Sustainable Protection of Critical Corporate Information

•Download as PPT, PDF•

1 like•759 views

Anas Tawileh

Presented at the 5th Middle East CIO Summit

Technology Education Spiritual

Jeremy Hilton and Anas Tawileh (C) Cardiff University

[object Object],[object Object],[object Object],[object Object],[object Object],(C) Cardiff University

[object Object],[object Object],[object Object],[object Object],(C) Cardiff University

[object Object],[object Object],[object Object],(C) Cardiff University

[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],(C) Cardiff University

“ Others inspire us, information feeds us, practice improves our performance, but we need quiet time to figure things out, to emerge with new discoveries, to unearth original answers.” - Esther Buchholz (C) Cardiff University

[object Object],[object Object],[object Object],Tell me and I’ll forget Show me and I’ll remember Involve me and I’ll understand Old Chinese saying (C) Cardiff University

Traffic Light Protocol Philosophy mapped to the Business Impact and Control Categories RED SENSITIVITY = HIGHLY SENSITIVE Personal for named recipients only WHITE SENSITIVITY = PUBLIC Unlimited Control (Apart from legal recourse) Uncontrolled AMBER SENSITIVITY = SENSITIVE Limited distribution GREEN SENSITIVITY = NORMAL BUSINESS Business Community wide CATASTROPHIC Secured Segregated MATERIAL Secured MAJOR Restricted MINOR Controlled INSIGNIFICANT Controlled Developed to control information sharing between G8 countries, Business Impact levels added.

Generic “Org X” Architecture Trust Model External Secured This zone is similar to the secured zone but is owned and operated by a business partner. The trust relationship between the Org X and the business partner is stronger than in the restricted zones. Information Assets: Distributed to named individuals only. Secured This zone is the most secured area within the architecture. Access should be limited to highly trusted principals. Information Access limited to named principals only. External Restricted Similar to Restricted Zone but owned /operated by a business partner. The trust relationship is stronger that that in the External Controlled Zone. Information Access limited to Groups of authenticated principals Restricted The restricted Zone is the next higher level of security above Controlled. Access is Restricted to authenticated users or processes. Most data processing and storage occurs here. Information Access limited to pre-defined groups made up of authenticated principals. External Controlled Similar to Controlled Zone but owned /operated by an external organisation. Controlled This is where the lowest levels of control are applied to manage Information Assets with the prime goals of managing Availability and Compliance Uncontrolled (Public) The uncontrolled environment outside the control of Org X. Managed Belongs to IT and is used to administer servers, network devices and other managed devices. May be implemented with secure sessions (SSH) separate out of band networks or greater controls on Admin devices.

[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

[object Object],[object Object],[object Object],[object Object],CA – Community Access RA – Restricted Access PI – Personal Information OO – Organisation Only ND – Non-Disclosure CG – Corporate Governance SD – Safe Disposal CU – Controlled Until AB – Authorised By ND – Non-Derivatives BY – Attribution cc cc

[object Object],[object Object],[object Object],Community Access

[object Object],[object Object],Personal Information cc

[object Object],[object Object],[object Object],Non-Disclosure cc cc

[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],cc cc DTG cc cc cc cc cc

Similar to Sustainable Protection of Critical Corporate Information

Cyber presentation spet 2019 v8sentfor upload

savassociates1

Weakest links of an organization's Cybersecurity chain

Sanjay Chadha, CPA, CA

Privacy is on the minds of people everywhere, including your customers and users. Along with a flurry of new legislation that is already in place or in progress around the world or the US states you do operate in, having a formal privacy program in your company or organization is becoming mandatory. This webinar will cover the basics of how to start a privacy program for organizations of all sizes. Secratic's Managing Partner and Founder, Daniel Ayala, will also review how to build privacy into the products and services you sell to achieve a better competitive advantage and build the trust of your customers, employees and business partners.

How to Build a Privacy Program

secratic

D1 security and risk management v1.62

AlliedConSapCourses

Right-Sizing the Security and Information Assurance for Companies, a Core-ver...

Dana Gardner

ISMS End-User Training Presentation.pptx

comstarndt

QI Security Framework_v2007_7

Hong Sin Kwek

Presentation to Irish ISSA Conference 12-May-11

Michael Ofarrell

2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx

VITNetflix

Cloud computing - Assessing the Security Risks - Jared Carstensen

jaredcarst

Cyber Critical Infrastructure Framework Panel

Paul Di Gangi

Cracking the Code: Data Science Tackles Investment Management

Sharala Axryd

Testing

lorenceman

Dancyrityshy 1foundatioieh

Anne Starr

Fredrik Forslund, Director of Cloud & Data Center Erasure Solutions at Blancco Technology Group explores cloud storage compliance challenges and solutions with seasoned security and compliance experts, Giulio Coraggio, Partner at DLA Piper, and Eric Vanderburg, Director of Information Systems & Security at Jurinnov LLC. What You’ll Learn: Common pain points associated with storing, managing and protecting data in the private cloud Key scenarios when cloud security may be compromised Regulatory requirements that must be met whenever data is stored in the cloud Best practices to minimize data security risks and regulatory compliance violations

Cloud Storage and Security: Solving Compliance Challenges

Eric Vanderburg

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors

mdagrossa

During week 6 we develop the theory and application of capital budget analysis. The theory was robust, the calculations mathematically and logically defined, and many of the real-world problems, likely to be encountered, were addressed. As capital budgeting essentially re-invents the company through major long-term expenditures it is arguably one of the most critical functions that financial management performs. However, based on my personal experiences, extensive empirical data, and antidotal data - many firms routinely experience significant failures in their selection of capital projects. The assignment for this topic consists if two parts: 1) For your first topic in this conference I would like for you to briefly review either your personal experiences and/or the financial literature to identify and present a description of one actual capital project/product failure and the reasons attributed to the failure. For those of you who do not have personal experiences the following are some illustrated examples of failed projects/products over the last 50 years you may want to look up and consider: -New Coke,- The Iridium Satellite Communication,- the Edsel automobile, Beta (vs. VHS), the Concord SST, and various Dot Coms. Feel free to research others. In your response please provide financial information regarding the project (what is available): initial outlay, projected cash flows, final dollar losses. Remember this is a one to two paragraph exercise - do not go overboard - a few hours research and summation is all that’s required. I am interested only in your short, concise description of the project and the major reasons you believe it failed. 2) Synthesize your one-paragraph position on what 3-5 specific factors you believe most likely to contribute to capital project analysis failure. CDC IT Security Staff BCP Policy [ CSIA 413, Professor Last Name: Policy Document IT Business Continuity Plan Policy Document Control Organization Center for Disease and Control (CDC) Title CDC IT Security Staff BCP Policy Author Owner IT Security Staff Manager Subject Business Continuity Plan Policy Review date Revision History Revision Date Reviser Previous Version Description of Revision No Revisions Document Approvals This document requires the following approvals: Sponsor Approval Name Date Approved Document Distribution This document will be distributed to: Name Job Title Email Address All CDC Security Staff Information Security Specialist Contributors Development of this policy was assisted through information provided by the following organization: · CDC and Department of Defense, Health and Homeland Security Table of Contents Policy Statement4 1Purpose4 2Objective4 3Scope5 4Compliance5 5Terms and Definitions7 6Risk Identification and Assessment7 7Policy8 Policy Statement The Center for Disease and Control mission is to protect America from health, safety and security threats, both foreign and in the ...

During week 6 we develop the theory and application of capital bud.docx

jacksnathalie

Insider threat kill chain

Tarun Gupta,CRISC CISSP CISM CISA BCCE

Project Scenario You are a third party security consultant hired by the hospital to perform a security audit and make recommendations for remediation. Your customer is a hospital organization responsible for providing patient care to over 1 million patients annually. This hospital was a national leader in providing patient care to a major metropolitan area. Recently, a data breach occurred within the enterprise resulting in significant patient information being breached. This breach was identified by a (different) security researcher, unaffiliated with the hospital, by finding data posted on dark web markets. This event became publicly known and the hospital's reputation has been tarnished as a result. To remediate, the organization has allocated significant funds to overhaul their network and cyber security. To begin, the hospital CISO hired you to conduct a thorough audit of the environment. The hospitals IT architecture consists of a campus WAN with three main office buildings operating inside of the campus network; the main hospital, the children's hospital, and the research and administrative building. During the audit, there were many findings inside of the organization that included: Numerous HIPAA violations around data security and handling. Multiple accounts with unnecessary administrative privileges. Sensitive areas of the environment that were not segregated from the rest of the network (i.e. a flat network). Remote employees had access to sensitive resources from outside the organization without the use of any secure means of access. Physical areas of the IT facilities were not secured or otherwise easily accessible. Hundreds of endpoints that were not updated with the latest OS and patches. Weak or default passwords in use across the network with no multi-factor authentication. Poor documentation with generic policies and standards. The action is on your team to develop a project plan, and presentation to key leadership on how best to mitigate each of these findings. If the approach and design strategy are approved by the executive leadership, you may receive additional business for carrying out these remediations. Additional Notes I highly recommend you research HIPAA compliance and checklist documentation. Specifically, around the areas of data handling and classifications. The network architecture and design is intentionally vague. please describe The action is on your team to develop a project plan, and presentation to key leadership on how best to mitigate each of these findings. If the approach and design strategy are approved by the executive leadership, you may receive additional business for carrying out these remediations. Length 2,000-2,500 word to discuss your proposed plan. .

Project Scenario You are a third party security consultant hired by t.docx

VictormxrPiperc

Преимущества, которые несут в себе облачная и виртуальная инфраструктура очевидны. Также очевидны и дополнительные риски. На семинаре будут обсуждаться следующие вопросы: какие проблемы связаны с обеспечением ИБ инфраструктур виртуализации; что перевешивает, экономика или безопасность; в чем ограничения средств защиты для виртуальных инфраструктур; взлом облака и взлом из облака.

Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...

Positive Hack Days

Similar to Sustainable Protection of Critical Corporate Information (20)

Cyber presentation spet 2019 v8sentfor upload

Weakest links of an organization's Cybersecurity chain

How to Build a Privacy Program

D1 security and risk management v1.62

Right-Sizing the Security and Information Assurance for Companies, a Core-ver...

ISMS End-User Training Presentation.pptx

QI Security Framework_v2007_7

Presentation to Irish ISSA Conference 12-May-11

2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx

Cloud computing - Assessing the Security Risks - Jared Carstensen

Cyber Critical Infrastructure Framework Panel

Cracking the Code: Data Science Tackles Investment Management

Testing

Dancyrityshy 1foundatioieh

Cloud Storage and Security: Solving Compliance Challenges

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors

During week 6 we develop the theory and application of capital bud.docx

Insider threat kill chain

Project Scenario You are a third party security consultant hired by t.docx

Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...

Recently uploaded

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Scaling API-first – The story of a global engineering organization

Radu Cotescu

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Increase engagement and revenue with Muvi Live Paywall! In this presentation, we will explore the five key benefits of using Muvi Live Paywall to monetize your live streams. You'll learn how Muvi Live Paywall can help you: Monetize your live content easily: Set up pay-per-view access to your live streams and start generating revenue from your content. Increase audience engagement: Provide exclusive, premium content behind the paywall to keep your viewers engaged. Gain valuable viewer insights: Track viewer data and analytics to better understand your audience and tailor your content accordingly. Reduce content piracy: Muvi Live Paywall's security features help protect your content from unauthorized distribution. Streamline your workflow: The all-in-one platform simplifies the process of managing and monetizing your live streams. With Muvi Live Paywall, you can take control of your live stream monetization and create a sustainable business model for your content. Learn more about Muvi Live Paywall and start generating revenue from your live streams today!

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Roshan Dwivedi

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

GenAI Risks & Security Meetup 01052024.pdf

A Domino Admins Adventures (Engage 2024)

Boost PC performance: How more available memory can improve productivity

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Scaling API-first – The story of a global engineering organization

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

🐬 The future of MySQL is Postgres 🐘

Sustainable Protection of Critical Corporate Information

1. Jeremy Hilton and Anas Tawileh (C) Cardiff University

3. (C) Cardiff University

4. (C) Cardiff University

5. (C) Cardiff University

6. (C) Cardiff University

7. (C) Cardiff University

8. (C) Cardiff University

9. (C) Cardiff University

10. (C) Cardiff University

11. (C) Cardiff University

12. (C) Cardiff University

13. (C) Cardiff University

14. (C) Cardiff University

15. (C) Cardiff University

16. (C) Cardiff University

17. (C) Cardiff University

18. (C) Cardiff University

19. (C) Cardiff University and much more..

20. (C) Cardiff University

21. (C) Cardiff University

22. (C) Cardiff University

23. (C) Cardiff University

24.

25.

26.

27. “ Others inspire us, information feeds us, practice improves our performance, but we need quiet time to figure things out, to emerge with new discoveries, to unearth original answers.” - Esther Buchholz (C) Cardiff University

28. (C) Cardiff University

29.

30. (C) Cardiff University

31.

32.

33.

34. Creative Commons

35.

36. Traffic Light Protocol Philosophy mapped to the Business Impact and Control Categories RED SENSITIVITY = HIGHLY SENSITIVE Personal for named recipients only WHITE SENSITIVITY = PUBLIC Unlimited Control (Apart from legal recourse) Uncontrolled AMBER SENSITIVITY = SENSITIVE Limited distribution GREEN SENSITIVITY = NORMAL BUSINESS Business Community wide CATASTROPHIC Secured Segregated MATERIAL Secured MAJOR Restricted MINOR Controlled INSIGNIFICANT Controlled Developed to control information sharing between G8 countries, Business Impact levels added.

37. Generic “Org X” Architecture Trust Model External Secured This zone is similar to the secured zone but is owned and operated by a business partner. The trust relationship between the Org X and the business partner is stronger than in the restricted zones. Information Assets: Distributed to named individuals only. Secured This zone is the most secured area within the architecture. Access should be limited to highly trusted principals. Information Access limited to named principals only. External Restricted Similar to Restricted Zone but owned /operated by a business partner. The trust relationship is stronger that that in the External Controlled Zone. Information Access limited to Groups of authenticated principals Restricted The restricted Zone is the next higher level of security above Controlled. Access is Restricted to authenticated users or processes. Most data processing and storage occurs here. Information Access limited to pre-defined groups made up of authenticated principals. External Controlled Similar to Controlled Zone but owned /operated by an external organisation. Controlled This is where the lowest levels of control are applied to manage Information Assets with the prime goals of managing Availability and Compliance Uncontrolled (Public) The uncontrolled environment outside the control of Org X. Managed Belongs to IT and is used to administer servers, network devices and other managed devices. May be implemented with secure sessions (SSH) separate out of band networks or greater controls on Admin devices.

38.

39.

40.

41.

42.

43.

44.

45. Thank You

Sustainable Protection of Critical Corporate Information

Recommended

Recommended

More Related Content

Similar to Sustainable Protection of Critical Corporate Information

Similar to Sustainable Protection of Critical Corporate Information (20)

More from Anas Tawileh

More from Anas Tawileh (10)

Recently uploaded

Recently uploaded (20)

Sustainable Protection of Critical Corporate Information