logging in or signing up CyberSecurityTechFor umNYC9 30 03 Goldye Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 17 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: September 27, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Slide1: SECURITY PROCESS FLOWCHART An Overview Steven E. Miller Exec. Dir. Mass Networks Education Partnership www.massnetworks.orgSlide2: WHAT IS SECURITY? NEGATIVE: “Nothing bad happens” Security is the prevention of any actions or events involving an organization’s information systems, that occur intentionally, accidentally, or incidentally, originating either outside or inside an organization, that directly or indirectly undermines the organization’s ability to accomplish its mission because of an anticipated or unanticipated impact on its assets – its data, systems, property, people, operations, or reputation among stakeholders. Slide3: WHAT IS SECURITY? POSITIVE: “Everything goes well” Security is the presence of well designed and run information systems that contribute to the successful achievement of the organization’s mission by inspiring trust and allowing effective use by appropriate stakeholders, who also understand their own role in maintaining system integrity, so that the inevitable mishaps impacting the organization’s assets are promptly, effectively, and ethically dealt with.Slide4: WHAT IS SECURITY? BOTTOM LINE: Good S.O.P. Security is a social as well as a technical process, the result of community of trust created by having appropriate systems properly set up to support stakeholders’ evolving needs and good operating procedures appropriately implemented in a context of respectful interaction with and valued service to all appropriate stakeholders.Slide5: 4 ELEMENTS OF SECURITY Establish Organizational Context Role & expectations of info systems Risk Analysis What you have to protect; how assets might be negatively impacted; who might do it Risk Reduction Honest goals and relevant priorities Crisis Management Preparation & practiceSlide6: 4 ELEMENTS OF SECURITY 1. ESTABLISH ORGANIZATIONAL CONTEXT Confirm Organizational Mission Review Role of IT & other Information System Determine industry-based performance standards Set internal performance benchmarks Evaluate performance PRODUCT: Security Decision Guide Time Frame: every 3-5 yrs; after big changesSlide7: 4 ELEMENTS OF SECURITY 2. CONDUCT RISK ANALYSIS Asset Inventory: data, systems, physical plant, people Assess value of assets to organization Assess possible threats: people, systems, nature, organizational Prioritize vulnerabilities: low to high PRODUCT: Risk Assessment Report Time Frame: every 3-5 yrs; after big changesSlide8: 4 ELEMENTS OF SECURITY 3. DESIGN & BEGIN RISK REDUCTION Technical Stress Tests Prioritize Problems: value, urgency, cost, time, likelihood of success Decide on preferred remediations; prioritize Plan, assign, monitor, & evaluate tasks PRODUCT: Action Plan Time Frame: every 6-12 months or oftenerSlide9: 4 ELEMENTS OF SECURITY 4. CRISIS MANAGEMENT Assess remaining risks for potential crises Create Protocols: identify problems, limit damage, pro-active communication with all stakeholders & media Develop Plans for Operational Continuity & System Recovery: training, system redundancies, data backups Implement Plan & Practice: practice, practice, practice. PRODUCT: Crisis Management Plan Time Frame: every 1-3 yrs; practice every quarterSlide10: ASSET-BASED APPROACH Why An Asset-Based Approach? Every situation is different; actions must be based on and prioritized to respond to local realities. Starting from an analysis of assets widens the scope of inquiry to include a better spectrum of potential vulnerabilities. Protocol must embody insight that not all problems are contained within the IT system or have technical solutions -- most problems come from within! You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
CyberSecurityTechFor umNYC9 30 03 Goldye Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 17 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: September 27, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Slide1: SECURITY PROCESS FLOWCHART An Overview Steven E. Miller Exec. Dir. Mass Networks Education Partnership www.massnetworks.orgSlide2: WHAT IS SECURITY? NEGATIVE: “Nothing bad happens” Security is the prevention of any actions or events involving an organization’s information systems, that occur intentionally, accidentally, or incidentally, originating either outside or inside an organization, that directly or indirectly undermines the organization’s ability to accomplish its mission because of an anticipated or unanticipated impact on its assets – its data, systems, property, people, operations, or reputation among stakeholders. Slide3: WHAT IS SECURITY? POSITIVE: “Everything goes well” Security is the presence of well designed and run information systems that contribute to the successful achievement of the organization’s mission by inspiring trust and allowing effective use by appropriate stakeholders, who also understand their own role in maintaining system integrity, so that the inevitable mishaps impacting the organization’s assets are promptly, effectively, and ethically dealt with.Slide4: WHAT IS SECURITY? BOTTOM LINE: Good S.O.P. Security is a social as well as a technical process, the result of community of trust created by having appropriate systems properly set up to support stakeholders’ evolving needs and good operating procedures appropriately implemented in a context of respectful interaction with and valued service to all appropriate stakeholders.Slide5: 4 ELEMENTS OF SECURITY Establish Organizational Context Role & expectations of info systems Risk Analysis What you have to protect; how assets might be negatively impacted; who might do it Risk Reduction Honest goals and relevant priorities Crisis Management Preparation & practiceSlide6: 4 ELEMENTS OF SECURITY 1. ESTABLISH ORGANIZATIONAL CONTEXT Confirm Organizational Mission Review Role of IT & other Information System Determine industry-based performance standards Set internal performance benchmarks Evaluate performance PRODUCT: Security Decision Guide Time Frame: every 3-5 yrs; after big changesSlide7: 4 ELEMENTS OF SECURITY 2. CONDUCT RISK ANALYSIS Asset Inventory: data, systems, physical plant, people Assess value of assets to organization Assess possible threats: people, systems, nature, organizational Prioritize vulnerabilities: low to high PRODUCT: Risk Assessment Report Time Frame: every 3-5 yrs; after big changesSlide8: 4 ELEMENTS OF SECURITY 3. DESIGN & BEGIN RISK REDUCTION Technical Stress Tests Prioritize Problems: value, urgency, cost, time, likelihood of success Decide on preferred remediations; prioritize Plan, assign, monitor, & evaluate tasks PRODUCT: Action Plan Time Frame: every 6-12 months or oftenerSlide9: 4 ELEMENTS OF SECURITY 4. CRISIS MANAGEMENT Assess remaining risks for potential crises Create Protocols: identify problems, limit damage, pro-active communication with all stakeholders & media Develop Plans for Operational Continuity & System Recovery: training, system redundancies, data backups Implement Plan & Practice: practice, practice, practice. PRODUCT: Crisis Management Plan Time Frame: every 1-3 yrs; practice every quarterSlide10: ASSET-BASED APPROACH Why An Asset-Based Approach? Every situation is different; actions must be based on and prioritized to respond to local realities. Starting from an analysis of assets widens the scope of inquiry to include a better spectrum of potential vulnerabilities. Protocol must embody insight that not all problems are contained within the IT system or have technical solutions -- most problems come from within!