Implementing Information Security Governance Using ISO 27000

Title:	Implementing Information Security Governance Using ISO 27000 (ID: EPS303)
Author(s):	Tammy L. Clark (Georgia State University)
Topics:	Information Security Governance, Security Certification, Security Implementation, Security Risk Assessment and Analysis
Origin:	Community Contributions (10/02/2008)
Type:	Effective Practices
Abstract:	GSU's CIO sponsored the ISO 27001 certification initiative at Georgia State University in mid 2007 and the Information Security Department and Office of Disbursements were the first GSU departments to be included. We were successful in obtaining the certification in March 2008, which is a very prestigious achievement given that our university is one of the first (if not the first) in the nation to be awarded this international designation.
View this resource:

Information Security Governance | Security Certification | Security Implementation | Security Risk Assessment and Analysis

• Login or register to post comments
 
• 422 reads

Do you have a great resource that should be listed here? Email contribute@educause.edu with your recommendation!

SOURCE

FREE ebook

	Enterprises look at Business Intelligence as the next frontier after deploying ERP, Financial Management and other IT Systems. So the future role of IT Departments will be to enhance the Finance and Business Value Chains with BI. The organisations constant challenge is to have a centralized information system that supports Planning, Controlling, Reporting, Governance, Risk Management and Regulatory Compliance Needs. BI helps achieve this through dashboards, KPI’s, KRA and exception based monitoring tools - as part of one system. For Asia Pacific businesses and their IT Teams the future is just around the corner, and they should start preparing for it now. Some might think that their current systems are adequate, but it would be difficult to maintain that kind of thinking when competitors start making strategic decisions faster, launch new products sooner, treat their clients better, and most disturbingly, raid your own customer base more effectively. Download your eBook Now to learn more about the Future of BI #1 in Business Intelligence & Performance Management With Oracle’s industry-leading BI solutions, organizations gain better insight, make better decisions and drive better results that are delivered more quickly. Oracle’s BI platform enables process driven BI which truly drives process effectiveness to cut costs and bring efficiency to business.			In this eBook: Leading Analyst Views Read the latest analyst reports from Gartner, IDC, Forrester and Datamonitor assessing the current BI market and the future growth of BI solutions. Closing the Information Gap We explain Oracle’s BI Vision and solutions to bridge the gap between what IT Systems can provide and what the business actually needs. The Real Benefits of BI We highlight the real benefits of process driven BI to all key stakeholders including Senior Executives, Business Managers, Financial Controllers and IT. Success Stories Read how with Oracle BI Pitney Bowes are able to deliver more than 400 reports to a large organization with just one person. Download eBook Now

PREPARE : EU tells members to get ready for disaster

Which disaster were you thinking of?

By John Leyden

31st March 2009

http://www.theregister.co.uk/2009/03/31/eu_cyberattack_strategy/ 



The EU is pushing the development of a strategy to protect Europe from cyber-attacks and disruptions.



The guidelines - which amount to a disaster recovery procedures for nations instead of individual corporate entities - are designed to cover incidences such as natural disasters, terrorist attacks, hackers, rupture of submarine telecom cables or hardware failure.



Recent cyber-attacks on Estonia and Georgia caused considerable disruption to the smooth running of government and business services, focusing attention on the problem of keeping internet-connected systems up and running when disaster strikes.



Cyber-attacks that accompanied civil disturbance in Estonia means that the country's parliament had to shut down its email system for 12 hours, while two major Estonian banks were forced to suspend internet services.



The EU Commission points out that the smooth running of IT and communications systems is becoming more important to the economy in general. For example, e-commerce transactions amounted to 11 per cent of total turnover of EU companies in 2007. Three in four (77 per cent) of businesses accessed banking services via internet and two-thirds (65 per cent) of firms used online public services.



Communications networks also play a key role in infrastructure services such as energy distribution, water supply and transportation.



Readiness in dealing with potential disruption varies widely across EU member states. The EU Commission is seeking to use its influence to persuade member states to make the EU as a whole "more prepared for and resistant to cyber-attacks and disruptions".


It wants businesses and public administrations to consider five factors in developing a disaster recovery strategy:



ü Preparedness and prevention: encouraging the exchange of best practices between member states and businesses.

ü Detection and response: supporting the develo

SOURCE

Crash and Hack

CRASH : Gmail crashed for 2:30 hours

CRPCC Team

25 Feb 2009

 

Gmail crashed on 24 Feb 2009 from around 2 p.m. IST (1:30 am US – PST) for two and a half hours. Some people speculated this as DDOS attack on Gmail. Given the gmail security and CAPTCHA, it may not likely to be a DDOS attack, unless fully diagnosed.

 

Following is the explanation on the official gmail blog –

 

Update on today's Gmail outage

February 24, 2009 11:14 AM

Posted by Acacio Cruz, Gmail Site Reliability Manager

 

Gmail had a major outage early this morning: for about two and a half hours starting at 1:30 am PST while many of our users in the US were asleep, many people couldn't access their email. Lots of people around the world who rely on Gmail were disrupted during their waking and working hours, and we’re very sorry. We did everything we could to restore access as soon as possible, and the issue is now resolved.

 

Before you can access your account, you may be asked to complete a CAPTCHA which asks you to type in a word or some letters. It's normal for this to happen any time you repeatedly request access to your account — it’s just to make sure you're not a robot.

Thank you for bearing with us.

 

Update (3:49 pm): Lots of folks are asking what happened, so we thought you'd like an explanation. This morning, there was a routine maintenance event in one of our European data centers. This typically causes no disruption because accounts are simply served out of another data center.

 

Unexpected side effects of some new code that tries to keep data geographically close to its owner caused another data center in Europe to become overloaded, and that caused cascading problems from one data center to another. It took us about an hour to get it all back under control.

 

The bugs have been found and fixed, and we're in the process of pushing out changes. We know how painful an outage like this is -- we run Google on Gmail, so outages like this affect us the same way they affect you. We always investigate the root causes of rare outages like this one, so we can prevent similar problems in the future.

 

Access the blog at - http://gmailblog.blogspot.com/2009/02/update-on-todays-gmail-outage.html

 

Top

---

HACKED : British Minister victim of 419 scam

Justice Secretary Jack Straw's email account has been hacked by fraudsters

The Telegraph

Why Firewall Security Is Necessary

Why Firewall Security Is Necessary To Protect Your Network

{ Posted on Feb 26 2009 by Damen }

TAGS : COMPUTER NETWORK PROTECTION, FIREWALL, NETWORK SECURITY
CATEGORIES : FIREWALL, NETWORK SECURITY

In your car, the firewall sits between the engine compartment and the front seat and is built to keep you from being burned by the heat of the combustion process. Your computer has a firewall, too, for much the same reason – to keep you and your data from being burned by hackers and thieves who are the unfortunate creators of “Internet combustion” and destruction.

The firewall, a “combo” approach of software that regulates and monitors hardware and communications protocols, is there to inspect network traffic and all the “packets” of information that pass through to your inner sanctum, your CPU and hard drives. A firewall will rule out the possibility of harm, or at least greatly minimize, by noting and quarantining potentially harmful “zones” and will either deny or permit access to your computer based on the current set of rules that applies at the time, depending on many (very many) factors.

Basic tasks and settings

The basic task for a firewall is to regulate of the flow of traffic between different computer networks that have different “trust levels.” The Internet is full of countless overlapping zones, some safe and some totally deadly. On the other hand, internal networks are more likely to contain a zone or zones that offer a bit more trust. Zones that are in between the two, or are hard to categorize, are sometimes referred to as “perimeter networks” or, in a bit of geek humor, Demilitarized Zones (DMZ).

Without proper configuration, a firewall can simply become another worthless tool. Standard security practices call for a “default-deny” firewall rule, meaning that the only network connections that are allowed are the ones that have been explicitly okayed, after due investigation. Unfortunately, such a setup requires detailed understanding of network applications and a great deal of time and energy to establish and administer.

Who can do what?

Many businesses and individuals lack sufficient computer and network knowledge to set up a default-deny firewall, and will therefore use a riskier but simpler “default-allow” rule, in which all traffic is permitted unless it has been specifically blocked for one of a number of possible reasons. This way of setting up a firewall makes “mysterious” and unplanned network connections possible, and the chance your system may be compromised becomes much more likely.

Firewall technology had its first growth period in the computer technology revolution of the late 1980s, when the Internet was a fairly new in terms of its global reach and connectivity options. The predecessors to today’s hardware/software hybrid firewalls were the routers used in the mid 1980s to physically separate networks from each other. However small the Internet began, it was ultimately undone by supremely fast growth and the lack of security planning, and therefore there were the inevitable breaches caused by older (”prehistoric”) firewall formats. Fortunately, computer pros learn from their errors, and the firewall technology continues improving daily.

Cisco Kits is a leading provider of CCNA, CCIE and CCNP Cisco training courses and equipment. Visit online for more information on certification or just furthering education.

Article Source:http://www.articlesbase.com/networks-articles/why-firewall-security-is-necessary-to-protect-your-network-784872.html

Tags

Firewall, Network Security

THIS ENTRY WAS POSTED ON THURSDAY, FEBRUARY 26TH, 2009 AT 6:08 AM AND IS FILED UNDER FIREWALL,NETWORK SECURITY. YOU CAN FOLLOW ANY RESPONSES TO THIS ENTRY THROUGH THE RSS 2.0 FEED. YOU CAN LEAVE A RESPONSE, OR TRACKBACK FROM YOUR OWN SITE.

• About the author

  This blog is dedicated to the discussion of Information Security (or someone like to call this "Cyber Security". That is a topic I have been teaching for more than 8 years| Read More »

• FeedBurner
  

•  

   

• Categories

  • Access Control
  • Application Security
  • Attack Methodologies
  • Business Contnuity
  • Cryptography
  • Firewall
  • General Information Security
  • Google Hacking
  • IDS
  • IPS
  • Network Security
  • Operations Security
  • Physical Security
  • Risk Management
  • Security Management
  • Security Tools
  • Vmware

• Tags

  Access Control Asymmetric Encryption AuthenticationAuthorization availability Beyond FearBruce Schneier Brute Force Attack Caesar CipherCertificate Authorityciphertext Computer SecurityconfidentialityCryptographic KeyCryptography cryptologydecryption DESencryption FirewallGoogle Hacking IDSInformation Owner Information Risk ManagementInformation Security Information Security Management integrityIntrusion Detection System Leon Battista AlbertiOperations Security password management Physical Security Private KeyPublic Key Risk ManagementRisk mitigation single point of failureThawte Threats TrueCrypt USB Data Encryption VerisignVulnerabilities Vulnerability work factor

more