![Page 1: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/1.jpg)
5/4/2012
1
Sustain
Building Block or Appendage
Presented by: Andrew A. Nooks
CISSP, CISA,
CISM, CRISC
Execute
Grow
AliciaMarlon
Cer Alka
• A bit about me
• More about you
![Page 2: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/2.jpg)
5/4/2012
2
• Definitions
• Why information security is important• Why information security is important
• Managing security risks
• Security incident response
DEFINITIONS
![Page 3: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/3.jpg)
5/4/2012
3
BUILDING BLOCK
• Element or integral part of somethingElement or integral part of something
– Aligned
– Threat Resistant
– Reduce Risk
– Appropriate Value
– Sustainable
• Subordinate part attached to something
– Reactive
– Quick fix
– Temporary
– Not Aligned
![Page 4: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/4.jpg)
5/4/2012
4
• Protecting information and information f i d dassets from unintended:
– access
– usage
– disclosure
– disruption
difi i– modification
– inspection
– recording or destruction
Utility
Accuracy
Authenticity
Integrity
AvailabilityConfidentiality
Secure Information
![Page 5: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/5.jpg)
5/4/2012
5
Technology Security
• Firewall
• IDS/IPS
Information Security
• Intellectual Property
• Business/Financial IntegrityIDS/IPS
• Malware
• Encryption
• Operating System
Business/Financial Integrity
• Compliance
• Industrial Espionage
• Confidentiality
IMPORTANCE OF INFORMATION SECURITY
![Page 6: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/6.jpg)
5/4/2012
6
• A threat is an object, person, or other entity that represents a constant dangerentity that represents a constant danger to an asset
– System Failures
– Human Errors
– Acts of Nature
– Deliberate Attacks
• People committed to circumvention of computer securitycomputer security. – Competitors
– Employees
– Contractors
– Ethical Security professionals
Neighbors– Neighbors
– Friends
– Customers
– Our Children
![Page 7: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/7.jpg)
5/4/2012
7
ATTACK METHODS
• Electronic
• Physical
• Human (Social Engineering)
Reputation
Compliance
FinancialHuman
Reputation
![Page 8: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/8.jpg)
5/4/2012
8
•If you do not know your enemies nor yourself, you will lose every single battle.
•If you do not know your enemies but do know yourself, you will win one and lose one;
•If you know your enemies and know yourself, you will not lose in a hundred battles; •Adapted from Sun Tzu’s “The Art of War”
IMPLEMENTING SECURITY
![Page 9: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/9.jpg)
5/4/2012
9
SECURING BUSINESS INFORMATION
Know Your “Self” Know Your “Enemy”
• Understand Business Objectives
• Align and Classify
• Conduct Gap Assessment
• Implement controls
• What threatens your business objectives
• Who/What threatens you business assets
• Consequences
p
MANAGING RISKS
Align Business, IT
Implement ControlsAdministrative
Logical
Physical
Monitor & Evaluate
Train/Educate/Awareness
![Page 10: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/10.jpg)
5/4/2012
10
LAYERED DEFENSE
Host/Net
App
Policies Process
Perimeter
Physical
GuidelinesAwareness
I id
Communication Human Resource
Operations Physical and
System Acquisition, Development Maintenance
Business Continuity
Management
ComplianceIncident
Management
Security Policy
OrganizationOf
Information Security
Asset Management
Risk Management
ManagementHuman Resource
Management Environmental
![Page 11: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/11.jpg)
5/4/2012
11
Security PolicyAsset
Management
Preparation Eradication Recovery
IdentificationContainment
Lessons Learned
![Page 12: Building Block or Appendageconvention.jamaicaemployers.com/pdfs/2012/saturday/Andrew... · 2014-05-27 · LAYERED DEFENSE Host/Net App Policies Process Perimeter Physical Guidelines](https://reader034.vdocuments.net/reader034/viewer/2022050312/5f74f64bfc8b491dd606baea/html5/thumbnails/12.jpg)
5/4/2012
12