120 likes | 215 Views
Innovation or Necessity?. Information Security. ISM 158 By: Sepehr Saeb. In 2006, Nationwide building society was fined nearly £1 million by the FSA (Financial Services Authority) for failing to have effective systems and controls to manage information security risks. Why?
E N D
Innovation or Necessity? Information Security ISM 158 By: SepehrSaeb
In 2006, Nationwide building society was fined nearly £1 million by the FSA (Financial Services Authority) for failing to have effective systems and controls to manage information security risks. Why? The laptop of one of the employees got stolen from his house so that put the customers into a high risk of financial crime Introduction
Today, information is considered as an essential asset for businesses not only as the success factor, but also as an surviving factor. Different Types of Information: Printed or written Stored electronically Transmitted by post Shown on films Spoken in conversation Introduction continued…
As soon as the necessity of information is realized by the leaders of a business, Security must be embedded into the system and become standard. If it is implemented correctly: Increased efficiency Greater clarity and visibility of processes Risk reduction Direct improvement Higher credibility within clients Managing Information Security
Implementing an Information Security Management System (ISMS) • What ISMS Does? • Identify and reduce security risks • Focus information security • Protect information Solution
The Core work needs to be done in implementing ISMS: • Scope out the extent of the system and its boundaries in order to protect data • A thorough and detailed risk assessment needs to be prepared by identifying the valuable information with possible threats and vulnerabilities followed by the existing controls. The result of these steps will show us which section of business need stronger and more developed security. Solution continued
After gathering all necessary requirements to implement ISMS: • Staff training and awareness • Publishing the security policy • Documenting the final set of security controls • Periodic review of the system is essential to maintain the integrity of the system Solution continued (go live)
Reduction in security breaches Improved understanding of business operations and related critical assets Ensuring compliance to regulatory and legislative requirements Reduced risk to reputation in the market sector Increased protection of key IT assets and related data Enforcing a systematic approach to identifying and handling security incidents. Providing confidence to external financial auditors that security controls are in place and effective. Benefits
Security of back up data Staff training and awareness Limited tools to characterize security performance Lack of effective testing systems Poor software licensing controls Weaknesses
Since information is dramatically increasing and getting larger Security risks also is increasing As a result, having a good ISMS is necessity The main issue is to avoid security breaches in the gap between a new vulnerability being published and implementing a patch to fix it which is time consuming Future
http://www.cxo.eu.com/article/Information-Security-Innovation-or-Necessity/http://www.cxo.eu.com/article/Information-Security-Innovation-or-Necessity/ Resources