Yemen Humanitarian Response Plan - 2013 Sana’a, 20 October 2012.
1 Prepared By Baderdeen J Alsaba Baderdeen J Alsaba Supervised By Dr. Sana’a Wafa Al-Sayegh...
-
Upload
ann-teresa-french -
Category
Documents
-
view
216 -
download
0
Transcript of 1 Prepared By Baderdeen J Alsaba Baderdeen J Alsaba Supervised By Dr. Sana’a Wafa Al-Sayegh...
1
PreparedPrepared ByBy Baderdeen J AlsabaBaderdeen J Alsaba
Supervised BySupervised By
Dr. Sana’a Wafa Al-Sayegh
University of Palestine College of Information Technology
Security System Standards Specification
Contact: [email protected]
2
Agenda Introduction
Definition
Provide adequate protection
First dimension: the security of information - Plenary Session
Phase I Evaluation:
Phase II Design: Phase III implementation:
Phase IV Control:
Second dimension : the security of information - building blocks
I- construction unit: regulations
II-Unit construction Education
III - Building security
3
Agenda
Third dimension : the security of information - valuable property
Persons:- Data:-
Infrastructure for the Information Technology
Equipment:- Networks :- Operating Systems :- Applications:-
References:-References:-
4
Introduction And the use of the term systems Security and was previously used old
methods of the birth of information technology, but found common use, but the actual scope of the activities in the processing and transfer of data by means of computing and communication - specifically the Internet - Occupied the research and studies security systems are in the broad area of development among the various information technology research, and perhaps even becoming one of the concerns felt by the different actors. - As well as the goal of legislative measures in this field, ensure the availability of the following elements for information
5
Definition System security Is the science that looks at the theories and
strategies to provide protection system of the risks and activities that threaten to attack them
In terms of technology, the means and tools and procedures to be provided to ensure the protection of the system of internal and external threats.
From a legal perspective, the purpose of legislation to protect the system from illicit activities and illegal targeting of information and systems (computer crimes and Internet piracy)
6
Provide adequate protection 1 - CONFIDENTIALITY:-
secret or reliability Means to make sure that information does not reveal not disclosed by unauthorized people.
2 - INTEGRITY:- To make sure that the true content of the
information has not been modified or tampered with in particular.
7
Provide adequate protection
3 - AVAILABILITY:-
To ensure the continued operation of information system and the continued ability to interact with the.
4 - Non-repudiation:- It is intended to ensure that deny the person who is related to the disposal of their information or deny that it was he who did this act
8
First dimension:
the security of information - Plenary Session
Phase I: Evaluation: Each facility must assess the risks that watching
them, to learn accurate knowledge of their environment, and has the ability to classify data in
terms of sensitivity and importance.
Why protect? (What is the mission property?) What is? (What are the risks?) How safeguard? (What are the mechanisms?)
9
Phase II
Design
Assuming that the security chain, the chain measured by the most vulnerable of a link. Therefore, the use of the latest networking barriers Firewalls or even intrusion detection systems (Intrusion Detection Systems) (IDS) does not guarantee full security of the business.
10
Phase III:
implementation: After structural choose the appropriate security (in design),
you will need to implement technical controls you've selected. Perhaps that controls the barrier on the web or intrusion detection system or e-mail server or domain name (DNS).
Buy as much as possible of those techniques is not the solution, and to a series of effort Servers domain name to reduce the risk, and allocate a servant of email within your network, and to take the web-based neutral DMZ)) servant to pass mail Relay Server) ) And out of your network
11
Phase IV
Control It is well known that we can not find a secure system by
100%, but we always seek to reduce risk to trade, whether legal or financial risk, professional or reputation. And security risks is the kind of professional to be reduced. Upon the expiration of the implementation of risk reduction plan - including network design and the design of security infrastructure, in addition to the employment of security techniques, it is appropriate for you, you should monitor all these facilities 24 hours a day 365 days a year
12
Second dimension
the security of information - building blocks
I- construction unit: regulations The regulations are the heart of any system of information security management (ISMS), it shows clearly what is permitted and not permitted, they found the roles and responsibilities and be clearly determined. The security regulations define accurately forecast its senior management and information security.
13
II-Unit construction Education
According to one professional breakthrough that "social interaction was the easiest way to penetrate the systems." We often do not look beyond the technical barriers and defenses - including network barriers - and forget the importance of those barriers that lie in our minds a "human barriers".
14
III - Building security
That the Department must ensure that investment in information security has borne fruit, and asked the advice of a neutral party to identify the degree of safety in infrastructure. This does not stop at that, but we must integrate security in the security program of the business, so that is an integral part of that program to assess the security mechanisms, and to verify that the infrastructure is in accordance with the regulations and requirements set
15
Third dimension
the security of information - valuable property
When it comes to information security, the important question is: What you want to protect?
Persons:-People are most valuable to you. Therefore, to maintain their safety is the first priorities in any business. Different roles of these persons: Some regulations, networks, operators, managers, and employees, and the owners of contracts and trading partners.
Data:- Should always ask yourself this simple question: What I want to AHMIA? The security of data includes everything, it includes documents sent by fax or picked up, and your email messages, and mobile data across your network, and business processes, and databases of customers, and so on.
16
Infrastructure for the Information Technology
Equipment: -
Must prevent unauthorized persons have access to central servers and storage devices, and even be barred from entering the facilities and buildings task.
Networks :-
Moving facilities to join the network environments connected to the shared source and built by employing basic recruitment optimal, but the risk exposure of internal and external is possible.
17
Infrastructure for the Information Technology
Operating Systems :-
The systems in urgent need of protection from internal and external threats, whether UNIX systems UNIX)) or Windows (Windows NT/2000/XP/2003). These systems also need to immunization and continued to check on a regular basis.
Applications:-
The application is one in which users can deal with your environment technology. These specialized applications in accounting, human resources, logistics, finance and communications are needed to be protected and kept confidential.
18
References:-References:-• http://www.publications.ksu.edu.sa/IT%20Papers/Information
%20Security/IT%20Sec.doc
• http://www.27001.net/2007/06/what-is-iso-27001.html
• http://www.27001.net/labels/iso%2027001.html
• http://www.bsi-global.com/en/Assessment-and-certification-services/management-systems/Standards-and-Schemes/ISO-IEC-27001
• http://www.praxiom.com/27001.htm
• http://www.isoqar.com/iso27001/27001intro.htm
• http://www.the-dma.org/guidelines/informationsecurity.shtml
• http://iso27001security.com/html/iso27000.html
• http://www.ccert.edu.cn/education/cissp/hism/ewtoc.html