SlideShare a Scribd company logo

Challenges and Benefits of Information Security Management

Conferencias FIST
Conferencias FIST
Technology
1 of 36
Download to read offline
! Information Security ! " "# " " ! $ %" " & &'
" #$ # #% ## & % ' '" ( ) % % * * # +# & $ ) % * , %# - . # # # # !# % #/ . %# # # * / . # $ * # *# # # # # / . # !# # 0 . # # # # #
# 01 # $ An 27001 Certified Lead Auditor Audit Aspectos essenciais BS ISO/IEC 17799 e 27001 Implantação BS ISO/IEC 27001 Auditorias Internas à BS ISO/IEC 27001 Auditor Coordenador BS ISO/IEC 27001 (IRCA) Trainning Consultancy
# 01 # $ " #$ # #% ## & " 2 4 3 . ! . " !# & 1 5 6 " 5(7 (( . ! . " !# & 8 . ! . $% & & # ! # ' # (
# # &,' # &9 %# . " + : 1 # % 0
. # %# ! # !# & # !# " 2 4 3 9 ' &; #! # # $" 2 4 '9( 3 9( . " # #
Natural Disasters Acoustic (Flood, Lightning, Earthquake, ...) Information (Telephone conversations, in public, in meetings, ...) Technical failures Logical Physical 17799 * 27001 17799 * 27001 (Communication, Lack of energy, Information Information Equipment break-down, ...) (Faxs, contracts, BS ISO/IEC BS ISO/IEC (electronic records) reports, manuals, ...) Business Human Failure (Maintenance errors, User errors, Lack of staff, ...) Visual Intelectual Information (Vídeo, fotos, Information environment, ...) (Knowledge) Social Problens (Strikes, Terrorism Attack, politics, legislation...)
'' # 2 < #* A5 Security policy A6 Organization of Information Security A7 Asset management A8 HR A9 Physical and A10 Communications A12 Information security Environmental and operations Systems security management Acquisition, development A11 Access control and maintenance A13 Incident Management A14 Business continuity management A15 Compliance
## = ! "# $ % & $ + ', - ' ( $ . / % ) % % ) * * % " "*
> = # $ & # $ 2 4 ) 3 % 9- ? Communicate and Consult Assess Risks Identify Analyse Evaluate Control Establish the the the the Context Risks Risks Risks Risks Monitor and Review
> = #1 Risk Assessment Asset Identification and Valuation Identification of Vulnerabilities Identification of Evaluation of Impacts Threats Business Risk Rating/ranking of Risks Risk Management Review of Existing Security Controls Identification of new Security Controls Policy and Implementation and Procedures Risk Acceptance Risk Reduction (Residual Risk)
1;
$
@% # A & B$ # # % !% % % ! * # ! %# !% % C$ A ,
$ & %# % # .> # * 1 * # %0 12 3 4 5
$ & = # . ."% # . $ $ . %#
$ & = 8# % # . % # * # % . % % < # % %0 12 3 4 5
$ & % # % #!D > = . # $ % 0 % # # . # $ % % ** . = $ $ # # = #% ## 67
# * * 6 7* - * " * * # 68 # * * *9 : :;
$ & # > = # $ & % #= # * # % $ # # # %#
$ & #* $ ! $ & # # # $ $# 2 . A $ A B$ A E A & # # # .; # # # % 0 %# %
$ & % F" # # G . 2 " H IA & ; * F # # G . 2 ( '$ I & D $ # # % ! & = % % # % ##
9 ' # # <<<;= ; *
$ &) ## # *# +
" #J
" # & * # J . # # & # 3K D # & &>2
" # &"% # %# ! # . I . # $ F $ ! # %#IG ! . # $ F" % # %#!1 G !" # %$ & ' ' # ' <<<; # ; "
" # &2 D # % $" # # JJJ & # # # # # % $ L% #
" # & 1 * # & B # "% # & * # * % L # % ! & %# % $ 3 $ # . > # !JJJJ & D% # # % ! * #
" # & F, G # # $ $ $ # =# # & # $F #& ( #
@% # A & !% # % # # # # % ** # $ 8# # A
You are free: Creative Commons Attribution- •to copy, distribute, display, and perform this work NoDerivs 2.0 •to make commercial use of this work Under the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
E K M N 2 ->?- @ > ; ' ?@ > ; '

Recommended

Social In(ex)clusion, Dis/ability and Technology
Social In(ex)clusion, Dis/ability and TechnologySocial In(ex)clusion, Dis/ability and Technology
Social In(ex)clusion, Dis/ability and TechnologyAlan Foley
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Top 5 IT challenges for 2017
Top 5 IT challenges for 2017Top 5 IT challenges for 2017
Top 5 IT challenges for 2017ManageEngine, Zoho Corporation
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 

Recommended

Social In(ex)clusion, Dis/ability and Technology
Social In(ex)clusion, Dis/ability and TechnologySocial In(ex)clusion, Dis/ability and Technology
Social In(ex)clusion, Dis/ability and TechnologyAlan Foley
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Top 5 IT challenges for 2017
Top 5 IT challenges for 2017Top 5 IT challenges for 2017
Top 5 IT challenges for 2017ManageEngine, Zoho Corporation
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
ENVEVE
ENVEVEENVEVE
ENVEVEMobileMonday Switzerland
 
JaanSi Solutions & Services profile (v1.0)
JaanSi Solutions & Services profile (v1.0)JaanSi Solutions & Services profile (v1.0)
JaanSi Solutions & Services profile (v1.0)Siddhartha Shankar
 
201106 WICSA
201106 WICSA201106 WICSA
201106 WICSAJavier Gonzalez-Sanchez
 
Open Cities and Open Data
Open Cities and Open DataOpen Cities and Open Data
Open Cities and Open Dataokfn
 
Apple SMS Presentation
Apple SMS PresentationApple SMS Presentation
Apple SMS PresentationAtul Deshpande
 
Incubators 2005 Israel Chief Scientist
Incubators 2005 Israel Chief ScientistIncubators 2005 Israel Chief Scientist
Incubators 2005 Israel Chief ScientistDmitry Tseitlin
 
Overview Heylife
Overview HeylifeOverview Heylife
Overview Heyliferuimssousa
 
The Project Trap
The Project TrapThe Project Trap
The Project TrapMichael Griffin
 
Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...
Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...
Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...MeasureWorks
 
Mobile Convention Amsterdam, Measure works - Jeroen Tjepkema
Mobile Convention Amsterdam, Measure works - Jeroen TjepkemaMobile Convention Amsterdam, Measure works - Jeroen Tjepkema
Mobile Convention Amsterdam, Measure works - Jeroen TjepkemaMobileConventionAmsterdam
 
Risk management: Social media usage in enterprises
Risk management: Social media usage in enterprisesRisk management: Social media usage in enterprises
Risk management: Social media usage in enterprisesdaenu
 
Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011the nciia
 
Global CEO Study 2010
Global CEO Study 2010Global CEO Study 2010
Global CEO Study 2010nicholewright
 
New Age Marketer by Anees Merchant
New Age Marketer by Anees MerchantNew Age Marketer by Anees Merchant
New Age Marketer by Anees MerchantAnees Merchant
 
Bricks and Mobile - State of Retail Mobile
Bricks and Mobile - State of Retail MobileBricks and Mobile - State of Retail Mobile
Bricks and Mobile - State of Retail MobileRemodista
 
How To Trust The Cloud
How To Trust The CloudHow To Trust The Cloud
How To Trust The CloudNeustar, Inc.
 
SANS Log Management 2
SANS Log Management 2SANS Log Management 2
SANS Log Management 2laurenfortune
 
How to Trust the Cloud
How to Trust the CloudHow to Trust the Cloud
How to Trust the CloudLenny Rachitsky
 
Preview of “présentation de Mme Barincou” au CCT du 15 février 2013
Preview of “présentation de Mme Barincou” au CCT du 15 février 2013Preview of “présentation de Mme Barincou” au CCT du 15 février 2013
Preview of “présentation de Mme Barincou” au CCT du 15 février 2013Felipe Molina Civit
 
DO THINK
DO THINKDO THINK
DO THINKArne van Oosterom
 
Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open SolarisConferencias FIST
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 

More Related Content

Similar to Challenges and Benefits of Information Security Management

JaanSi Solutions & Services profile (v1.0)
JaanSi Solutions & Services profile (v1.0)JaanSi Solutions & Services profile (v1.0)
JaanSi Solutions & Services profile (v1.0)Siddhartha Shankar
 
Open Cities and Open Data
Open Cities and Open DataOpen Cities and Open Data
Open Cities and Open Dataokfn
 
Apple SMS Presentation
Apple SMS PresentationApple SMS Presentation
Apple SMS PresentationAtul Deshpande
 
Incubators 2005 Israel Chief Scientist
Incubators 2005 Israel Chief ScientistIncubators 2005 Israel Chief Scientist
Incubators 2005 Israel Chief ScientistDmitry Tseitlin
 
Overview Heylife
Overview HeylifeOverview Heylife
Overview Heyliferuimssousa
 
Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...
Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...
Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...MeasureWorks
 
Mobile Convention Amsterdam, Measure works - Jeroen Tjepkema
Mobile Convention Amsterdam, Measure works - Jeroen TjepkemaMobile Convention Amsterdam, Measure works - Jeroen Tjepkema
Mobile Convention Amsterdam, Measure works - Jeroen TjepkemaMobileConventionAmsterdam
 
Risk management: Social media usage in enterprises
Risk management: Social media usage in enterprisesRisk management: Social media usage in enterprises
Risk management: Social media usage in enterprisesdaenu
 
Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011the nciia
 
Global CEO Study 2010
Global CEO Study 2010Global CEO Study 2010
Global CEO Study 2010nicholewright
 
New Age Marketer by Anees Merchant
New Age Marketer by Anees MerchantNew Age Marketer by Anees Merchant
New Age Marketer by Anees MerchantAnees Merchant
 
Bricks and Mobile - State of Retail Mobile
Bricks and Mobile - State of Retail MobileBricks and Mobile - State of Retail Mobile
Bricks and Mobile - State of Retail MobileRemodista
 
How To Trust The Cloud
How To Trust The CloudHow To Trust The Cloud
How To Trust The CloudNeustar, Inc.
 
SANS Log Management 2
SANS Log Management 2SANS Log Management 2
SANS Log Management 2laurenfortune
 
Preview of “présentation de Mme Barincou” au CCT du 15 février 2013
Preview of “présentation de Mme Barincou” au CCT du 15 février 2013Preview of “présentation de Mme Barincou” au CCT du 15 février 2013
Preview of “présentation de Mme Barincou” au CCT du 15 février 2013Felipe Molina Civit
 

Similar to Challenges and Benefits of Information Security Management (20)

ENVEVE
ENVEVEENVEVE
ENVEVE
 
JaanSi Solutions & Services profile (v1.0)
JaanSi Solutions & Services profile (v1.0)JaanSi Solutions & Services profile (v1.0)
JaanSi Solutions & Services profile (v1.0)
 
201106 WICSA
201106 WICSA201106 WICSA
201106 WICSA
 
Open Cities and Open Data
Open Cities and Open DataOpen Cities and Open Data
Open Cities and Open Data
 
Apple SMS Presentation
Apple SMS PresentationApple SMS Presentation
Apple SMS Presentation
 
Incubators 2005 Israel Chief Scientist
Incubators 2005 Israel Chief ScientistIncubators 2005 Israel Chief Scientist
Incubators 2005 Israel Chief Scientist
 
Overview Heylife
Overview HeylifeOverview Heylife
Overview Heylife
 
The Project Trap
The Project TrapThe Project Trap
The Project Trap
 
Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...
Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...
Measure works - Mobile Convention Amsterdam - Guidelines for a succesful mobi...
 
Mobile Convention Amsterdam, Measure works - Jeroen Tjepkema
Mobile Convention Amsterdam, Measure works - Jeroen TjepkemaMobile Convention Amsterdam, Measure works - Jeroen Tjepkema
Mobile Convention Amsterdam, Measure works - Jeroen Tjepkema
 
Risk management: Social media usage in enterprises
Risk management: Social media usage in enterprisesRisk management: Social media usage in enterprises
Risk management: Social media usage in enterprises
 
Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011
 
Global CEO Study 2010
Global CEO Study 2010Global CEO Study 2010
Global CEO Study 2010
 
New Age Marketer by Anees Merchant
New Age Marketer by Anees MerchantNew Age Marketer by Anees Merchant
New Age Marketer by Anees Merchant
 
Bricks and Mobile - State of Retail Mobile
Bricks and Mobile - State of Retail MobileBricks and Mobile - State of Retail Mobile
Bricks and Mobile - State of Retail Mobile
 
How To Trust The Cloud
How To Trust The CloudHow To Trust The Cloud
How To Trust The Cloud
 
SANS Log Management 2
SANS Log Management 2SANS Log Management 2
SANS Log Management 2
 
How to Trust the Cloud
How to Trust the CloudHow to Trust the Cloud
How to Trust the Cloud
 
Preview of “présentation de Mme Barincou” au CCT du 15 février 2013
Preview of “présentation de Mme Barincou” au CCT du 15 février 2013Preview of “présentation de Mme Barincou” au CCT du 15 février 2013
Preview of “présentation de Mme Barincou” au CCT du 15 février 2013
 
DO THINK
DO THINKDO THINK
DO THINK
 

More from Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

More from Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 

Recently uploaded

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Recently uploaded (20)

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 

Challenges and Benefits of Information Security Management

  • 1.
  • 2.
  • 3. ! Information Security ! " "# " " ! $ %" " & &'
  • 4. " #$ # #% ## & % ' '" ( ) % % * * # +# & $ ) % * , %# - . # # # # !# % #/ . %# # # * / . # $ * # *# # # # # / . # !# # 0 . # # # # #
  • 5. # 01 # $ An 27001 Certified Lead Auditor Audit Aspectos essenciais BS ISO/IEC 17799 e 27001 Implantação BS ISO/IEC 27001 Auditorias Internas à BS ISO/IEC 27001 Auditor Coordenador BS ISO/IEC 27001 (IRCA) Trainning Consultancy
  • 6. # 01 # $ " #$ # #% ## & " 2 4 3 . ! . " !# & 1 5 6 " 5(7 (( . ! . " !# & 8 . ! . $% & & # ! # ' # (
  • 7. # # &,' # &9 %# . " + : 1 # % 0
  • 8.
  • 9. . # %# ! # !# & # !# " 2 4 3 9 ' &; #! # # $" 2 4 '9( 3 9( . " # #
  • 10. Natural Disasters Acoustic (Flood, Lightning, Earthquake, ...) Information (Telephone conversations, in public, in meetings, ...) Technical failures Logical Physical 17799 * 27001 17799 * 27001 (Communication, Lack of energy, Information Information Equipment break-down, ...) (Faxs, contracts, BS ISO/IEC BS ISO/IEC (electronic records) reports, manuals, ...) Business Human Failure (Maintenance errors, User errors, Lack of staff, ...) Visual Intelectual Information (Vídeo, fotos, Information environment, ...) (Knowledge) Social Problens (Strikes, Terrorism Attack, politics, legislation...)
  • 11. '' # 2 < #* A5 Security policy A6 Organization of Information Security A7 Asset management A8 HR A9 Physical and A10 Communications A12 Information security Environmental and operations Systems security management Acquisition, development A11 Access control and maintenance A13 Incident Management A14 Business continuity management A15 Compliance
  • 12. ## = ! "# $ % & $ + ', - ' ( $ . / % ) % % ) * * % " "*
  • 13. > = # $ & # $ 2 4 ) 3 % 9- ? Communicate and Consult Assess Risks Identify Analyse Evaluate Control Establish the the the the Context Risks Risks Risks Risks Monitor and Review
  • 14. > = #1 Risk Assessment Asset Identification and Valuation Identification of Vulnerabilities Identification of Evaluation of Impacts Threats Business Risk Rating/ranking of Risks Risk Management Review of Existing Security Controls Identification of new Security Controls Policy and Implementation and Procedures Risk Acceptance Risk Reduction (Residual Risk)
  • 15. 1;
  • 16. $
  • 17. @% # A & B$ # # % !% % % ! * # ! %# !% % C$ A ,
  • 18. $ & %# % # .> # * 1 * # %0 12 3 4 5
  • 19. $ & = # . ."% # . $ $ . %#
  • 20. $ & = 8# % # . % # * # % . % % < # % %0 12 3 4 5
  • 21. $ & % # % #!D > = . # $ % 0 % # # . # $ % % ** . = $ $ # # = #% ## 67
  • 22. # * * 6 7* - * " * * # 68 # * * *9 : :;
  • 23. $ & # > = # $ & % #= # * # % $ # # # %#
  • 24. $ & #* $ ! $ & # # # $ $# 2 . A $ A B$ A E A & # # # .; # # # % 0 %# %
  • 25. $ & % F" # # G . 2 " H IA & ; * F # # G . 2 ( '$ I & D $ # # % ! & = % % # % ##
  • 26. 9 ' # # <<<;= ; *
  • 27. $ &) ## # *# +
  • 28. " #J
  • 29. " # & * # J . # # & # 3K D # & &>2
  • 30. " # &"% # %# ! # . I . # $ F $ ! # %#IG ! . # $ F" % # %#!1 G !" # %$ & ' ' # ' <<<; # ; "
  • 31. " # &2 D # % $" # # JJJ & # # # # # % $ L% #
  • 32. " # & 1 * # & B # "% # & * # * % L # % ! & %# % $ 3 $ # . > # !JJJJ & D% # # % ! * #
  • 33. " # & F, G # # $ $ $ # =# # & # $F #& ( #
  • 34. @% # A & !% # % # # # # % ** # $ 8# # A
  • 35. You are free: Creative Commons Attribution- •to copy, distribute, display, and perform this work NoDerivs 2.0 •to make commercial use of this work Under the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
  • 36. E K M N 2 ->?- @ > ; ' ?@ > ; '