SlideShare uma empresa Scribd logo

Security analysis

Transferir como PPT, PDF
Y
Yulisa Rosliana S.Kom

Security http://sif.uin-suska.ac.id/ http://fst.uin-suska.ac.id/ http://www.uin-suska.ac.id/

Engenharia
1 de 17
Information TechnologyInformation Technology Security AssessmentSecurity Assessment YULISA ROSLIANA Hys.yulisarosliana@gmail.com YULISA ROSLIANA Hys.yulisarosliana@gmail.com http://sif.uin-suska.ac.id/ http://fst.uin-suska.ac.id/ http://www.uin-suska.ac.id/
The Global ThreatThe Global Threat  Information security is not just a paperwork drill…there are dangerous adversaries out there capable of launching serious attacks on our information systems that can result in severe or catastrophic damage to the nation’s critical information infrastructure and ultimately threaten our economic and national security…  Information security is not just a paperwork drill…there are dangerous adversaries out there capable of launching serious attacks on our information systems that can result in severe or catastrophic damage to the nation’s critical information infrastructure and ultimately threaten our economic and national security… http://sif.uin-suska.ac.id/ http://fst.uin-suska.ac.id/ http://www.uin-suska.ac.id/
Critical InfrastructuresCritical Infrastructures ExamplesExamples  Energy (electrical, nuclear, gas and oil, dams)  Transportation (air, road, rail, port, waterways)  Public Health Systems / Emergency Services  Information and Telecommunications  Defense Industry  Banking and Finance  Postal and Shipping  Agriculture / Food / Water  Chemical  Energy (electrical, nuclear, gas and oil, dams)  Transportation (air, road, rail, port, waterways)  Public Health Systems / Emergency Services  Information and Telecommunications  Defense Industry  Banking and Finance  Postal and Shipping  Agriculture / Food / Water  Chemical
Computer Security Practices inComputer Security Practices in Nonprofit OrganizationsNonprofit Organizations • When asked how employees would characterize the state of their own organization's computer security practices, nearly a third of the respondents (32%) acknowledged that their computer security practices needed to be improved. • How respondents described their own organization's computer security? • • When asked how employees would characterize the state of their own organization's computer security practices, nearly a third of the respondents (32%) acknowledged that their computer security practices needed to be improved. • How respondents described their own organization's computer security? •
Threats to SecurityThreats to Security Connectivity Complexity
Which of the following statements bestWhich of the following statements best describes your organization's computerdescribes your organization's computer security?security?
Does your organization have a dataDoes your organization have a data recovery plan to implement in the event ofrecovery plan to implement in the event of catastrophic data loss?catastrophic data loss?
In your opinion, what are the computerIn your opinion, what are the computer security issues that your organizationsecurity issues that your organization needs to address?needs to address?
The Risks are RealThe Risks are Real • • Lost laptops and portable storage devices • • Data/Information “left” on public computers • • Data/Information intercepted in transmission • • Spyware, “malware,” “keystroke logging” • • Unprotected computers infected within seconds • of being connected to the network • • Thousands of attacks on campus networks • every day • • Lost laptops and portable storage devices • • Data/Information “left” on public computers • • Data/Information intercepted in transmission • • Spyware, “malware,” “keystroke logging” • • Unprotected computers infected within seconds • of being connected to the network • • Thousands of attacks on campus networks • every day
Risk Identification Report & Briefing Data Analysis Vulnerability Scan Document Review Requirement Study And Situation Analysis
Risk Management FlowRisk Management Flow • Investigate • Analyze: Risk Identification Identify the vulnerability and • Analyze : Risk Control investigate how to control vulnerabilities • Design • Implement • Maintain • Investigate • Analyze: Risk Identification Identify the vulnerability and • Analyze : Risk Control investigate how to control vulnerabilities • Design • Implement • Maintain
Information Security ProgramInformation Security Program Adversaries attack the weakest link…where is yours?  Risk assessment  Security planning  Security policies and procedures  Contingency planning  Incident response planning  Security awareness and training  Physical security  Personnel security  Certification, accreditation, and security assessments  Access control mechanisms  Identification & authentication mechanisms (Biometrics, tokens, passwords)  Audit mechanisms  Encryption mechanisms  Firewalls and network security mechanisms  Intrusion detection systems  Security configuration settings  Anti-viral software  Smart cards Links in the Security Chain: Management, Operational, and Technical Controls
What you need to knowWhat you need to know • IT resources to be managed • What’s available on your network • Policies, laws & regulations • Security Awareness • Risk Assessment, Mitigation, & Monitoring • Resources to help you • IT resources to be managed • What’s available on your network • Policies, laws & regulations • Security Awareness • Risk Assessment, Mitigation, & Monitoring • Resources to help you
The Golden RulesThe Golden Rules Building an Effective Enterprise Information Security ProgramBuilding an Effective Enterprise Information Security Program  Develop an enterprise-wide information security strategy and game plan  Get corporate “buy in” for the enterprise information security program—effective programs start at the top  Build information security into the infrastructure of the enterprise  Establish level of “due diligence” for information security  Focus initially on mission/business case impacts—bring in threat information only when specific and credible  Develop an enterprise-wide information security strategy and game plan  Get corporate “buy in” for the enterprise information security program—effective programs start at the top  Build information security into the infrastructure of the enterprise  Establish level of “due diligence” for information security  Focus initially on mission/business case impacts—bring in threat information only when specific and credible
The Golden RulesThe Golden Rules Building an Effective Enterprise Information Security ProgramBuilding an Effective Enterprise Information Security Program  Create a balanced information security program with management, operational, and technical security controls  Employ a solid foundation of security controls first, then build on that foundation guided by an assessment of risk  Avoid complicated and expensive risk assessments that rely on flawed assumptions or unverifiable data  Harden the target; place multiple barriers between the adversary and enterprise information systems  Be a good consumer—beware of vendors trying to sell “single point solutions” for enterprise security problems  Create a balanced information security program with management, operational, and technical security controls  Employ a solid foundation of security controls first, then build on that foundation guided by an assessment of risk  Avoid complicated and expensive risk assessments that rely on flawed assumptions or unverifiable data  Harden the target; place multiple barriers between the adversary and enterprise information systems  Be a good consumer—beware of vendors trying to sell “single point solutions” for enterprise security problems
The Golden RulesThe Golden Rules Building an Effective Enterprise Information Security ProgramBuilding an Effective Enterprise Information Security Program  Don’t be overwhelmed with the enormity or complexity of the information security problem—take one step at a time and build on small successes  Don’t tolerate indifference to enterprise information security problems And finally…  Manage enterprise risk—don’t try to avoid it!  Don’t be overwhelmed with the enormity or complexity of the information security problem—take one step at a time and build on small successes  Don’t tolerate indifference to enterprise information security problems And finally…  Manage enterprise risk—don’t try to avoid it!
ThanksThanks QQ AA

Recomendados

Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
Robot Mode
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policy
everestsky66
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems Policy
Ali Sadhik Shaik
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Eric Vanderburg
 

Recomendados

Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
Robot Mode
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policy
everestsky66
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems Policy
Ali Sadhik Shaik
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Eric Vanderburg
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
vngundi
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Cyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachCyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data Breach
Fletcher Media
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy D
guest34b014
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
Jack Nichelson
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
Dinesh O Bareja
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
Jonathon Coulter
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
Matthew Rosenquist
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
Pankaj Rane
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
Shawn Tuma
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
Nicholas Davis
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
Tripwire
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
wbesse
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
Kroll
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
William McBorrough
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
Information security for small business
Information security for small businessInformation security for small business
Information security for small business
BDPA Charlotte - Information Technology Thought Leaders
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
netwealthInvest
 

Mais conteúdo relacionado

Mais procurados

Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy D
guest34b014
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
Jack Nichelson
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 

Mais procurados (20)

Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
Cyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachCyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data Breach
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy D
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 

Semelhante a Security analysis

BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
CBIZ, Inc.
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
Amanda Case
 
Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2
marchharvey
 
Core_Network_Insight
Core_Network_InsightCore_Network_Insight
Core_Network_Insight
Tim Bell
 

Semelhante a Security analysis (20)

Information security for small business
Information security for small businessInformation security for small business
Information security for small business
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
IBM Security Products: Intelligence, Integration, Expertise
IBM Security Products: Intelligence, Integration, ExpertiseIBM Security Products: Intelligence, Integration, Expertise
IBM Security Products: Intelligence, Integration, Expertise
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI
 
BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolio
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Cyber security
Cyber securityCyber security
Cyber security
 
Core_Network_Insight
Core_Network_InsightCore_Network_Insight
Core_Network_Insight
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice Guide
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 

Último

Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 

Último (20)

Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Intro To Electric Vehicles PDF Notes.pdf
Intro To Electric Vehicles PDF Notes.pdfIntro To Electric Vehicles PDF Notes.pdf
Intro To Electric Vehicles PDF Notes.pdf
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 

Security analysis

  • 1. Information TechnologyInformation Technology Security AssessmentSecurity Assessment YULISA ROSLIANA Hys.yulisarosliana@gmail.com YULISA ROSLIANA Hys.yulisarosliana@gmail.com http://sif.uin-suska.ac.id/ http://fst.uin-suska.ac.id/ http://www.uin-suska.ac.id/
  • 2. The Global ThreatThe Global Threat  Information security is not just a paperwork drill…there are dangerous adversaries out there capable of launching serious attacks on our information systems that can result in severe or catastrophic damage to the nation’s critical information infrastructure and ultimately threaten our economic and national security…  Information security is not just a paperwork drill…there are dangerous adversaries out there capable of launching serious attacks on our information systems that can result in severe or catastrophic damage to the nation’s critical information infrastructure and ultimately threaten our economic and national security… http://sif.uin-suska.ac.id/ http://fst.uin-suska.ac.id/ http://www.uin-suska.ac.id/
  • 3. Critical InfrastructuresCritical Infrastructures ExamplesExamples  Energy (electrical, nuclear, gas and oil, dams)  Transportation (air, road, rail, port, waterways)  Public Health Systems / Emergency Services  Information and Telecommunications  Defense Industry  Banking and Finance  Postal and Shipping  Agriculture / Food / Water  Chemical  Energy (electrical, nuclear, gas and oil, dams)  Transportation (air, road, rail, port, waterways)  Public Health Systems / Emergency Services  Information and Telecommunications  Defense Industry  Banking and Finance  Postal and Shipping  Agriculture / Food / Water  Chemical
  • 4. Computer Security Practices inComputer Security Practices in Nonprofit OrganizationsNonprofit Organizations • When asked how employees would characterize the state of their own organization's computer security practices, nearly a third of the respondents (32%) acknowledged that their computer security practices needed to be improved. • How respondents described their own organization's computer security? • • When asked how employees would characterize the state of their own organization's computer security practices, nearly a third of the respondents (32%) acknowledged that their computer security practices needed to be improved. • How respondents described their own organization's computer security? •
  • 5. Threats to SecurityThreats to Security Connectivity Complexity
  • 6. Which of the following statements bestWhich of the following statements best describes your organization's computerdescribes your organization's computer security?security?
  • 7. Does your organization have a dataDoes your organization have a data recovery plan to implement in the event ofrecovery plan to implement in the event of catastrophic data loss?catastrophic data loss?
  • 8. In your opinion, what are the computerIn your opinion, what are the computer security issues that your organizationsecurity issues that your organization needs to address?needs to address?
  • 9. The Risks are RealThe Risks are Real • • Lost laptops and portable storage devices • • Data/Information “left” on public computers • • Data/Information intercepted in transmission • • Spyware, “malware,” “keystroke logging” • • Unprotected computers infected within seconds • of being connected to the network • • Thousands of attacks on campus networks • every day • • Lost laptops and portable storage devices • • Data/Information “left” on public computers • • Data/Information intercepted in transmission • • Spyware, “malware,” “keystroke logging” • • Unprotected computers infected within seconds • of being connected to the network • • Thousands of attacks on campus networks • every day
  • 11. Risk Management FlowRisk Management Flow • Investigate • Analyze: Risk Identification Identify the vulnerability and • Analyze : Risk Control investigate how to control vulnerabilities • Design • Implement • Maintain • Investigate • Analyze: Risk Identification Identify the vulnerability and • Analyze : Risk Control investigate how to control vulnerabilities • Design • Implement • Maintain
  • 12. Information Security ProgramInformation Security Program Adversaries attack the weakest link…where is yours?  Risk assessment  Security planning  Security policies and procedures  Contingency planning  Incident response planning  Security awareness and training  Physical security  Personnel security  Certification, accreditation, and security assessments  Access control mechanisms  Identification & authentication mechanisms (Biometrics, tokens, passwords)  Audit mechanisms  Encryption mechanisms  Firewalls and network security mechanisms  Intrusion detection systems  Security configuration settings  Anti-viral software  Smart cards Links in the Security Chain: Management, Operational, and Technical Controls
  • 13. What you need to knowWhat you need to know • IT resources to be managed • What’s available on your network • Policies, laws & regulations • Security Awareness • Risk Assessment, Mitigation, & Monitoring • Resources to help you • IT resources to be managed • What’s available on your network • Policies, laws & regulations • Security Awareness • Risk Assessment, Mitigation, & Monitoring • Resources to help you
  • 14. The Golden RulesThe Golden Rules Building an Effective Enterprise Information Security ProgramBuilding an Effective Enterprise Information Security Program  Develop an enterprise-wide information security strategy and game plan  Get corporate “buy in” for the enterprise information security program—effective programs start at the top  Build information security into the infrastructure of the enterprise  Establish level of “due diligence” for information security  Focus initially on mission/business case impacts—bring in threat information only when specific and credible  Develop an enterprise-wide information security strategy and game plan  Get corporate “buy in” for the enterprise information security program—effective programs start at the top  Build information security into the infrastructure of the enterprise  Establish level of “due diligence” for information security  Focus initially on mission/business case impacts—bring in threat information only when specific and credible
  • 15. The Golden RulesThe Golden Rules Building an Effective Enterprise Information Security ProgramBuilding an Effective Enterprise Information Security Program  Create a balanced information security program with management, operational, and technical security controls  Employ a solid foundation of security controls first, then build on that foundation guided by an assessment of risk  Avoid complicated and expensive risk assessments that rely on flawed assumptions or unverifiable data  Harden the target; place multiple barriers between the adversary and enterprise information systems  Be a good consumer—beware of vendors trying to sell “single point solutions” for enterprise security problems  Create a balanced information security program with management, operational, and technical security controls  Employ a solid foundation of security controls first, then build on that foundation guided by an assessment of risk  Avoid complicated and expensive risk assessments that rely on flawed assumptions or unverifiable data  Harden the target; place multiple barriers between the adversary and enterprise information systems  Be a good consumer—beware of vendors trying to sell “single point solutions” for enterprise security problems
  • 16. The Golden RulesThe Golden Rules Building an Effective Enterprise Information Security ProgramBuilding an Effective Enterprise Information Security Program  Don’t be overwhelmed with the enormity or complexity of the information security problem—take one step at a time and build on small successes  Don’t tolerate indifference to enterprise information security problems And finally…  Manage enterprise risk—don’t try to avoid it!  Don’t be overwhelmed with the enormity or complexity of the information security problem—take one step at a time and build on small successes  Don’t tolerate indifference to enterprise information security problems And finally…  Manage enterprise risk—don’t try to avoid it!

Notas do Editor

  1. Title is: Threats to security. Photograph of a radio tower to demonstrate connectivity, and a second photograph of a magnified computer chip to demonstrate complexity.
  2. This slide shows a picture of a chain to demonstrate the concept that a chain is only as strong as its weakest link. All listed Management, Operational and Technical controls must be in place.