Information security

+

information security

Fundamentals

+Secure what?

Physical Assets

Network/Communications

Data/Information

Users

Ultimately, the goal is to protect information. However, to accomplish that goal physical assets must be secured and protected, and users must be educated, trained and responsible.

+Evaluate

What is being protected? hardware, software, confidential and proprietary information

Why? your business image, business information, legal

Value? Can you afford to lose “it”? Can you afford the legal costs?

+Layers of Protection

Physical Location Building Office Home Car Briefcase Data Center

Devices Flash Drive Laptop Workstation Smartphone Tablet

Data Image Files Text Spreadsheet Database

+Hardware Physical Security

Fire protection

Climate control

Physical security

+UPS – Keeping Things Running

Uninterruptible Power Supply Battery Generator

Not just computers Phones and TV A/C (select areas) Lighting (select areas)

+Network Infrastructure

Wireless access

User accounts

Firewalls Physical Software

Network monitoring software

Physical protection

+Data Protection

Backups Global User

Anti- Malware Virus Adware Worms Trojans

+Data Protection

Email Encrypted Digital Signatures Security Threats

Phishing Mails

Storage devices

User authentication Do not share passwords or accounts POS and PMS systems

Timekeeping Money PCI DSS(Payment Card Industry Data Security Standards)

Compliance

+Making it Work

Education/Training/Accountability Polices Procedures Documentation

Management Accountability Checks and balances

+The end

Conclusion

Questions?