Information Systems Management ISM Lesson 3 Security management

  • Slides: 16
Download presentation
Information Systems Management (ISM) Lesson 3: Security management 21 april 2005 Marco Extra

Information Systems Management (ISM) Lesson 3: Security management 21 april 2005 Marco Extra

Planning and agenda What Who When ● Introduction Marco & Hans 12 -04 ●

Planning and agenda What Who When ● Introduction Marco & Hans 12 -04 ● Configuration Management Hans 14 -04 ● Security Management Marco 21 -04 ● Practice councilling Marco & Hans 28 -04 ● Change Management Hans ● Accounting & Availability Management Marco & Hans 19 -05 ● Excursion IT centre Fortis Bank NL 26 -05 12 -05 Marco & Hans

Introduction • The MCM Paradigm • ITIL • Security management • What is security?

Introduction • The MCM Paradigm • ITIL • Security management • What is security? • Security management components • Structuring security measures • Administration and reporting

Information System

Information System

MCM Paradigm

MCM Paradigm

Recursion

Recursion

IT Infrastructure library (ITIL) Best Practice!!!

IT Infrastructure library (ITIL) Best Practice!!!

What is security? • • • Don't confuse Security with Safety! Basic question: WHO

What is security? • • • Don't confuse Security with Safety! Basic question: WHO should do WHAT? Basic concepts: • WHO = which employee • WHAT = which part of the infrastructure • should do = needs in order to do his job

Security Management components • WHO: Human Resource Management • WHAT: Configuration Management An excellent

Security Management components • WHO: Human Resource Management • WHAT: Configuration Management An excellent relation to these departments is essential (but only if they're doing their job).

What do we want form HRM? • Who is employed? What is their job?

What do we want form HRM? • Who is employed? What is their job? • Who is joining? When? What will be their job? • Who is leaving? Who goes voluntary? When? • Who is being promoted? When? • Who is on a prolonged leave?

What do you want to know from Configuration Management? ● ● Whatever there is!

What do you want to know from Configuration Management? ● ● Whatever there is! When you don't know it's there, you can't secure it! BTW. . When something new is coming up, is modified or is removed, you want to know that too!

Life Cycle Management – – – It is good to know what is being

Life Cycle Management – – – It is good to know what is being used. . Because some products have inherent defects. . Patch management becomes feasible this way. .

Structuring security measures Physical security Outside world Company zone ICT zone

Structuring security measures Physical security Outside world Company zone ICT zone

Structuring security measures Logical security Define different user groups: • Per zone • Per

Structuring security measures Logical security Define different user groups: • Per zone • Per application • Per job description Use information supplied by HRM and/or Business Management

Prevention, Containment & detection Prevention Containment Detection

Prevention, Containment & detection Prevention Containment Detection

Administration • User. IDs • Profiles • Personnel numbers • Detections and incidents •

Administration • User. IDs • Profiles • Personnel numbers • Detections and incidents • Authorisations

ISM light ISM International Safety Management What isISM light ISM International Safety Management What is
IQRA ISM Indian School of Mines ISM DhanbadIQRA ISM Indian School of Mines ISM Dhanbad
ISM for Risk Assessment SECTION 8 ISM forISM for Risk Assessment SECTION 8 ISM for
Information Security Information security Information Security describes allInformation Security Information security Information Security describes all
Information Security Information security Information Security describes allInformation Security Information security Information Security describes all
Information Systems Management ISM at UC Santa CruzInformation Systems Management ISM at UC Santa Cruz
Viewing Information Systems Security Viewing Information Systems SecurityViewing Information Systems Security Viewing Information Systems Security
Information Systems General Information Information Systems An informationInformation Systems General Information Information Systems An information
Information Security Management Information Security Management Semester DefinitionInformation Security Management Information Security Management Semester Definition
Information Security Management Information Security Management Goal TheInformation Security Management Information Security Management Goal The
Security Management Security Management Security Management is theSecurity Management Security Management Security Management is the
Information Security Awareness Training Information security Protecting informationInformation Security Awareness Training Information security Protecting information
INFORMATION SYSTEMS SECURITY SECTION 3 Information Security StandardsINFORMATION SYSTEMS SECURITY SECTION 3 Information Security Standards
Information Warfare Summary Information Security Information Assurance InformationInformation Warfare Summary Information Security Information Assurance Information
EOSChub WP 4 4 Security ISM David KelseyEOSChub WP 4 4 Security ISM David Kelsey