Enhancing Information and Cyber Security Assurance in Organizations

slide1 n.w
1 / 33
Embed
Share

Enhance your knowledge on information and cyber security assurance in organizations through this comprehensive course. Explore topics such as security models, cost optimization, and cooperation at different levels. Evaluation criteria include homework assignments and exams to test your understanding of the concepts covered.

  • Security Assurance
  • Cyber Security
  • Information Security
  • Risk Management
  • IT Risk
rayaanacharya
ong_se Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Information and Cyber Security Assurance in Organisations ITX8090

  2. Self-introduction Education Work experience Training Teaching

  3. Audience and expectations Expectations for the course? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

  4. Course Outline Cyber security as a process; IS life cycle; Choosing security measures based on security model/standard/best practice; Graded security model; Security expences and optimization; Cooperation at organization/state/international level. ois.ttu.ee

  5. Course Knowledge Terminology, security problem description Understand security as a process What may work for security governance Security economic aspects and cost optimization ois.ttu.ee

  6. Evaluation Evaluation criteria 1) Homework assignments The course contains several obligatory homework assignments. Assignments are supervised and graded during practice times. Maximum summary points for all assignments: 20. 2) Exam In order to pass the course, each student has to pass the written exam. Maximum points: 80. 3) Final evaluation The final grade for each student is calculated using a summary score of the homework assignments and the exam, ie. 20% for the homework, 80% for the exam.

  7. Evaluation The grades are assigned as follows: score >= 90 -- grade 5 (excellent) 80 < score 90 -- grade 4 (very good) 70 < score 80 -- grade 3 (good) 60 < score 70 -- grade 2 (satisfactory) 50 < score 60 -- grade 1 (pass) score < 50 -- grade 0 (failed)

  8. Introduction Information and Cyber Security Assurance in Organisations Assurance service is an independent professional service with the goal of improving the information or the context of the information so that decision makers can make more informed, and presumably better, decisions. Assurance services provide independent and professional opinions that reduce the information risk (risk that comes from incorrect information). www.wikipedia.org

  9. IT risk and control concept

  10. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals.

  11. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  12. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Critical information assets Business profile IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  13. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Critical information assets Critical information systems Business profile Critical IT assets IT profile IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  14. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Critical information assets Critical information systems IT governanceprofile Business profile Critical IT assets Procedures IT profile Policy IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  15. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Critical information assets Critical information systems IT governanceprofile Impact to security Business impact Business profile Critical IT assets Procedures IT incidents IT profile Policy IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  16. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Critical information assets Critical information systems Measure description Compliance status IT governanceprofile Impact to security Compliance lists Business impact Business profile Critical IT assets Procedures Compliance IT incidents IT profile Policy IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  17. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Informationsecuritycontrols Critical information assets Critical information systems Measure description State of application Compliance status IT governanceprofile Impact to security Compliance lists Business impact Business profile Critical IT assets Procedures Compliance IT incidents Tables IT profile Policy IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  18. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Informationsecuritycontrols Critical information assets Critical information systems Measure description State of application Compliance status IT governanceprofile Impact to security Compliance lists Business impact Business profile Critical IT assets Procedures Compliance IT incidents Tables IT profile Policy IT RISK PROFILE IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  19. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Informationsecuritycontrols Critical information assets Critical information systems Measure description State of application Compliance status IT governanceprofile Impact to security Compliance lists Business impact Business profile Critical IT assets Procedures Compliance IT incidents Tables IT profile Policy BIA, SLA IT RISK PROFILE IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  20. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Informationsecuritycontrols Critical information assets Critical information systems Measure description State of application Compliance status IT governanceprofile Impact to security ITIL, CMM, TCO, ROI Compliance lists Business impact Business profile Critical IT assets Procedures Compliance IT incidents Tables IT profile Policy BIA, SLA IT RISK PROFILE IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  21. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Informationsecuritycontrols Critical information assets Critical information systems Measure description State of application Monitoring, KPI, KRI, Compliance status IT governanceprofile Impact to security ITIL, CMM, TCO, ROI Compliance lists Business impact Business profile Critical IT assets Procedures Compliance IT incidents Tables IT profile Policy BIA, SLA SPOF IT RISK PROFILE IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  22. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Informationsecuritycontrols Critical information assets Critical information systems Measure description State of application Monitoring, KPI, KRI, Compliance status IT governanceprofile Impact to security ITIL, CMM, TCO, ROI Compliance lists testing,forensics, Business impact Risk scenarios, Business profile Critical IT assets Procedures Compliance IT incidents Tables IT profile Policy BIA, SLA SPOF BCP IT RISK PROFILE IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  23. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Informationsecuritycontrols Critical information assets Critical information systems Measure description State of application Monitoring, KPI, KRI, Compliance status IT governanceprofile Impact to security ITIL, CMM, TCO, ROI Compliance lists control checklists, testing,forensics, Business impact Risk scenarios, Business profile Critical IT assets Audit reports, Procedures Compliance IT incidents Tables IT profile Policy BIA, SLA SPOF ROSI BCP IT RISK PROFILE IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  24. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Informationsecuritycontrols Critical information assets Critical information systems Measure description State of application Monitoring, KPI, KRI, Compliance status IT governanceprofile Impact to security ITIL, CMM, TCO, ROI Compliance lists control checklists, analysis (bow tie), testing,forensics, Business impact Risk scenarios, Business profile Risk and control Critical IT assets ISMS operation Audit reports, Procedures Compliance IT incidents Tables IT profile Policy BIA, SLA SPOF ROSI BCP IT RISK PROFILE IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  25. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Informationsecuritycontrols Probability, impact, risk assessments, risk matrices Critical information assets Critical information systems Measure description State of application Monitoring, KPI, KRI, Compliance status IT governanceprofile Impact to security ITIL, CMM, TCO, ROI Compliance lists control checklists, analysis (bow tie), testing,forensics, Business impact Risk scenarios, Business profile Risk and control Critical IT assets ISMS operation Audit reports, Procedures Compliance IT incidents Tables IT profile Policy BIA, SLA SPOF ROSI BCP IT RISK PROFILE IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  26. IT risk and control concept Legal obligations for IT security, data protection, business continuity (for example data protection act, emergency act, etc ) and internal goals. Critical business processes Informationsecuritycontrols Probability, impact, risk assessments, risk matrices Critical information assets Critical information systems Measure description State of application Monitoring, KPI, KRI, Compliance status IT governanceprofile Impact to security ITIL, CMM, TCO, ROI Compliance lists control checklists, analysis (bow tie), testing,forensics, Business impact Risk scenarios, Business profile Risk and control Critical IT assets ISMS operation Audit reports, Procedures Compliance IT incidents Tables IT profile Policy BIA, SLA SPOF ROSI BCP IT RISK PROFILE Threats, weaknesses, risk scenarios, risk owners IT risk and information security management actions (analysis, assessments, overviews; changes in profiles and impact to risks, improvements in controls, need to audit, test etc )

  27. Course themes IT risk assessment and management standard ISO/IEC 27005; IT risk assessment concepts and methods; Identifying and mapping the information assets and IT assets; Analysis of threats and vulnerabilities; Risk assessment and risk scales, risk matrix, residual risk; Information security standards ISO/IEC 27001 and ISO/IEC 27002; Information security policy; Planning the application of information security measures; Applying baseline security (e.g. ISKE) in public sector;

  28. Course themes IT risk management methods (based on best practices); IT risk management organization and activities; Using the bow tie method (root-cause) to analyse risks with controls; Preventive, detective and corrective measures to achieve information security; Control and compliance issues of information security; Planning IT continuity and recovery (based on testing); Business continuity (BC) concept and terms; Business impact (BI) analysis and business continuity planning; Recovery objectives and recovery plans; Business continuity testing.

  29. Course plan Work table (constantly under construction)

  30. Practice Key roles in information/cyber security Exercise 1

  31. PhD Andro Kull CISA, CISM, CRISC, ABCP Andro@consultit.ee andro.kull

Related


CSE 122 Winter 2024 - Lecture 18: Putting It All Together Review

CSE 122 Winter 2024 - Lecture 18: Putting It All Together Review

lochlan
Principles and Applications of Symmetry in Magnetism Summer School Lecture

Principles and Applications of Symmetry in Magnetism Summer School Lecture

eleanora
Spring 2BL : Lecture 5

Spring 2BL : Lecture 5

zakai
An Overview of AI Applications in Medicine - Lecture Highlights

An Overview of AI Applications in Medicine - Lecture Highlights

denise
Enhancing Student Learning Through Formative Assessment in Lecture-Based Courses

Enhancing Student Learning Through Formative Assessment in Lecture-Based Courses

varian
2D Geometric Transformations for Computer Graphics

2D Geometric Transformations for Computer Graphics

maira
Understanding Heat Transfer in Thermodynamics Lecture

Understanding Heat Transfer in Thermodynamics Lecture

shania
Advanced Methods of Interpretation: Hermeneutics and Structuralism Lecture at Masaryk University

Advanced Methods of Interpretation: Hermeneutics and Structuralism Lecture at Masaryk University

rjed
Materials Physics Lecture Series: AIMS Program Overview

Materials Physics Lecture Series: AIMS Program Overview

blanchet_h
Reforms of Henry II: Glanvill Lecture Overview

Reforms of Henry II: Glanvill Lecture Overview

dai_har
The War of Resistance 1937-45: Lecture Recap on Key Events

The War of Resistance 1937-45: Lecture Recap on Key Events

ljer
Implications of President's NSA Review Group - Conway-Walker Lecture

Implications of President's NSA Review Group - Conway-Walker Lecture

wei_leo
Classical Physics and Special Projects in PHYS 3313-001 Lecture

Classical Physics and Special Projects in PHYS 3313-001 Lecture

kolesar_k
CSE 311: Foundations of Computing I - Lecture 1 Overview

CSE 311: Foundations of Computing I - Lecture 1 Overview

dcha
Thermal Physics Lecture by Dr. Erwin Sitompul at President University

Thermal Physics Lecture by Dr. Erwin Sitompul at President University

mckinzle
Introduction to Code Reasoning in CSE331 Lecture

Introduction to Code Reasoning in CSE331 Lecture

yrose
Comprehensive Eye Assessment Lecture by Prof. Salma Khadim Jehad

Comprehensive Eye Assessment Lecture by Prof. Salma Khadim Jehad

spartacu
Physics 1443 Section 003 Lecture #9 Summary and Homework Announcement

Physics 1443 Section 003 Lecture #9 Summary and Homework Announcement

maan576
Advanced Topics in Communication Systems: Lecture 18 Overview and Final Exam Details

Advanced Topics in Communication Systems: Lecture 18 Overview and Final Exam Details

smiha
Anupam Saxena's ME 251 Lecture III - Part and Assembly Drawings: Example II

Anupam Saxena's ME 251 Lecture III - Part and Assembly Drawings: Example II

rroge
Physics Lecture Summary: AC, EMF, and Special Project Reminder

Physics Lecture Summary: AC, EMF, and Special Project Reminder

aishleend
Algorithmic Game Theory Lecture on Prophet Inequality and Auction Design

Algorithmic Game Theory Lecture on Prophet Inequality and Auction Design

marv_982

More Related Content