+
information security
Fundamentals
+Secure what?
Physical Assets
Network/Communications
Data/Information
Users
Ultimately, the goal is to protect information. However, to accomplish that goal physical assets must be secured and protected, and users must be educated, trained and responsible.
+Evaluate
What is being protected? hardware, software, confidential and proprietary information
Why? your business image, business information, legal
Value? Can you afford to lose “it”? Can you afford the legal costs?
+Layers of Protection
Physical Location Building Office Home Car Briefcase Data Center
Devices Flash Drive Laptop Workstation Smartphone Tablet
Data Image Files Text Spreadsheet Database
+Hardware Physical Security
Fire protection
Climate control
Physical security
+UPS – Keeping Things Running
Uninterruptible Power Supply Battery Generator
Not just computers Phones and TV A/C (select areas) Lighting (select areas)
+Network Infrastructure
Wireless access
User accounts
Firewalls Physical Software
Network monitoring software
Physical protection
+Data Protection
Backups Global User
Anti- Malware Virus Adware Worms Trojans
+Data Protection
Email Encrypted Digital Signatures Security Threats
Phishing Mails
Storage devices
User authentication Do not share passwords or accounts POS and PMS systems
Timekeeping Money PCI DSS(Payment Card Industry Data Security Standards)
Compliance
+Making it Work
Education/Training/Accountability Polices Procedures Documentation
Management Accountability Checks and balances
+The end
Conclusion
Questions?