1

PreparedPrepared ByBy Baderdeen J AlsabaBaderdeen J Alsaba

Supervised BySupervised By

Dr. Sana’a Wafa Al-Sayegh

University of Palestine College of Information Technology

Security System Standards Specification

Contact: uk_81@hotmail.com

2

Agenda Introduction

Definition

Provide adequate protection

First dimension: the security of information - Plenary Session

Phase I Evaluation:

Phase II Design: Phase III implementation:

Phase IV Control:

Second dimension : the security of information - building blocks

I- construction unit: regulations

II-Unit construction Education

III - Building security

3

Agenda

Third dimension : the security of information - valuable property

Persons:- Data:-

Infrastructure for the Information Technology

Equipment:- Networks :- Operating Systems :- Applications:-

References:-References:-

4

Introduction And the use of the term systems Security and was previously used old

methods of the birth of information technology, but found common use, but the actual scope of the activities in the processing and transfer of data by means of computing and communication - specifically the Internet   - Occupied the research and studies security systems are in the broad area of development among the various information technology research, and perhaps even becoming one of the concerns felt by the different actors. - As well as the goal of legislative measures in this field, ensure the availability of the following elements for information

5

Definition System security Is the science that looks at the theories and

strategies to provide protection system of the risks and activities that threaten to attack them

In terms of technology, the means and tools and procedures to be provided to ensure the protection of the system of internal and external threats.

From a legal perspective, the purpose of legislation to protect the system from illicit activities and illegal targeting of information and systems (computer crimes and Internet piracy)

6

Provide adequate protection 1 - CONFIDENTIALITY:-

secret or reliability Means to make sure that information does not reveal not disclosed by unauthorized people.

2 - INTEGRITY:- To make sure that the true content of the

information has not been modified or tampered with in particular.

7

Provide adequate protection

3 - AVAILABILITY:-

To ensure the continued operation of information system and the continued ability to interact with the.

4 - Non-repudiation:- It is intended to ensure that deny the person who is related to the disposal of their information or deny that it was he who did this act

8

First dimension:

the security of information - Plenary Session

Phase I: Evaluation: Each facility must assess the risks that watching

them, to learn accurate knowledge of their environment, and has the ability to classify data in

terms of sensitivity and importance.

Why protect? (What is the mission property?) What is? (What are the risks?) How safeguard? (What are the mechanisms?)

9

Phase II

Design

Assuming that the security chain, the chain measured by the most vulnerable of a link. Therefore, the use of the latest networking barriers Firewalls or even intrusion detection systems (Intrusion Detection Systems) (IDS) does not guarantee full security of the business.

10

Phase III:

implementation: After structural choose the appropriate security (in design),

you will need to implement technical controls you've selected. Perhaps that controls the barrier on the web or intrusion detection system or e-mail server or domain name (DNS).

Buy as much as possible of those techniques is not the solution, and to a series of effort Servers domain name to reduce the risk, and allocate a servant of email within your network, and to take the web-based neutral DMZ)) servant to pass mail Relay Server) ) And out of your network

11

Phase IV

Control It is well known that we can not find a secure system by

100%, but we always seek to reduce risk to trade, whether legal or financial risk, professional or reputation. And security risks is the kind of professional to be reduced. Upon the expiration of the implementation of risk reduction plan - including network design and the design of security infrastructure, in addition to the employment of security techniques, it is appropriate for you, you should monitor all these facilities 24 hours a day 365 days a year

12

Second dimension

the security of information - building blocks

I- construction unit: regulations The regulations are the heart of any system of information security management (ISMS), it shows clearly what is permitted and not permitted, they found the roles and responsibilities and be clearly determined. The security regulations define accurately forecast its senior management and information security.

13

II-Unit construction Education

According to one professional breakthrough that "social interaction was the easiest way to penetrate the systems." We often do not look beyond the technical barriers and defenses - including network barriers - and forget the importance of those barriers that lie in our minds a "human barriers".

14

III - Building security

That the Department must ensure that investment in information security has borne fruit, and asked the advice of a neutral party to identify the degree of safety in infrastructure. This does not stop at that, but we must integrate security in the security program of the business, so that is an integral part of that program to assess the security mechanisms, and to verify that the infrastructure is in accordance with the regulations and requirements set

15

Third dimension

the security of information - valuable property

When it comes to information security, the important question is: What you want to protect?

Persons:-People are most valuable to you. Therefore, to maintain their safety is the first priorities in any business. Different roles of these persons: Some regulations, networks, operators, managers, and employees, and the owners of contracts and trading partners.

Data:- Should always ask yourself this simple question: What I want to AHMIA? The security of data includes everything, it includes documents sent by fax or picked up, and your email messages, and mobile data across your network, and business processes, and databases of customers, and so on.

16

Infrastructure for the Information Technology

Equipment: -

Must prevent unauthorized persons have access to central servers and storage devices, and even be barred from entering the facilities and buildings task.

Networks :-

Moving facilities to join the network environments connected to the shared source and built by employing basic recruitment optimal, but the risk exposure of internal and external is possible.

17

Infrastructure for the Information Technology

Operating Systems :-

The systems in urgent need of protection from internal and external threats, whether UNIX systems UNIX)) or Windows (Windows NT/2000/XP/2003). These systems also need to immunization and continued to check on a regular basis.

Applications:-

The application is one in which users can deal with your environment technology. These specialized applications in accounting, human resources, logistics, finance and communications are needed to be protected and kept confidential.

18

References:-References:-• http://www.publications.ksu.edu.sa/IT%20Papers/Information

%20Security/IT%20Sec.doc

• http://www.27001.net/2007/06/what-is-iso-27001.html

• http://www.27001.net/labels/iso%2027001.html

• http://www.bsi-global.com/en/Assessment-and-certification-services/management-systems/Standards-and-Schemes/ISO-IEC-27001

• http://www.praxiom.com/27001.htm

• http://www.isoqar.com/iso27001/27001intro.htm

• http://www.the-dma.org/guidelines/informationsecurity.shtml

• http://iso27001security.com/html/iso27000.html

• http://www.ccert.edu.cn/education/cissp/hism/ewtoc.html

19

Any question?

Contact: uk_81@hotmail.com