Information Security Awareness at The Workplace

Information Security Essentials
Confidentiality, Integrity and Availability

of Information in Networked Workplace
johnmacasio@gmail.com www.securecyberph.wordpress.com
AGENDA
Networked Workplace
Information Security Essential Questions
Information Security Basic Methods and Tools
Networked Workplace
Network is a decentralized matrix of nodes through which communication can
occur with a multidirectional freedom to flow text, document, images, sound and
video of information which is neither time-bound nor spatially-restricted to change.
Knowledge Relationship Participation Development

Networked Workplace
Networked workplace is context of performance whose

functional structure is made of networks of people and
connected information enabled by information and
communication technology infrastructure and services.
Networked Workplace
In the networked workplace, information comes as a critical asset
being created, utilized, stored and shared. Availability, immediacy
and quality of information dictates the condition of what is created,
what is consumed, what is believed, what is recorded, what is
known, what is decided, what is acted, and what is reused.
Identity
Conversation Records
Contacts
Document
Networked Workplace
Being connected to the networked workplace means
enabling the condition of safety and security in
information
Creation Storage
Safety
Security
Use Sharing
Networked Workplace
The information managers and workers in the networked
workplace are obligated to make safe and secure the
person (organization), process, data, application and
infrastructure of information.
Networked Workplace
On-line
organization,
are your
information
Data Privacy secured?
System Integrity
Cybercrime
Access Availability
https://www.youtube.com/watch?v=sdpxddDzXfE
www.securecyberph.wordpress.com
Networked Society
Secure Partially I do not

Secure Know On-line
Data Privacy organization,
are your
Access information
Availability secured?
User
Control
System
Integrity
Cybercrime
Access Reliability System Integrity
Networked Workplace
Fully Partially I do not

Known Known Know On-line
1. Standards organization,
& Policies are your
2. Physical Facility information
3. Access & secured?
Identification
4. Data Processing
5. Records
Handling
6. Computer Network
Access Reliability System Integrity
Information Security
ESSENTIAL QUESTIONS
Cyber Security
Risk Landscape
https://www.youtube.com/watch?v=fyh05k83js8
Information Security Questions
1. Who leads, directs and controls information security?

2. What are the available and status of competencies on information security management?
3. What are the information assets?
What are their rated confidential value, integrity metrics and availability parameters?
What are their security risks, vulnerabilities and threats (People, Process, Data,
Application, Infrastructure)?
4. What is information security policy making guidelines for the process, standards, content,
format, participation, communication, implementation, monitoring and control of the
covered domains of information security?
5. What is the information security plan, the agreed and subscribed methodology,
standards, technology and toolkit for both proactive and reactive response to safety and
security risks of information?
Information Security Question
6. What particular procedure that everybody must know to identify the security risk
of information being produced, kept, shared and re-used?
7. What particular policy that everybody must know to speak of principles and
guidance of assuring confidentiality, availability and integrity in the creation,
safekeeping and release of information?
8. Who is responsible in auditing the compliance of in-house and out-source
develop information systems to the defined information security requirements?
9. How is the integrity of information system validated and verified?
10. How is the confidential value of information defined and assured?
11. Who investigates when information is compromised?
12. What process insures the detection of breach in confidentiality of information?
13. When do you consider information is misrepresented?
Enterprise Architecture
Questions
Information Information
Security BUSINESS
FUNCTION
Security
Principles PROCESS Risks
ENTERPRISE
Information INFORMATION Information
SECURITY
Security Security
Methodology BUSINESS
BUSINESS
Governance
DATA &
APPLICATION TECHNOLOGY
INFRASTRUCTURE
NETWORKED INFORMATION
SUPPLIER & CUSTOMER
Information Security Means
Confidentiality
Secrecy, Privacy and Authority
Availability
Accessible, Immediate and Uptime
Information Integrity
Security Accurate, Complete and Compliant
BUSINESS CONTEXT OF
INFORMATION SECURITY
payment
COLLECTION
MANAGEMENT
MEMBERSHIP
MANAGEMENT
claims
identification certification
BENEFITS ACCREDITATION
MANAGEMENT MANAGEMENT
johnmacasio@gmail.com
BUSINESS CONTEXT OF
PERSONNEL
MANAGEMENT
FINANCIAL
MANAGEMENT
ASSET LEGAL
BUSINESS CONTEXT OF
STRATEGY
MANAGEMENT
AUDIT
MANAGEMENT
RISK PROJECT
BUSINESS CONTEXT OF
NETWORK
MANAGEMENT
INFRASTRUCTURE
MANAGEMENT
APPLICATION DATA
Information Insecurity Means
Misrepresented Stolen
Information is
not secure
when
Breached Misused
something is
Unauthorized Incomplete
Compromised Denied
Risk Landscape
Human
Error
Hacking &
Cybercrime
Governance Infrastructure
& System
& Control User Access Standards
Management Management Compliance Funds
People Acquisition
Awareness & Support
& Capability Data
Insider Sharing
& Usable & Reuse
Third Party Applicable
Threat Policies
Is government at risk?
https://www.youtube.com/watch?v=yDSni9AjX8Q
Risk Assessment
Compliance Checklist
https://www.youtube.com/watch?v=AxUzDfekIOE
Compliance Checklist
BASIC METHODS & TOOLS
OF INFORMATION SECURITY
What it means
to secure information
1. Establish the governance and

management organization of
information security that comply
to best practice standards.
What it means
2. Identify the information assets,

and perform the assessment of
vulnerabilities and threats that
surround the creation, storage,
use and sharing of information.
What it means
3. Develop, document and
implement policies, standards,
procedures, and guidelines that
ensure confidentiality, integrity,
and availability in the person,
process, data, application and
infrastructure of information.
What it means
4. Evaluate, acquire and use security
management tools to classify data
and risk, to audit information
system, to assess and analyze risks
in the solution development and
infrastructure, to monitor and
control areas of vulnerabilities.
and implement security controls
and appropriate reactive
responses to threats.
Layered Approach to Security
Access Anti Virus and

Control Malware
Segmentation Awareness and Training
Device Intrusion
Physical Security
Hardening Defense
Policies
Mitigating Information
Security Risk
Policy Governance
Why Who
Assessment Information Technology

Security
What How
Risk
Mitigation
Security Policy Requirement
Governance
Functional Governance
Governance
Organization Guidance and
No Need to Roles and
Implementation
Responsibilities
Reinvent the Wheel
Competency
1. Recognize security needs & question Knowledge, Skills and Competency
Attitudes Requirements
2. Find the fitted practitioner standards Competencies Training Program and
Reference and
3. Apply standards to real life condition Certification Assessment
4. Assess and improve the practice
Process Functions
Business Workflow, Process
Process Procedures and Rules Models and
Risk Audit and Control
Procedures Control
Guidance
Data
Acceptable Use Data and Application
Data Management Security Models and
Data
Risk Audit and Acceptable Use
Control Procedures
Infrastructure
Infrastructure Physical Configuration
Management
Sourcing &
Network Models
Infrastructure Procurement Service Sourcing
Risk Audit and Trusted Technology
Control
johnmacasio@gmail.com Acceptable Use
Risk Assessment
Risk
Mitigation
Treatment
Prevention
Information
Asset
Inventory
(Information
Systems)
Identification Impact
Vulnerability 1. Organization Rating of
2. Process
Threat Source 3. Data Vulnerability
4. Application
5. Infrastructure
johnmacasio@gmail.com www.facebook.com/groups/manageictservices
Information Security Plan
Basic Security Steps
Information
Risk Authorized
Systems
Assessment Access
Security
& Policies
Standards Device
Service Monitoring Integrity
Agreements & Audit
User
Network Data Training
Hardening Exchange
Security Protocol
Services
Thank You!

Information Security Awareness at The Workplace

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Information Security Awareness at The Workplace

Uploaded by

Copyright:

Available Formats

Information Security Essentials

Confidentiality, Integrity and Availability

Knowledge Relationship Participation Development

Networked workplace is context of performance whose

Secure Partially I do not

Fully Partially I do not

1. Who leads, directs and controls information security?

1. Establish the governance and

2. Identify the information assets,

Access Anti Virus and

Assessment Information Technology

You might also like