stage []. Do phase implements the security policy and relevant procedures approach refers to the ISO 7799 code-ofpractice, which provides a comprehensive set of controls covering aspects such as information security policy, personnel security, network security, business continuity management and compliance. The Check phase implemented assesses and measure the process performance, and report the results to management The Act phase takes appropriate corrective actions. The decision as to what is appropriate depends upon understanding the risks and costs involved. Since risk appraisal includes all organizations and all departments, areas, staff and activities, the rationality and conformity of the appraisal is still a topic for research []. Understanding the risk means knowing what the assets are, what the possible threats to those assets are, and the likelihood and possible impact of a security breach on the business. The goal of information security is to suitably protect this asset in order to ensure business continuity, minimize business damage, and maximize return on investments [8]. As defined by ISO 7799, information security is characterized as the preservation of CIA []: Confidentiality ensuring that information is accessible only to those authorized to have access. Integrity safeguarding the accuracy and completeness of information and processing methods. Availability ensuring that authorized users have access to information and associated assets when required. V. ISO 7799 Part vs. ISO 7799 Part It is important things to understand the distinctions and differences between Part and Part of the ISO 7799 standard in order to understand the dilemma facing architecture and standardize of information security right issues. Figure : PDCA Model to ISM Process IV. SECURITY MANAGEMENT STANDARD ISO 7799 ISO 7799 is designed to assure the confidentiality, integrity and availability of information assets. ISO 7799 is exclusive to information security, and only addresses that issue []. The key areas identified by ISO 7799 for the implementation of an information security management system are: An information security policy Allocation of information security responsibilities within the organisation Asset classification and control Personnel security, responsibilities and training Physical and environmental security Communications and operational systems security Access controls Part is an implementation guide, based on suggestions. It is used as a means to evaluate and build comprehensive information security infrastructure. It details information security concepts an organization should do. ISO 7799 Part can also be referred to as Information Technology - Code of practice for information security management Part is an auditing guide based on requirements. It details information security concepts an organization shall do. ISO 7799 Part can also be referred to as Information Security Management Systems - Specification with guidance for use. Focused on how to implement an Information security management system (ISMS), referring to the information security management structure and controls identified this rigidity precluded widespread acceptance and support [8]. VI. E-BUSINESS SECURITY ARCHITECTURE Rees et al [] was initially developed for e-commerce activities but has since been adapted to address the security policy needs of any organization involved in information technology and Internet operations. It is important to note that suggest constant feedback throughout all four phases.
3 Each of these phases as indicated below: Assess phase policy assessment and risk assessment Plan phase policy development and requirements definitions Deliver phase definition and implementation of controls Operate phase monitoring of operations, review of trends and management of events VII. INFORMATION SECURITY ARCHITECTURE Tudor [9] introduced security architecture includes the process of developing risk awareness, the assessment of current controls, and finally the alignment of current and new controls to meet the organization s information security requirements. Clearly states that the security architecture is a process, Information Security Architecture is not something one can purchase. This integrated information security architecture (ISA) is the mechanism to ensure that all individuals know their responsibilities and how they need to go about protecting the company s information security resources. The architecture is based on the balanced and holistic mix of five different aspects; there are security infrastructures; security policies, security culture; monitoring compliance; and security program, figure. ISA. Security infrastructure. Security Policies. Security Culture. Monitoring Compliance. Security Program Figure : Information Security Architecture - ISA ISA Figure : Continuous Feed Back Approach for ISA The purpose of the information security architecture is to bring focus to the key areas of concern for the highlighting decision criteria and context for each domain [9]. Figure, provides a framework for understanding disparate design and process considerations; to organize architecture and actions toward improving enterprise security. Policy & Standards Identify Vulnerability Threat Goals Risk Management Data Application Host Network Assurance Security Management Risk Report Domain Figure : Information Security Architecture Blueprint by Gunnar Peterson VIII. MULTIMEDIA INFORMATION SECURITY ARCHITECTURE -MISA After we discussed the various kinds and types of framework and architecture from various kinds of information security and everything related to information security. Now we discuss about the architecture for multimedia information security. Basically multimedia information security is part of information security itself. Multimedia is media and content that uses a combination of different content forms. Multimedia includes a combination of text, audio, still images, animation, video, and interactivity content forms. Multimedia is usually recorded and played, displayed or accessed by information content processing devices, such as computerized and electronic devices, but can also be part of a live performance. Multimedia also describes electronic media devices used to store and experience multimedia content. Multimedia is distinguished from mixed media in fine art; by including audio,
4 for example, it has a broader scope. The term "rich media" is synonymous for interactive multimedia. Hypermedia can be considered one particular multimedia application. IX. PROPOSED MISA In order to meet the requirements of information security [], speed and ease of access to multimedia information retrieval from the place, it is necessary to consider several criteria and parameters that must be met [], which refers to the information security architecture that has been presented by some previous authors. In this paper the author provides alternatives and asks about the multimedia information security architecture (MISA). The MISA is a development of the ISA which has many known and proposed by the authors of previous papers. The development is meant to include a multimedia object, or issue into the existing architecture. To propose Multimedia Information Security Architecture authors take reference from the ISA architecture proposed by Eloff [] which has main components, which in the main component itself occurred updating, monitoring and evaluation of himself, figure. With this reference the author developed MISA architecture has 8 major components. Why 8 components? Because of the multimedia information security has a difficulty level higher than the general security of information issues, figure. ISA architecture introduced by Peterson [9] also has several advantages. In the last stage there is the layer that serves as an evaluation and monitoring of information assurance as an important requirement of information security itself. Figure 6, explained that the multimedia information sharing and security issue - policy has several stages down more detailed it to Encryption to include multimedia information that will be sharing these activities performed by the server (provider), while users are doing Decryption for restore information that has been in encrypt. Intruders can perform actions through a channel or a part that is not secure, as shown figure 7, so do the multimedia safety information through Encryption and Decryption methods are absolutely necessary to maintain the security of multimedia information. This method, often known as the Key and Lock methods, each side, servers and users, has the identical key to open the door of information. Cryptographic algorithms are needed to transform plaintext into ciphertext and vice versa [8] ISA MISA Figure : Proposed of Multimedia Information Security Architecture MISA A. Security Compliance / Governance Recognizing the importance of bringing collaboration and governance process many corporate governance guidelines have been published over the last decade [7]. Realizing that information security is a corporate governance responsibility [6] and clearly a Corporate Governance responsibility [6]. B. Security Program The purpose of security program is to make recommendations for improving the security of computer systems and the information residing on them and provide security initiative recommendations and priorities, and to perform high level threat and risk analysis. Reducing risks is the target of ISMS protection mechanism []. C. Multimedia Information Sharing It is critical to establish relationships and communication, architecture given alternative has developed key relationships. Security infrastructure. Security Policies. Security Culture. Monitoring Compliance. Security Program. Security Infrastructure. Security Policies. Security Culture. Monitoring Compliance. Security Program 6. Multimedia Information Sharing 7. Enterprise Security 8. Security Awareness
5 and started key initiatives to share information with other important and relevant components. Why should involve other components? The answer is because the philosophy of multimedia itself which is a good combination and harmony between the format of data and information in plain text and data or information in the format of audio and video. E. Security Awareness Security awareness training is a vital component of the MISA overall approach. Information security awareness is a dynamic process, made even more difficult in that risks continuously change [0]. MISA is a key issue of the Multi-State Multimedia Information Sharing. The MISA, whose mission is to provide a common mechanism for raising multimedia security readiness, for whole user. D. Enterprise Security Enterprise Architecture has led initiatives to create technology standards. One key goal is to ensure that architecture are using and deploying security technology in a consistent manner. Key security technology standards that have been deployed and managed include: Enterprise Antivirus. A centralized solution resulting in consistent support, consistent enforcement, and enterprise reporting. Enterprise Patch Management. A centralized solution which enables agencies to manage their own patching but allows for enterprise compliance reporting. Enterprise Security Agent. Primarily defense against insider threats and zero-day worms. Internet Content Filtering & Access Control. A standard implementation of a Web filtering solution and enterprise policy to enforce a minimum filter set. Enterprise Administrator Monitoring. Figure 6: Multimedia Information Security Channel Approached by Proposed MISA Figure7: Potential Intruder to Hack Multimedia Unsecure Channel It ensures that users are familiar with information technology security especially in multimedia information security, best practices, policies, procedures and standards as well as the importance of protecting confidential and sensitive information. X. CONCLUSION REMARKS I discussed and showed definitions on keywords used in multimedia information security architecture -MISA. I showed step by step how I came MISA management and theory. The theory is about how to finding and coolaborate ISA architecture, security awareness and governance for defining multimedia information security itself. XI. REFERENCES [] Andrew Ren-Wei Fung, Kwo-Jean Farn & Abe C. Lin. Paper: a study on the certification of the information security management system. Computer Standards & Interfaces (00) 7-6. Elsevier Science Ltd. [] A. Da Veiga & J.H.P. Eloff A Framework and assessment instrument for information security culture. Computer & Security XXX (009) -. Elsevier Science Ltd. [] Basie Von Solms. 00. Information Security A Multidimensional Discipline. Computer & Security 0(00) Elsevier Science Ltd. [] Basie von Solms. 00. Information Security Governance: COBIT or ISO 7799 or both? Computer & Security Journal. Elsevier. Science Direct. [] Basie von Solms. 00. Information Security Governance Compliance Management vs Operational Management. Computer & Security Journal. Elsevier. Science Direct. [6] Basie von Solms & Rossouw von Solms. 00. The 0 deadly sins of Information Security Management. Computer & Security (00) Elsevier Science Ltd. [7] Debi Ashenden Information Security Management: A Human Challenge? Information Security Technical Report (008) 9-0. Elsevier Science Ltd. [8] Denis Trcek. 00. An integral framework for information system security management. Computer & Security (00) Elsevier Science Ltd. [9] Gunnar Peterson Security Architecture Blueprint. Arctec Group
6 [0] H.A. Kruger & W.D. Kearney. A Prototype for assessing information security. Computer & Security (006) Elsevier Science Ltd. [] J.H.P. Eloff, M.M. Eloff. 00. Information Security Architecture. Computer Fraud & Security. [] Kwo-Jean Farn. Shu-Kuo Lin & Andrew Ren-Wei Fung. 00. A Study on information security management evaluation-assets, threat and vulnerability. Computer Standards & Interfaces 6 (00) 0-. Elsevier Science Ltd. [] Maria Karyda, Evangelos Kiountouzis & Spyros Kokolakis. 00. Information System Security Policies: a Contextual Perspective. Computer & Security (00) Elsevier Science Ltd. [] Mikko Siponen & Robert Willison Information security standards: Problems and Solution. Information & Management 6(009) Elsevier Science Ltd. [] Rees J, Bandyopadhyay S & Spafford EH. 00 PFIRES: A Policy Framework for Information Security. Communications of the ACM July 00/Vol.6 (7) pp [6] Rossouw von Solmsa, S.H. (Basie) von Solmsb Information security governance: Due care. Computer & Security Journal. Elsevier. Science Direct. [7] Thomas Finne A conceptual Framework for Information Security Management. Computer & Security, 7 (998) Elsevier Science Ltd. [8] Tom Carlson. 00. Information Security Management: Understanding ISO Lucent Technologies Worldwide Services. [9] Tudor JK Information Security Architecture. Proceedings of the 6th International Conference on Software Engineering (ICSE 0) 070-7/0 $ IEEE.
I-SolFramework: An Integrated Solution Framework Six Layers Assessment on Multimedia Information Security Architecture Policy Compliance
International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 12 No: 01 20 I-SolFramework: An Integrated Solution Framework Six Layers Assessment on Multimedia Information Architecture Policy
More informationInformation security governance control through comprehensive policy architectures
Information security governance control through comprehensive policy architectures Rossouw Von Solms Director: Institute of ICT Advancement NMMU Port Elizabeth, South Africa rossouw.vonsolms@nmmu.ac.za
More informationHeru Susanto 123, Mohammad Nabil Almunawar 1, Yong Chee Tuan 1, Mehmet Sabih Aksoy 3 and Wahyudin P Syam 4
Integrated Solution Modeling Software: A New Paradigm on Information Security Review and Assessment Heru Susanto 123, Mohammad Nabil Almunawar 1, Yong Chee Tuan 1, Mehmet Sabih Aksoy 3 and Wahyudin P Syam
More informationThis is the author s version of a work that was submitted/accepted for publication in the following source:
This is the author s version of a work that was submitted/accepted for publication in the following source: Corpuz, Maria (2011) The enterprise information security policy as a strategic within the corporate
More informationMethodological approach to security awareness program
Methodological approach to security awareness program Abstract Predrag Tasevski Security in Computer Systems and Communications Eurecom, France e-mail: tasevski@eurecom.fr Currently, humans coupled with
More informationIntegrated Solution Modeling Software: A New Paradigm on Information Security Review and Assessment
Integrated Solution Modeling Software: A New Paradigm on Information Security Review and Assessment Heru Susanto 123, Mohammad Nabil Almunawar 1, Yong Chee Tuan 1, Mehmet Sabih Aksoy 3 and Wahyudin P Syam
More informationSecure USB Flash Drive. Biometric & Professional Drives
Secure USB Flash Drive Biometric & Professional Drives I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE FLASH DRIVE... 3 DESCRIPTION... 3 IV. MODULES OF SECURE
More informationInformation Security Management System for Cloud Computing
ICT Innovations 2011 Web Proceedings ISSN 1857-7288 49 Information Security Management System for Cloud Computing Sashko Ristov, Marjan Gushev, and Magdalena Kostoska Ss. Cyril and Methodius University
More informationSecurity aspects of e-tailing. Chapter 7
Security aspects of e-tailing Chapter 7 1 Learning Objectives Understand the general concerns of customers concerning security Understand what e-tailers can do to address these concerns 2 Players in e-tailing
More informationIntegrated Information Management Systems
Integrated Information Management Systems Ludk Novák ludek.novak@anect.com ANECT a.s. Brno, Czech Republic Abstract The article tries to find consensus in these tree different types of the systems the
More informationA WEB SECURITY SYSTEM MODEL TO ASSIST CIS/MIS COURSES DESIGN
A WEB SECURITY SYSTEM MODEL TO ASSIST CIS/MIS COURSES DESIGN Kuan C. Chen, Ph.D. School of Management Purdue University Calumet E-mail: kchen@calumet.purdue.edu ABSTRACT This paper demonstrates a model
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges Agenda Overview of Information Security Management Information
More informationSecure Data Exchange Solution
Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates
More informationSchneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, 2013. p i.
New York, NY, USA: Basic Books, 2013. p i. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=2 New York, NY, USA: Basic Books, 2013. p ii. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=3 New
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationRoad map for ISO 27001 implementation
ROAD MAP 1 (5) ISO 27001 adopts the "Plan-Do-Check-Act" (PDCA) model, which is applied to structure all ISMS processes: PDCA Plan (establish the ISMS) Do (implement and operate the ISMS) Descriprion Establish
More informationExecutive's Guide to
Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationIT Security Management 100 Success Secrets
IT Security Management 100 Success Secrets 100 Most Asked Questions: The Missing IT Security Management Control, Plan, Implementation, Evaluation and Maintenance Guide Lance Batten IT Security Management
More informationAn Analysis of Data Security Threats and Solutions in Cloud Computing Environment
An Analysis of Data Security Threats and Solutions in Cloud Computing Environment Rajbir Singh 1, Vivek Sharma 2 1, 2 Assistant Professor, Rayat Institute of Engineering and Information Technology Ropar,
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 14 Risk Mitigation Objectives Explain how to control risk List the types of security policies Describe how awareness and training
More informationStrategic Information Systems Planning : A Brief Review
IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.5, May 2011 179 Strategic Information Systems Planning : A Brief Review Fahad N. Al-Aboud King Saud University, Riyadh Kingdom
More informationConcepts for a standard based crossorganizational information security management system in the context of a nationwide EHR
Concepts for a standard based crossorganizational information security management system in the context of a nationwide EHR Alexander Mense University of Applied Sciences Technikum Wien MedInfo 2013 August
More informationMoving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013
Transition guide Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013 The new international standard for information security management systems ISO/IEC 27001 - Information Security Management - Transition
More informationSecSDM: A Model for Integrating Security into the Software Development Life Cycle
SecSDM: A Model for Integrating Security into the Software Development Life Cycle Lynn Futcher, Rossouw von Solms Centre for Information Security Studies, Nelson Mandela Metropolitan University, Port Elizabeth,
More informationVARIABILITY MODELING FOR CUSTOMIZABLE SAAS APPLICATIONS
VARIABILITY MODELING FOR CUSTOMIZABLE SAAS APPLICATIONS Ashraf A. Shahin 1, 2 1 College of Computer and Information Sciences, Al Imam Mohammad Ibn Saud Islamic University (IMSIU) Riyadh, Kingdom of Saudi
More informationData Leakage: What You Need to Know
Data Leakage: What You Need to Know by Faith M. Heikkila, Pivot Group Information Security Consultant Data leakage is a silent type of threat. Your employee as an insider can intentionally or accidentally
More informationGOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
1 GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001 Tolga MATARACIOGLU 1 and Sevgi OZKAN 2 1 TUBITAK National Research Institute of Electronics and Cryptology (UEKAE), Department of
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationI. Introduction to Privacy: Common Principles and Approaches
I. Introduction to Privacy: Common Principles and Approaches A. A Modern History of Privacy a. Descriptions and definitions b. Historical and social origins c. Information types i. Personal and non-personal
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationSecurity Threat Risk Assessment: the final key piece of the PIA puzzle
Security Threat Risk Assessment: the final key piece of the PIA puzzle Curtis Kore, Information Security Analyst Angela Swan, Director, Information Security Agenda Introduction Current issues The value
More informationInformation Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University.
Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University P a g e 1 P a g e 2 Table of Contents Abstract... 3 Introduction... 3 Previous
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationMASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY
MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY HTTP://SCIENCE.HAMPTONU.EDU/COMPSCI/ The Master of Science in Information Assurance focuses on providing
More informationAchieving SOX Compliance with Masergy Security Professional Services
Achieving SOX Compliance with Masergy Security Professional Services The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called
More informationInformation Security Measurement Roles and Responsibilities
Information Security Measurement Roles and Responsibilities Margareth Stoll and Ruth Breu Abstract An adequate information security management system (ISMS) to minimize business risks and maximize return
More informationIT Security. Securing Your Business Investments
Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information
More informationThis is a free 15 page sample. Access the full version online.
AS/NZS ISO/IEC 17799:2001 This Joint Australian/New Zealand Standard was prepared by Joint Technical Committee IT-012, Information Systems, Security and Identification Technology. It was approved on behalf
More informationRARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY 229 Information Security Fundamentals
RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE CISY 229 Information Security Fundamentals I. Basic Course Information A. Course Number & Title: CISY-229 Information Security Fundamentals B. New or Modified
More informationISMS Implementation Guide
atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-615-7300 Fax: 512-615-7301 www.atsec.com ISMS Implementation Guide atsec information security ISMS Implementation
More informationInformation Security Awareness Training
Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information
More informationAadhaar. Security Policy & Framework for UIDAI Authentication. Version 1.0. Unique Identification Authority of India (UIDAI)
Aadhaar Security Policy & Framework for UIDAI Authentication Version 1.0 Unique Identification Authority of India (UIDAI) Table of Contents ACRONYMS AND TERMS... 3 1. INTRODUCTION... 4 2. SECURITY CONSIDERATION...
More informationUnified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES
Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES SOX COMPLIANCE Achieving SOX Compliance with Professional Services The Sarbanes-Oxley (SOX)
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationInformation Technology Security Program
Information Technology Security Program Office of the CIO December, 2008 1 AGENDA What is it? Why do we need it? An international Standard Program Components Current Status Next Steps 2 What is It? A Policy
More informationInformation Security Development Trends
Information Security Development Trends E. von Solms a Prof J.H.P Eloff b b a Department Computer Science and Information Systems, University of South Africa, Pretoria, SA, vsolme@unisa.ac.za Department
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationCOPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction
Contents Acknowledgments Introduction 1. Governance Overview How Do We Do It? What Do We 1 Get Out of It? 1.1 What Is It? 1 1.2 Back to Basics 2 1.3 Origins of Governance 3 1.4 Governance Definition 5
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationVs Encryption Suites
Vs Encryption Suites Introduction Data at Rest The phrase "Data at Rest" refers to any type of data, stored in the form of electronic documents (spreadsheets, text documents, etc.) and located on laptops,
More informationAchieving Compliance with the PCI Data Security Standard
Achieving Compliance with the PCI Data Security Standard June 2006 By Alex Woda, MBA, CISA, QDSP, QPASP This article describes the history of the Payment Card Industry (PCI) data security standards (DSS),
More informationPRINCIPLES AND PRACTICE OF INFORMATION SECURITY
PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles
More informationIBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure
IBM Global Small and Medium Business Keep Your IT Infrastructure and Assets Secure Contents 2 Executive overview 4 Monitor IT infrastructure to prevent malicious threats 5 Protect IT assets and information
More informationA Method for Eliciting Security Requirements from the Business Process Models
A Method for Eliciting Security Requirements from the Business Process Models Naved Ahmed and Raimundas Matulevičius Institute of Computer Science, University of Tartu J. Liivi 2, 50409 Tartu, Estonia
More informationSecurity metrics to improve information security management
Security metrics to improve information security management Igli TASHI, Solange GHERNAOUTIHÉLIE HEC Business School University of Lausanne Switzerland Abstract The concept of security metrics is a very
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?
ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationEMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES
EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance
More informationSupporting FISMA and NIST SP 800-53 with Secure Managed File Transfer
IPSWITCH FILE TRANSFER WHITE PAPER Supporting FISMA and NIST SP 800-53 with Secure Managed File Transfer www.ipswitchft.com Adherence to United States government security standards can be complex to plan
More informationWhite Paper: Cloud Security. Cloud Security
White Paper: Cloud Security Cloud Security Introduction Due to the increase in available bandwidth and technological advances in the area of virtualisation, and the desire of IT managers to provide dynamically
More information(Instructor-led; 3 Days)
Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of
More information10 Hidden IT Risks That Threaten Your Financial Services Firm
Your firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your business without IT. Today,
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationPolicy Title: HIPAA Security Awareness and Training
Policy Title: HIPAA Security Awareness and Training Number: TD-QMP-7011 Subject: HIPAA Security Awareness and Training Primary Department: TennDent/Quality Monitoring/Improvement Effective Date of Policy:
More informationLocal email server VS Cloud email service A real scenario
Local email server VS Cloud email service A real scenario Contents 1. Introduction... 3 2. In- house email solution design... 3 3. Problem... 5 4. New infrastructure... 5 a. Time of completion... 6 b.
More informationIT Security Procedure
IT Security Procedure 1. Purpose This Procedure outlines the process for appropriate security measures throughout the West Coast District Health Board (WCDHB) Information Systems. 2. Application This Procedure
More informationHEC Security & Compliance
HEC Security & Compliance SAP Security, Risk & Compliance Office November, 2014 Public Version 2.0 Details Introduction Overview Security Offering Approach Certifications Introduction Dear Customer, Information
More informationINTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM
INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security
More informationHardware and Software Security
Today, with the big advancement of technology and the need to share data globally at all time. Security has become one of the most important topics when we talk about data sharing. This means that the
More informationSecurity in Database Systems
Global Journal of Computer Science and Technology Network, Web & Security Volume 12 Issue 17 Version 1.0 Year 2012 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationGiftWrap 4.0 Security FAQ
GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationBreaches in the News. Check out Privacy Association site for latest news in PII data breaches to see the latest in the news
Breaches in the News Check out Privacy Association site for latest news in PII data breaches to see the latest in the news www.privacyassociation.org While there consider signing up for having the Daily
More informationINTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
INTERNATIONAL PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective) CONTENTS Paragraph Introduction... 1 5 Skills and Knowledge... 6 7 Knowledge
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationTechnical Standards for Information Security Measures for the Central Government Computer Systems
Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...
More informationEnabling Information PREVIEW VERSION
Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a
More informationThe Importance of Information Security in Australian Universities
1 and 2 1 Queensland University of Technology, Information Security Institute, l.may@qut.edu.au 2 Queensland University of Technology, Information Security Institute, tlane@scu.edu.au Received 04 December
More information^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA
^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS KOGAN PAGE London and Sterling, VA Contents Foreword by Nigel Turnbull How to use this book
More informationCONTENTS. 1.0 Introduction
CONTENTS 1.0 Introduction 2.0 Why we are different? 2.1 What can a Firewall do? 2.2 What can an Intrusion Detection System do? 2.3 What can a Mail Security System do? 2.4 What can Defencity NetSecure do?
More informationSHAMING AS A TECHNIQUE FOR INFORMATION SECURITY POLICY
SHAMING AS A TECHNIQUE FOR INFORMATION SECURITY POLICY AND TRAINING ADHERENCE Mark A. Harris University of South Carolina maharris@hrsm.sc.edu ABSTRACT Information security policy and information security
More informationProcurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment
Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire
More informationSecurity Control Standard
Security Standard The security and risk management baseline for the lottery sector worldwide Updated by the WLA Security and Risk Management Committee V1.0, November 2006 The WLA Security Standard is the
More informationIT Audit and Compliance
Problem IT Audit and Compliance IT audit is about the formal verification and validation of the quality and effectiveness of IT controls to support the overall business control objectives. From a security
More informationInformation Security in Big Data using Encryption and Decryption
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842 Information Security in Big Data using Encryption and Decryption SHASHANK -PG Student II year MCA S.K.Saravanan, Assistant Professor
More informationEXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources
EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust
More informationZeenov Agora High Level Architecture
Zeenov Agora High Level Architecture 1 Major Components i) Zeenov Agora Signaling Server Zeenov Agora Signaling Server is a web server capable of handling HTTP/HTTPS requests from Zeenov Agora web clients
More informationContents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.
iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all
More informationName: Position held: Company Name: Is your organisation ISO27001 accredited:
Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationHow To Be A Successful Company
177 Hitachi s Approach As a global company, upholding the laws and regulations of the countries and regions where we do business is a basic premise of our operations. We have enhanced our compliance framework
More informationSCADA SYSTEMS AND SECURITY WHITEPAPER
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
More information