Best Practices for Information Security Management - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Best Practices for Information Security Management

Description:

Effective security requires a rigorous risk management process ... Speed bumps are a better metaphor. for information security than bank vaults. March 2006 ... – PowerPoint PPT presentation

Number of Views:58
Avg rating:3.0/5.0
Slides: 15
Provided by: kane154
Category:

less

Transcript and Presenter's Notes

Title: Best Practices for Information Security Management


1
Best Practices forInformation Security Management
  • Bob Small, CISSP, CEH
  • small_at_software.org
  • March 2006

2
Take-away Messages
  • Defense in depth solutions
  • Effective security requires a rigorous risk
    management process
  • Must be effective and cost effective
  • Think about it from the adversarys perspective

3
Key Elements of Security
4
Defense In Depth
Speed bumps are a better metaphor for
information security than bank vaults
5
Risk Management Process
6
International Standards for ISMS
Information Security Management System
These standards are accepted as industry best
practices
7
Control Areas In ISO 17799
Security Policy
Organization of Information Security
Asset Management
Human Resource Security
Communications and Operations Management
Physical and Environmental Security
Information Systems Acquisition, Development and
Maintenance
Access Control
Information Security Incident Management
Compliance
Business Continuity Management
133 controls in 11 areas
8
Security Policy
Objective Provide management direction and
support for information security in accordance
with business requirements and relevant laws and
regulations
  • It must be written
  • It must be reviewed periodically

9
Security Must Be Managed In All Relationships
Each arrow represents a contract, MOA, SLA, etc.
10
Information Assets Must Be Managed
  • Inventory of Assets
  • Tangible
  • Intangible

11
Human Resources Security
12
Think Creatively About Information Security
13
ISMS Resources
  • ISO 17799, Code of Practice for Information
    Security Management
  • ISO 27001, Information Security Management
    Systems Requirements

http//www.iso.org
  • National Institute for Standards Technology
  • SP 800-70, The NIST Security Configuration
    Checklists Program
  • SP 800-66, An Introductory Resource Guide for
    Implementing the Health Insurance Portability
    and Accountability Act (HIPAA) Security Rule
  • SP 800-30, Risk Management Guide for Information
    Technology Systems

http//csrc.nist.gov
  • INCITS CS1 (Cybersecurity)

http//www.incits.org
14
Thank You
?
?
?
?
?
?
?
?
?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Best Practices for Information Security Management" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!