To be successful in information security management. The initiatives need to be implemented from TOP managemen down to executives.
Ideally, a data security partner (DSP) need to be elected from every department so that the data security partners can be trained on all aspects of information security policies , procedures and standards.
The DSPs will then implement all policies, procedures and standards according to their business environment
Tuesday, March 20, 2007
Data Security - Traceability
Traceability simply means able to track logs & events so as to detect who , why & how an attacker penetrates into a compromised system.
By reviewing logs & events one can also check for unauthorised attempts to login to a system
However, there is real challenge today to retain massive log files & yet made meaningful associations with the log files very now and then
It is a field to learn when it comes to log management. In fact , to decide what to log & what not to log becomes a science to be learnt over experience.
By reviewing logs & events one can also check for unauthorised attempts to login to a system
However, there is real challenge today to retain massive log files & yet made meaningful associations with the log files very now and then
It is a field to learn when it comes to log management. In fact , to decide what to log & what not to log becomes a science to be learnt over experience.
Monday, March 19, 2007
Data Security - Avaliability
Avaliability in data security means able to tolerate the loss of the data / information in instances of disaster.
Again we can divide avaliability into 3 classes :
Class 1 - Tolerance for loss of data / information for more than a week
Class 2 - Tolerance for loss of data/information for more than a day but less than a week
Class 3 - Tolerance for loss of data / information for less than a day
Again we can divide avaliability into 3 classes :
Class 1 - Tolerance for loss of data / information for more than a week
Class 2 - Tolerance for loss of data/information for more than a day but less than a week
Class 3 - Tolerance for loss of data / information for less than a day
Saturday, March 17, 2007
Data Security - Integrity
Integrity means ensuring data , information is preserved in its original form and
not modified or spoof as in the case of email.
To ensure that we can put in a technical control like using
digital signatures when sending emails
How other ways can we do it , please suggest
not modified or spoof as in the case of email.
To ensure that we can put in a technical control like using
digital signatures when sending emails
How other ways can we do it , please suggest
Friday, March 16, 2007
Data Security - Confidentiality
Confidentiality (C) means being able to define information into different classifications
and protect it according to the classifications defined.
and protect it according to the classifications defined.
- Class 1 - Internal ( can only be viewed by staff of the company and not public)
- Class 2 - Confidential (can only be viewed by a selected number of staff only)
- Class 3 - Strictly Confidential( can only be viewed by an even smaller group of staff)
Ideally, Class 2 & Class3 Information need to be encrypted whether it be files on
a server or attatchments in email.
2 products worth mentioning are :
Data Security
Data Security in my point of view is make up of 4 important concepts :
In short it is known as CIAT, what is your point of view?
Related Tags: data security, network security, information security, perimeter security
- Confidentiality(C)
- Integrity(I)
- Avaliability(A)
- Traceability(T)
In short it is known as CIAT, what is your point of view?
Related Tags: data security, network security, information security, perimeter security
Subscribe to:
Posts (Atom)