5.6 it stream moderator (mauritius)
DESCRIPTION
TRANSCRIPT
www.sil.mu
Moderator:
Dhan KoolwantSales ManagerBusiness Development GroupState Informatics Limited – [email protected] - +230 2536377
www.sil.mu
IT STREAM IT STREAM
www.sil.mu
IT Security Audit of Information Systems
Presentation by Mr Imran Ameerally
of the IT Security Unit of the Ministry of Information and Communication Technology
www.sil.mu
IT STREAM IT STREAM
www.sil.mu
Incorporating Security in IT Solutions for Corporate Registers
Presentation by Mr Vishal Soockeea
Account Manager
Business Development Group
State Informatics Limited
www.sil.mu
IT STREAM IT STREAM
www.sil.mu
• About IT Security Unit
• Types of Audits Conducted
• Companies Division Audit
• Audit Tasks
• Audit Deliverables
• Audit Findings
• Benefits of an Audit
www.sil.mu
IT SECURITY AUDIT OF INFORMATION SYSTEMSIT SECURITY AUDIT OF INFORMATION SYSTEMS
www.sil.mu
• ISO/IEC 27001 Internal audits
• Information Security Assesments
• In House Security Audits
• Outsourced Security Audits
www.sil.mu
TYPES OF AUDITS CONDUCTEDTYPES OF AUDITS CONDUCTED
www.sil.mu
Phase 1 – Planning the Audit
Phase 2 – Performing the Audit Work
Phase 3 – Reporting Audit Findings
Findings are broken into 3 Categories
Application Security
Network and System Security
Physical Security
www.sil.mu
PHASES & FINDINGS IN AN AUDITPHASES & FINDINGS IN AN AUDIT
www.sil.mu
Finding DescriptionPassword can be decrypted for Application Server Control Console
Severity Rating (H/M/L) High
Recommended Action(s)Short Term – Stronger encryption algorithm to encrypt data passing
between client and server should be implemented
Long Term – Security considerations should be a must in software requirement specification and analysis
www.sil.mu
EXAMPLE 1 - FINDING UNDER AN APPLICATION EXAMPLE 1 - FINDING UNDER AN APPLICATION SECURITY AUDITSECURITY AUDIT
www.sil.mu
Finding DescriptionIt is possible to view the contents of authenticated page from Back button of
the browser.
Severity Rating (H/M/L) High
Recommended Action(s)• Short Term – The back button of the browser should be disabled for all
authenticated pages. Otherwise, the user may lose track and a malicious user can get access to his session simply by clicking on the back button of the browser.
• Long Term – Necessary controls in an application should be identified using Threat modeling to ensure that the application is protected against common types of attacks based on the threats it faces
www.sil.mu
EXAMPLE 2 - FINDING UNDER AN APPLICATION EXAMPLE 2 - FINDING UNDER AN APPLICATION SECURITY AUDITSECURITY AUDIT
www.sil.mu
• Physical Security
• Server and System Software Security
• Database Security and Audit Trail
• Authentication to the Application
• Application Level Security
• Online Applications Security
www.sil.mu
SECURITY COMPONENTS IN IT SOLUTIONS FOR SECURITY COMPONENTS IN IT SOLUTIONS FOR CORPORATE REGISTERS CORPORATE REGISTERS
www.sil.mu
• Physical Security
• Server and System Software Security
• Database Security and Audit Trail
• Authentication to the Application
• Application Level Security
• Online Applications Security
www.sil.mu
ITIT SYSTEM COMPONENTS FOR SECURITY SYSTEM COMPONENTS FOR SECURITY CONSIDERATIONCONSIDERATION
www.sil.mu
QUESTIONS RAISED & CLARIFICATIONS REQUESTED
www.sil.mu
IT SECURITY AUDIT OF INFORMATION SYSTEMSIT SECURITY AUDIT OF INFORMATION SYSTEMS&&
INCORPORATING SECURITY IN IT SOLUTIONS INCORPORATING SECURITY IN IT SOLUTIONS FOR CORPORATE REGISTERS FOR CORPORATE REGISTERS
www.sil.mu
• English : How are You ?
• French : Comment allez vous ?
• Creole (Mauritian Dialect): Ki Maniere ?
• Response: Corek (fine) / pas Corek (not fine)
www.sil.mu
A MAURITIAN COMMONLY USED EXPRESSIONA MAURITIAN COMMONLY USED EXPRESSION
www.sil.mu www.sil.mu
Thank You