operation security
Download as PPTX, PDF0 likes271 views
Kajal Singh gave a presentation on operations security and ISO 27001:2013. Key points included that operations security involves maintaining day-to-day processes to secure information environments, IT team members have access that could cause damage if misused, and ensuring information assets are appropriately protected. Risks discussed were uninformed employees, mobile devices introducing vulnerabilities, and tailgating or piggybacking through access controls. Controllable measures included reviewing documentation on change management, malware prevention, effective data backup strategies, and preparing for audits to avoid disruptions.
![Risks
Uninformed Employees – Not trained in security
best practices, week passwords, unattended systems,
visiting unauthorized websites
Solution: Train employees on cyber security best
practices and offer ongoing support, password
management system
Mobile Devices (BYOD) - Data theft is at high
vulnerability when employees are using mobile
devices [particularly their own] to share data, access
company information, or neglect to change mobile
passwords](https://image.slidesharecdn.com/finaloperationsecurity-170330132113/85/operation-security-3-320.jpg)
operation security
- 1. PRESENTATION BY- KAJAL SINGH Operations Security – ISO 27001:2013
- 2. Operations Security Operations security involves planning and sustaining the day-to-day processes that are critical for maintaining the security of institutions’ information environments Members of the IT team with knowledge of and access to networks, data centers and admin accounts, can cause serious damage Providing the direction, resources, support, and review necessary to ensure that information assets are appropriately protected within their area of responsibility
- 3. Risks Uninformed Employees – Not trained in security best practices, week passwords, unattended systems, visiting unauthorized websites Solution: Train employees on cyber security best practices and offer ongoing support, password management system Mobile Devices (BYOD) - Data theft is at high vulnerability when employees are using mobile devices [particularly their own] to share data, access company information, or neglect to change mobile passwords
- 4. Risks Tailgating and Piggybacking Through an Access Controlled Secure – Tailgating is when another person, whether an employee or not, passes through a secure door without the knowledge of the person Piggybacking is when another person follows through a door WITH the permission of the person who has received access. Solution: 3-dimensional machine vision system that can differentiate between humans and objects, CCTV, anti- tailgating systems
- 5. Controllable Measures Review documentation and evaluate guidance in regards to change management, capacity management, and separation of development, test, and production environment Malware detection and prevention controls - Evaluate their level of effectiveness Data centre backup strategy - backup procedures and methods (e.g., encryption) are effective both for on- and off-premises backup management Prepare in advance for IT controls audits to avoid service disruption Provide intuitive, visual dashboards that reflect your current security status An essential checklist for your security response solution
Editor's Notes
- #3: The objective of ‘A.12.Operations Security’ domain is to help the organizations to put in place appropriate controls to ensure that day to day operations of an organization are carried out in a controlled and a secure manner, which includes documenting operating procedures, ensuring changes to information assets are carried out efficiently, the information assets are protected from malware and other threats & vulnerabilities, controls to ensure backup is performed effectively to ensure timely availability of information, logging and monitoring of user activities and ensuring continuous improvement through Information systems audit & mitigations.