Soil Settlement By Kamal Tawfiq, Ph.D., P.E., F.ASCE Fall 2010.
Information Protection Planning Tawfiq Al-Rushaid
-
Upload
aamir97 -
Category
Technology
-
view
537 -
download
1
Transcript of Information Protection Planning Tawfiq Al-Rushaid
![Page 1: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/1.jpg)
Information Protection Planning
Tawfiq Al-Rushaid
February 2004
![Page 2: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/2.jpg)
Agenda
• Objectives
• Business Drivers & Challenges
• Enterprise Information Protection Approach
• Enterprise Information Protection Architecture
• The Architecture Process Model
• Gap Analysis Process
• Q & A
![Page 3: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/3.jpg)
Objectives
• Emphasize the need for centralizing information protection planning.
• Present the information protection planning approach.
• Share the implementation experience.
![Page 4: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/4.jpg)
Business Drivers & Challenges
• Information protection is unfinished business.– What is next
• Business-driven risks management – Stay in line with business strategy
• Develop the relationship between:– People– Businesses – Processes – Technologies
• Manage costs of information protection program.– Common risk elements– Common solutions– Increase efficiency– Standardization
![Page 5: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/5.jpg)
Enterprise Information Protection Planning Approach
• Process ownership.
• Integrate planning.
• Establish accountability.
• Decentralize implementation.
• Link business imperatives to information protection solutions.
• Optimize existing security infrastructure.
• Adhere to the enterprise information protection architecture.
![Page 6: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/6.jpg)
IT Architecture
Information Protection Architecture
Network Architecture
Computing Architecture
Data\Storage Architecture
Applications Architecture
IT Services Architecture
![Page 7: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/7.jpg)
Purpose of Information Protection Architecture
• Establish an enterprise roadmap of technologies.
• Ensure that used technologies are achieving the enterprise IT missions.
• Facilitate the development/deployment of new systems, and the insertion of emerging technologies.
![Page 8: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/8.jpg)
Enterprise Information Protection Architecture
Technologies, and Processes
Identification &Authentication
Authorization& Access Control
Administration Audit
Information Protection Services
![Page 9: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/9.jpg)
DataTechnologies, Policies,Processes, Standards,
Organizations,Staff, and Skill sets
Environmental Trends
Business visiontrends &
requirements
Current information protection
Architecture
Target information protection
Architecture
Threats factors & business impact
GapAnalysis
Assessment Process
IdentificationProcess
Resolution Process
Implementation Plan
The Architecture Process Model
![Page 10: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/10.jpg)
Gap Analysis Process
• Assessment Process
– Map your IT infrastructure to the Information protection processes.
– Map your business requirements to the Information protection services
– Map your security threats to the Information protection standards, tools & technologies
![Page 11: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/11.jpg)
• Identification Process– Identify missing links
– Identify deviation
• Resolution Process– Directions
– Solutions
Gap Analysis – Continue
![Page 12: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/12.jpg)
Enterprise Information Protection Architecture
Technologies, and Processes
Identification &Authentication
Authorization& Access Control
Administration Audit
Information Protection Services
IT Infrastructure Business Requirements
Threats
![Page 13: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/13.jpg)
Technologies, Processes
Gap Analysis – Continue
Secure Tokens
Directorates
Digital Certificates
User ID
Password Management
Identification &Authentication
![Page 14: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/14.jpg)
Technologies, Processes
Anti SPAM
VPN
Policy Server
Firewalls
Content filtering
Anti Virus
Encryption
Gap Analysis – Continue
Authorization& Access Control
![Page 15: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/15.jpg)
Technologies, Processes & Standards
Vulnerability Management
Policies Management
Risk Management
Awareness Programs
Incidents Management
Identity Management
Gap Analysis – Continue
Administration
![Page 16: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/16.jpg)
Technologies, Processes & Standards
Vulnerability Assessment
Compliance Monitoring
Intrusion Management
Event Management
Gap Analysis – Continue
Audit
![Page 17: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/17.jpg)
Architecture Process Model – Continue
• Develop implementation plan
• Develop migration plan
![Page 18: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/18.jpg)
Conclusion
• There is high risk with decentralized information protection planning.
• The higher the risk, the more important it is to take an enterprise approach
![Page 19: Information Protection Planning Tawfiq Al-Rushaid](https://reader035.fdocuments.us/reader035/viewer/2022062705/5565ca68d8b42a5b488b51b3/html5/thumbnails/19.jpg)
Q & A