Insights into Cyber Security, Information Security, and Privacy Protection

overview of cyber security information security n.w
1 / 51
Embed
Share

Discover the importance of cyber security, information security, and privacy protection in safeguarding individuals, organizations, and nations from cyber risks. Learn about key attributes, standards, and practices in IT security and data privacy.

  • Cyber Security
  • Information Security
  • Privacy Protection
  • IT Security
  • Data Privacy
rayaanacharya
syrenity Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Overview of Cyber Security, Information security and Privacy protection

  2. IT Security and Data Privacy Overview of BIS Content

  3. IT Security and Privacy Standards Security & Privacy Physical World Law of Land Digital World Standards in addition to Law of Land Standards Framework for Best Practices Security , Privacy Assurance and Validation

  4. IT Security and Privacy Standards Courses related to IT security: Resource Management in Computer Systems Cryptography & Computer Security Operating Systems Computer Networks System and Network Security Principles of Information Security

  5. IT Security and Privacy Standards What is cybersecurity? safeguarding of people, society, organizations and nations from cyber risks (Source IS/ISO/IEC TS 27100)

  6. IT Security and Privacy Standards

  7. Information Security What is information security? preservation of confidentiality , integrity and availability of information (Source IS/ISO/IEC 27000)

  8. Key Attributes of Information Security What are the Key attributes of Information security? confidentiality property that information is not made available or disclosed to unauthorized individuals, entities, or processes integrity property of accuracy and completeness availability property of being accessible and usable on demand by an authorized entity

  9. Event, Incident, Accident Information security What is an event? occurrence or change of a particular set of circumstances An event can sometimes be referred to as an incident or accident . (Source IS/ISO/IEC 27000)

  10. Event, Incident, Accident Information security information security event occurrence indicating a possible breach of information security or failure of controls information security incident related and identified information security event(s) that can harm an organization's assets or compromise its operations (Source IS/ISO/IEC 27035-1)

  11. Control and Risk What is risk? effect of uncertainty on objectives. An effect is a deviation from the expected positive or negative Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood What is Control? measure that is modifying risk Controls include any process, policy, device, practice, or other actions which modify risk (Source IS/ISO/IEC 27000)

  12. Risk Management

  13. Approach to manage security Identify objectives, business environment, stakeholders, assets, laws, regulations, threat environment , risk assessment Protect Implement controls based on identification and risk assessment Detect Monitor, attack detection Respond Incident management Recover Source: ISO/IEC TS 27110

  14. Factors affecting Information security What are the factors affecting Information security? Human aspect User Management Infrastructure Hardware aspects Computer, Network Software aspects Protocols, Algorithms Work environment

  15. Factors affecting Information security Organizational Controls like Management responsibilities Labelling of information Identity management Access rights People Controls like Terms and conditions of employment Information security awareness, education and training Remote working Source: IS/ISO/IEC 27002

  16. Factors affecting Information security Physical Controls like Physical entry Securing offices, rooms and facilities Protecting against physical and environmental threats Storage media Cabling security Technological Controls like Secure authentication Information deletion Information backup Source: IS/ISO/IEC 27002

  17. IT Security and Privacy Standards IS/ISO/IEC Management Systems 27000/27001 series Security Information provides commonly used terms and definitions provides requirements for implementation of Information Security Management systems

  18. IT Security and Privacy Standards IS/ISO/IEC 27005 Information security cybersecurity and privacy protection Guidance on managing information security risks perform information security risk management activities, specifically information security risk assessment and treatment.

  19. IT Security and Privacy Standards IS/ISO/IEC 27032 Cybersecurity-Guidelines for Internet security Provides an overview of Internet security and describes relationship between Internet security, web security, network security and cybersecurity.

  20. IT Security and Privacy Standards IS/ISO/IEC 27033 Series Information Technology Security Techniques - Network Security This series of standards describes the concepts associated with Network Security. Concepts and guidance provided are related to: network type, identification of risks,

  21. IT Security and Privacy Standards IS/ISO/IEC 27033 Series Information Technology Security Techniques - Network Security threats, vulnerability, management of risks, criteria for product or vendor selection, criteria for network component selection

  22. IT Security and Privacy Standards IS/ISO/IEC 27034 Series Information technology Security techniques -Application Security This series of standards describes the concepts related to Application security. These also provides framework including Organization Normative Framework, Accountable, Consulted, Informed) implementation of application security requirements. RACI (Responsible, framework for

  23. IT Security and Privacy Standards IS/ISO/IEC 27035 Series Information technology Security techniques - Information Security incident management Provides guidelines for information security incident response in ICT security operations. It includes Detection and reporting" phase, "Assessment and decision , plan and prepare for incident response and to learn lessons from incident response.

  24. IT Security and Privacy Standards IS/ISO/IEC TS 27100 Cybersecurity Overview and concepts describes cybersecurity and relevant concepts, including how it is related to and different from information security

  25. IT Security and Privacy Standards IS/ISO/IEC TR 27103 Cybersecurity and ISO and IEC Standards Cybersecurity framework: Identify; Protect; Detect; Respond; Recover. This document demonstrates how a cybersecurity framework can utilize current information security standards to achieve a well-controlled approach to cybersecurity management

  26. IT Security and Privacy Standards IS/ISO/IEC 18033 Series Encryption algorithms Asymmetric ciphers Block ciphers Stream ciphers Identity-based ciphers Homomorphic encryption Tweakable block ciphers

  27. IT Security and Privacy Standards IS/ISO/IEC 29192 Series Lightweight cryptography Block ciphers Stream ciphers Mechanisms using asymmetric techniques Hash-functions Authenticated encryption Broadcast authentication protocols

  28. IT Security and Privacy Standards IS 14990 ISO/IEC 15408 Series Information technology - Security techniques - Evaluation criteria for IT Security Provides a common set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation.

  29. IT Security and Privacy Standards IS 15671 ISO/IEC 18045 Information technology - Security techniques - Methodology for IT Security evaluation defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 series evaluation, using the criteria and evaluation evidence defined in the ISO/IEC 15408 series.

  30. IT Security and Privacy Standards IS/ISO/IEC 19896 Series Competence Requirements for Information Security Testers and Evaluators Provides fundamental concepts related to the topic of the competence of the individuals responsible for performing IT product security evaluations and conformance testing.

  31. IT Security and Privacy Standards What is Privacy? Privacy freedom from intrusion into the private life or affairs of an individual when that intrusion results from undue or illegal gathering and use of data about that individual [SOURCE: ISO/TS 27790:2009]

  32. IT Security and Privacy Standards What are the Privacy Principles? Consent and choice limitation Purpose legitimacy and specification Accuracy and quality Source (IS/ISO/IEC 29100) Collection limitation Data minimization Use, retention and disclosure

  33. IT Security and Privacy Standards What are the Privacy Principles? Openness, transparency and notice Privacy compliance Source (IS/ISO/IEC 29100) Individual participation and access Accountability Information security

  34. IT Security and Privacy Standards IS 17428 Series Data Privacy Assurance This standard provides requirements to ensure data privacy assurance of personal data processed in electronic form

  35. IT Security and Privacy Standards ISO/IEC 27701 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management Requirements and guidelines This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.

  36. IT Security and Privacy Standards IS/ISO/IEC 27400 Cybersecurity IoT security and privacy Guidelines This document provides guidelines on risks, principles and controls for security and privacy of Internet of Things (IoT) solutions.

  37. IT Security and Privacy Standards ISO/IEC 27402 Cybersecurity IoT security and privacy Device baseline requirements This document provides requirement for IoT Devices to support security and privacy controls as defined in 27400.

  38. IT Security and Privacy Standards ISO/IEC 27403 Cybersecurity IoT security and privacy Guidelines for IoT-domotics provides guidelines to analyse security and privacy risks and identifies controls that can be implemented in Internet of Things (IoT)-domotics systems.

  39. IT Security and Privacy Under Development Standards ISO/IEC WD 27404 Cybersecurity IoT security and privacy Cybersecurity labelling framework for consumer IoT

  40. IT Security and Privacy Under Development Standards ISO/IEC Intelligence Guidance for addressing security threats and failures in artificial intelligence systems WD 27090 Cybersecurity Artificial ISO/IEC WD 27091 Cybersecurity and Privacy Artificial Intelligence Privacy protection

  41. IT Security and Privacy Committee LITD 17 Information Systems Security and Privacy Scope: To prepare Indian Standards relating to security and privacy aspects of Information Systems National Mirror Committee for ISO/IEC JTC1/SC27 Information Security, cyber security and privacy protection

  42. IT Security and Privacy Under Development Standards Indian Standard being developed for IoT Devices by LITD 17/Panel 5 IoT Security and Privacy . Revised draft issued in wide circulation as LITD 17 (19143). Indian Standard to be developed for Management of MobileApplications Permissions'

  43. Bureau of Indian Standards (BIS) National Standards Body of India Promote Harmonious development of the activities of Standardization, conformity assessment and quality assurance of goods, articles, processes , systems and services and for matters connected therewith or incidental thereto

  44. National Standards Body of India Driven by THE BUREAU OF INDIAN STANDARDS ACT, 2016 BIS Act CHAPTER III 10 (1) - The standards established by the Bureau shall be the Indian Standards 10 (2) The Bureau may establish, publish, review and promote the Indian Standard, in relation to any goods, article, process, system or service in such manner as may be prescribed; Bureau of Indian Standards (BIS)

  45. BIS Core activities Standards Formulation Conformity Assessment Product certification scheme I Registration scheme Hallmarking System Certification Testing Training

  46. Standards Formulation Structure Governing Council SAC Division Council Sectional Committee SAC: Standards Advisory Committee Panel/Wor king Group

  47. BIS Standards Development at a Glance 16 Divisions Technical Committees 411 Standards 22,000+

  48. Technical Divisions in BIS 9. Metallurgical Engineering (MTD) Petroleum, Coal & Related Products (PCD) Production and General Engineering (PGD) Transport Engineering (TED) Textile (TXD) Water Resources (WRD) Service Sector (SSD) Ayush (AYD) Civil Engineering (CED) Chemical (CHD) Electro-technical (ETD) Food and Agriculture (FAD) Electronics and IT (LITD) Mechanical Engineering (MED) Medical Equipment & Hospital Planning (MHD) Management and Systems (MSD) 1. 2. 3. 4. 10. 11. 5. 12. 6. 13. 14. 7. 15. 16. 8.

  49. Standards Formulation - Electronics & IT National Standards - In the field of Electronics and Information Technology - formulated by LITDC (Electronics & IT Division Council) International Standards - ISO International Organisation for Standardisation IEC International Electrotechnical Commission JTC 1 Joint Technical Committee of ISO & IEC

  50. Stakeholders Government Regulators Industry Laboratories Research & Developments Consumers Academia

Related


EC-Council 112-12 Certification: CSCU Exam Info | Syllabus | Practice Questions

EC-Council 112-12 Certification: CSCU Exam Info | Syllabus | Practice Questions

katy95
Evolution in HDL Hypothesis: CSL-112 Infusions in Acute Myocardial Infarction

Evolution in HDL Hypothesis: CSL-112 Infusions in Acute Myocardial Infarction

averi
How News Wires Shape Global News Coverage

How News Wires Shape Global News Coverage

Pragencyuk
Timely and Reliable Reports on Global News Wire

Timely and Reliable Reports on Global News Wire

Press
Online News Act Regulations Overview

Online News Act Regulations Overview

rosamund
Unveiling Fake News: Digital Citizenship Lesson on Spotting False Information

Unveiling Fake News: Digital Citizenship Lesson on Spotting False Information

isabela
The Irish National Early Warning System (NEWS)

The Irish National Early Warning System (NEWS)

kannon
Mastering News Writing: The Art of Compelling Leads

Mastering News Writing: The Art of Compelling Leads

ameliagrace
The Different Types of Misinformation and Fake News

The Different Types of Misinformation and Fake News

sullivan
Understanding and Communicating Bad News in Healthcare

Understanding and Communicating Bad News in Healthcare

eyre
The Difference Between News and Feature Photography

The Difference Between News and Feature Photography

reyansh
Analysis of Weaponising News: RT, Sputnik, and Targeted Disinformation

Analysis of Weaponising News: RT, Sputnik, and Targeted Disinformation

harleen
SABC Presentation to MDPMI - Media and Digital Platforms Market Inquiry Public Hearings

SABC Presentation to MDPMI - Media and Digital Platforms Market Inquiry Public Hearings

ame_h
Unveiling the Truth: A Deep Dive into Fake News Phenomenon

Unveiling the Truth: A Deep Dive into Fake News Phenomenon

lmat
Insights into News Consumption Trends in the Digital Age

Insights into News Consumption Trends in the Digital Age

petr_924
Overview of Fake News Detection Methods in Knowledge and the Web

Overview of Fake News Detection Methods in Knowledge and the Web

gran_z
Hate Speech and Fake News in the Balkans

Hate Speech and Fake News in the Balkans

gpai
The Elements of News Values and Timeliness in Reporting

The Elements of News Values and Timeliness in Reporting

kendari
Agenda-Setting & Framing in News Content Analysis

Agenda-Setting & Framing in News Content Analysis

ishel
Essential Concepts in News Gathering and Reporting

Essential Concepts in News Gathering and Reporting

mariatu
The Impact of Paid News and Electoral Reforms in India

The Impact of Paid News and Electoral Reforms in India

hali
Challenges Facing Traditional Media in the Digital Age

Challenges Facing Traditional Media in the Digital Age

mckeller_s

More Related Content