Importance of Information Protection and Security Measures

Slide Note
Embed
Share

Enhance understanding of information and information security, different types of information assets, classification of internal and confidential information, types of data, information life cycle, and potential risks if information is not well-protected.

cha_kr
cha_kr Follow

Uploaded on Nov 24, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. ISO/IEC 27000 BRIEFING.

  2. To enhance understanding information and information security. To enhance understanding of the different kind of information and information media. To enhance understanding information life cycle in relation to ISMS.

  3. I I:-Information S S:-Security M M:-Management S S:-System Isms is a part of overall management system not technical.

  4. Information is an ASSET and has a great value to an organization thus calls for proper protection. ASSET existing in many forms

  5. Internal information;-Is a type of information in an organization which MUST be protected at any cost. Confidential information;-This is an information in an organization exempted from disclosure to an authorized persons. Shared/Public:-This is a type of information which can be made available to the public and other .

  6. Names ,addresses, phone numbers, personal information. Password. Designs, Patents(rights)technical research. Credit cards, bank account numbers. Plans . Contract bids, competitive analysis, market research. Commercial details(strategies ,finances ,business performance. Intelligence. Security information(risk assessment, network diagrams, facilities plans).

  7. Mail/e-mails. Papers (printed or handwritten) CD, Memory card sticks, DvDs, tapes, diskettes etc Data base Conversation (one on one /phone calls/chats) Websites/blogs/social networks/sites.

  8. Creation->Store->Distribute->Modify->Archive->Delete. Information MUST maintain C.I.A throughout the life cyle for it to remain protected/secured.

  9. If information is not well protected it can suffer: Unauthorized disclosure Loss Accidental disclosure Theft Lack of integrity Unavailability Unauthorized modification.

  10. This is the preservation of Confidentiality, Integrity Confidentiality, Integrity and Availability Availability of information. An information is said to be secured when it fully contain the C I A aspect in it.

  11. C C-confidentiality;-Its a property that entails an information is not made available or undisclosed to unauthorized persons but ONLY to authorized persons. I-Integrity;-It s a property of protecting the accuracy and completeness of an information. A-Availability;-It s a property of an information being readly accessible in usable form upon request/demand by an authorized person

  12. Good decision making. Competitive advantage. Order. Proper information relay. Control. Safety. Self esteem (personal level).

  13. What is an asse asset? Any valuable thing to an organization.

  14. Organization image. Information. Physical. Human resource (Human capital). Software.

  15. Context of the organization

  16. Understanding the organization and its context. The internal parties that affect and are affected by the organization. internal, external external issues and interested interested

  17. Internal issues Organizational structure Strategic objectives Internal stake holders Contractual relationship Policies and governance Organizational culture

  18. External issues Social culture Legal Technological Political Ecological Competition

  19. Interested parties Interested parties Stake holders. Consumer. Suppliers. Competitors. Intermediaries. The organization shall determine interested parties that are relevant to the information security management system and the requirements of these interested parties relevant to the information security.

  20. The organization shall determine the boundaries and applicability of the information security management system to establish its scope. When defining the scope we need to consider. The internal and external issues Needs and expectations of interested parties. Interfaces and dependencies between activities performed by the organization and those that are performed by other organizations. Note: The scope shall be available as a documented information which must clearly show the processes, boundary and assets .

  21. To provide quality tertiary education through teaching and research at main and town campuses in Eldoret. It also includes consultancy and common outreach services . Asset of the university are human capital ,land infrastructure state of the art equipment and use of enterprise resources, planning to support the delivery of is mandate.

  22. Top management shall demonstrate leadership and commitment with respect to ISMS by ; Ensuring resources needed for ISMS are available. Communicating the importance of ISMS and of conforming to the ISMS requirements. Ensuring that the ISMS achieves it intended outcome(s) Ensuring the integration of ISMS requirements in the organization s processes. Directing and supporting persons to contribute to the effectiveness of the ISMS. Promoting continual improvement. Ensuring information security policy established and are compatible with the strategic direction of the organization. information security policy and the information security objectives information security objectives are Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

  23. Is a high level statement of organizations beliefs, goals and objectives and the general means for their attainment.

  24. It has to be;- Directive Brief Catches readers eye Be an A4 size

  25. The policys goal is to protect UoE organization s information assets against all internal external deliberate and accidental threats. The VC shall approve the information security policy. The security policy ensures that:- In formation will be protected against unauthorized access . Confidentiality of information is assured. Integrity of information will be maintained. Awareness of information will be provided to all personnel on a regular basis. Legislative and regulatory requirements will be met. The policy will be reviewed by responsible team yearly and incase of any changes. All heads of units are directly responsible for implementing the policy at their respective levels and for the adherence of their staff. VC SIGNATURE

Related


Understanding Computer System Protection and Security

Understanding Computer System Protection and Security

gmar
Understanding Carnegie Mellon's Protection and Security Concepts

Understanding Carnegie Mellon's Protection and Security Concepts

der_co
Groundskeeping Safety and Personal Protective Equipment Training

Groundskeeping Safety and Personal Protective Equipment Training

ives
Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication

Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication

joso_597
Proactive Network Protection Through DNS Security Insights

Proactive Network Protection Through DNS Security Insights

rserv
Certified Protection Professional (CPP) Certification Examination Review

Certified Protection Professional (CPP) Certification Examination Review

jwans
Comprehensive DevOps Security Training Overview

Comprehensive DevOps Security Training Overview

jahv_808
Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill

Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill

helena
Safeguarding National Security in EU Asylum Law: A Legal Analysis

Safeguarding National Security in EU Asylum Law: A Legal Analysis

corinthia
Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

kol_lov
Understanding HTTP Security Headers for Web Apps

Understanding HTTP Security Headers for Web Apps

pembroke_l
Revolutionizing Security Testing with BDD-Security

Revolutionizing Security Testing with BDD-Security

sbre
Understanding Cyber Security and Risks

Understanding Cyber Security and Risks

kathryn
Enhancing SWIFT Security Measures for ReBIT: March 2018 Update

Enhancing SWIFT Security Measures for ReBIT: March 2018 Update

grajales_i
Understanding Information Governance and GDPR for Data Protection

Understanding Information Governance and GDPR for Data Protection

ymatt
Certification and Training in Information Security

Certification and Training in Information Security

buck
Enhanced Security Measures for Your Social Security Account

Enhanced Security Measures for Your Social Security Account

maya
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Common Framework on Public Health Protection and Health Security in the UK

Common Framework on Public Health Protection and Health Security in the UK

edie
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
Understanding Computer Security Principles and Practices

Understanding Computer Security Principles and Practices

jos_o
Understanding Security Threats and Countermeasures

Understanding Security Threats and Countermeasures

grob_aid
Comprehensive Overview of E-Commerce Application Development and Computer Security

Comprehensive Overview of E-Commerce Application Development and Computer Security

aqua
Eye Protection Training for Workplace Safety

Eye Protection Training for Workplace Safety

aiyla

More Related Content