1 / 21

Securing your organization s data and information

What are the threats to information security?. The three most common sources of threats are:Human error and mistakesMalicious human activityNatural events and disasters.. Human error

avian
Download Presentation

Securing your organization s data and information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Securing your organization’s data and information A manager’s perspective

    2. What are the threats to information security? The three most common sources of threats are: Human error and mistakes Malicious human activity Natural events and disasters.

    3. Human error & mistakes Stem from both employees and non-employees May misunderstand operating procedures and inadvertently delete data Poorly designed procedures may allow employees to enter data incorrectly or misuse the system Unplugging a piece of hardware or spilling a cup of coffee can cause the system to crash

    4. Malicious activity Results from employees, former employees, competitors, and hackers Break into systems with intent to steal, alter, or destroy data Introduce viruses and worm into a system

    5. Natural events & disasters These are a threat not just from the initial loss of capability and service, but also problems an organization may experience during recovery Fires Floods Hurricanes Earthquakes Other acts of nature

    6. Security problems & sources

    7. Components of security program Sr mgmt must establish a security policy & manage risks Safeguards must be established for all components in an IS Organization must plan its response before problems occur

    8. Necessary elements of an effective security program

    9. Senior management’s role Ensure that an effective security policy is in place Manage risks associated with information systems security

    10. Effective security policy Should contain: General statement of the organization’s security program Issue-specific policies like personal use of email and the Internet System-specific policies that ensure the company is complying with laws and regulations Sarbanes-Oxley

    11. Managing risks Risk is the likelihood of an adverse occurrence The amount of money spent on security influences the amount of risk you must assume (reducing risk costs more)

    12. Assessing risks You must determine: what the threats are how likely they are to occur the consequences if they occur

    13. What safeguards are available?

    14. Firewalls

    15. Spyware & adware Symptoms:

    16. Safeguarding against malware Install antivirus and antispyware programs Scan computer regularly Update programs regularly Open email attachments cautiously Browse only reputable Internet neighborhoods

    18. Protecting your data Protect databases and other data sources by following these safeguards:

    19. Human safeguards

    20. Account administration Account management, password management, help-desk policies Establishing new accounts Modifying existing accounts Terminating unnecessary accounts Have users sign a PW acknowledgement form

    21. Systems procedures

More Related