Professional Documents
Culture Documents
johnmacasio@gmail.com www.securecyberph.wordpress.com
AGENDA
Networked Workplace
Information Security Essential Questions
Information Security Basic Methods and Tools
johnmacasio@gmail.com www.securecyberph.wordpress.com
Networked Workplace
Network is a decentralized matrix of nodes through which communication can
occur with a multidirectional freedom to flow text, document, images, sound and
video of information which is neither time-bound nor spatially-restricted to change.
Identity
Conversation Records
Contacts
Document
johnmacasio@gmail.com www.securecyberph.wordpress.com
Networked Workplace
Being connected to the networked workplace means
enabling the condition of safety and security in
information
Creation Storage
Safety
Security
Use Sharing
johnmacasio@gmail.com www.securecyberph.wordpress.com
Networked Workplace
The information managers and workers in the networked
workplace are obligated to make safe and secure the
person (organization), process, data, application and
infrastructure of information.
johnmacasio@gmail.com www.securecyberph.wordpress.com
Networked Workplace
On-line
organization,
are your
information
Data Privacy secured?
System Integrity
Cybercrime
Access Availability
https://www.youtube.com/watch?v=sdpxddDzXfE
www.securecyberph.wordpress.com
Networked Society
johnmacasio@gmail.com www.securecyberph.wordpress.com
Cyber Security
Risk Landscape
https://www.youtube.com/watch?v=fyh05k83js8
www.securecyberph.wordpress.com
Information Security Questions
www.securecyberph.wordpress.com
Information Security Question
6. What particular procedure that everybody must know to identify the security risk
of information being produced, kept, shared and re-used?
7. What particular policy that everybody must know to speak of principles and
guidance of assuring confidentiality, availability and integrity in the creation,
safekeeping and release of information?
8. Who is responsible in auditing the compliance of in-house and out-source
develop information systems to the defined information security requirements?
9. How is the integrity of information system validated and verified?
10. How is the confidential value of information defined and assured?
11. Who investigates when information is compromised?
12. What process insures the detection of breach in confidentiality of information?
13. When do you consider information is misrepresented?
www.securecyberph.wordpress.com
Enterprise Architecture
Information Security
Questions
Information Information
Security BUSINESS
FUNCTION
Security
Principles PROCESS Risks
ENTERPRISE
Information INFORMATION Information
SECURITY
Security Security
Methodology BUSINESS
BUSINESS
Governance
DATA &
APPLICATION TECHNOLOGY
INFRASTRUCTURE
NETWORKED INFORMATION
SUPPLIER & CUSTOMER
johnmacasio@gmail.com www.securecyberph.wordpress.com
Information Security Means
Confidentiality
Secrecy, Privacy and Authority
Availability
Accessible, Immediate and Uptime
Information Integrity
Security Accurate, Complete and Compliant
johnmacasio@gmail.com www.securecyberph.wordpress.com
BUSINESS CONTEXT OF
INFORMATION SECURITY
payment
COLLECTION
MANAGEMENT
MEMBERSHIP
MANAGEMENT
claims
identification certification
BENEFITS ACCREDITATION
MANAGEMENT MANAGEMENT
johnmacasio@gmail.com
johnmacasio@gmail.com www.securecyberph.wordpress.com
BUSINESS CONTEXT OF
INFORMATION SECURITY
PERSONNEL
MANAGEMENT
FINANCIAL
MANAGEMENT
ASSET LEGAL
MANAGEMENT MANAGEMENT
johnmacasio@gmail.com www.securecyberph.wordpress.com
BUSINESS CONTEXT OF
INFORMATION SECURITY
STRATEGY
MANAGEMENT
AUDIT
MANAGEMENT
RISK PROJECT
MANAGEMENT MANAGEMENT
johnmacasio@gmail.com www.securecyberph.wordpress.com
BUSINESS CONTEXT OF
INFORMATION SECURITY
NETWORK
MANAGEMENT
INFRASTRUCTURE
MANAGEMENT
APPLICATION DATA
MANAGEMENT MANAGEMENT
johnmacasio@gmail.com www.securecyberph.wordpress.com
Information Insecurity Means
Misrepresented Stolen
Information is
not secure
when
Breached Misused
something is
Unauthorized Incomplete
Compromised Denied
johnmacasio@gmail.com
johnmacasio@gmail.com www.securecyberph.wordpress.com
Information Security
Risk Landscape
Human
Error
Hacking &
Cybercrime
Governance Infrastructure
& System
& Control User Access Standards
Management Management Compliance Funds
People Acquisition
Awareness & Support
& Capability Data
Insider Sharing
& Usable & Reuse
Third Party Applicable
Threat Policies
johnmacasio@gmail.com www.securecyberph.wordpress.com
Is government at risk?
https://www.youtube.com/watch?v=yDSni9AjX8Q
Information Security
Risk Assessment
johnmacasio@gmail.com www.securecyberph.wordpress.com
Information Security
Compliance Checklist
https://www.youtube.com/watch?v=AxUzDfekIOE
johnmacasio@gmail.com www.securecyberph.wordpress.com
Information Security
Compliance Checklist
johnmacasio@gmail.com www.securecyberph.wordpress.com
BASIC METHODS & TOOLS
OF INFORMATION SECURITY
johnmacasio@gmail.com www.securecyberph.wordpress.com
What it means
to secure information
johnmacasio@gmail.com www.securecyberph.wordpress.com
What it means
to secure information
johnmacasio@gmail.com www.securecyberph.wordpress.com
What it means
to secure information
3. Develop, document and
implement policies, standards,
procedures, and guidelines that
ensure confidentiality, integrity,
and availability in the person,
process, data, application and
infrastructure of information.
johnmacasio@gmail.com www.securecyberph.wordpress.com
What it means
to secure information
4. Evaluate, acquire and use security
management tools to classify data
and risk, to audit information
system, to assess and analyze risks
in the solution development and
infrastructure, to monitor and
control areas of vulnerabilities.
and implement security controls
and appropriate reactive
responses to threats.
johnmacasio@gmail.com www.securecyberph.wordpress.com
Layered Approach to Security
Device Intrusion
Physical Security
Hardening Defense
Policies
johnmacasio@gmail.com www.securecyberph.wordpress.com
Mitigating Information
Security Risk
Policy Governance
Why Who
johnmacasio@gmail.com www.securecyberph.wordpress.com
Security Policy Requirement
Governance
Functional Governance
Governance
Organization Guidance and
No Need to Roles and
Implementation
Responsibilities
Reinvent the Wheel
Competency
1. Recognize security needs & question Knowledge, Skills and Competency
Attitudes Requirements
2. Find the fitted practitioner standards Competencies Training Program and
Reference and
3. Apply standards to real life condition Certification Assessment
4. Assess and improve the practice
Process Functions
Business Workflow, Process
Process Procedures and Rules Models and
Risk Audit and Control
Procedures Control
Guidance
Data
Acceptable Use Data and Application
Data Management Security Models and
Data
Risk Audit and Acceptable Use
Control Procedures
Infrastructure
Infrastructure Physical Configuration
Management
Sourcing &
Network Models
Infrastructure Procurement Service Sourcing
Risk Audit and Trusted Technology
Control
johnmacasio@gmail.com Acceptable Use
Information Security
Risk Assessment
Risk
Mitigation
Treatment
Prevention
Information
Asset
Inventory
(Information
Systems)
Identification Impact
Vulnerability 1. Organization Rating of
2. Process
Threat Source 3. Data Vulnerability
4. Application
5. Infrastructure
johnmacasio@gmail.com www.facebook.com/groups/manageictservices
Information Security Plan
johnmacasio@gmail.com
Basic Security Steps
Information
Risk Authorized
Systems
Assessment Access
Security
& Policies
Standards Device
Service Monitoring Integrity
Agreements & Audit
User
Network Data Training
Hardening Exchange
Security Protocol
Services
johnmacasio@gmail.com
Thank You!
www.securecyberph.wordpress.com