Information Security Management System - 6815 Words

[pic] HINDALCO INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION AND CHALLENGES A study by Akash Pandey - MBA (IT) Indian Institute of Information Technology Allahabad, U.P. This study is submitted in fulfillment of the requirements for the degree in Master of Business Administration from Indian Institute of Information Technology, Allahabad June 2008 [pic] INDIAN INSTITUTE OF INFORMATION TECHNOLOGY (Deemed University) Jhalwa, Deoghat. Allahabad. SUMMER TRAINING CERTIFICATE This is to certify that Akash Pandey of MBA (IT)/ MSCLIS Batch 2008-10 at Indian Institute of Information Technology, Allahabad has successfully completed his/her Summer Internship during 20th†¦show more content†¦Figure 13: Asset Analysis†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦42 Figure 14: Business Impact Analysis†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦43 Figure 15: Vulnerability Analysis†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦..†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.44 Figure 16: Risk Analysis†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.45 Figure 17: Implement Risk Treatment†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦..†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦46 Figure 18: Analyze Control Effectiveness†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦47 Figure 19: Security Incident Monitoring†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦..48 Terms and definitions For the purposes of this document, the terms and definitions given in ISO/IEC 27001, ISO/IEC 17999, are as follows: Asset- anything that has value to the organization [ISO/IEC 13335-1:2004] Availability-the property of being accessible and usable upon demand by an authorized entity [ISO/IEC 13335-1:2004] Confidentiality-the property that information is not made available or disclosed to unauthorized individuals, entities, or processes [ISO/IEC 13335-1:2004] Integrity- the property of safeguarding the accuracy and completeness of assets [ISO/IEC 13335-1:2004] Threat- a potential cause of an unwanted incident, which may result in harm to a system or organization [ISO/IEC 13335-1:2004] Vulnerability- a weakness of an asset or group of assets that can be exploited by a threat [ISO/IEC 13335-1:2004] Impact- adverse change to the level of business objectives achieved Information security risk- potential that aShow MoreRelatedImplementation Of The Information Security Management System1355 Words   |  6 PagesStandardization (ISO) 27002 defines information as an asset that may exist in many forms and has value to an organization. Information Technology (IT) security governance is the system by which an organization directs and controls IT security (adapted from ISO 38500). Successful implementation of the information security management system (ISMS) is governed by analyzing security requirements to protect organizational information assets and apply appropriate security controls to ensure their protectionRead MoreThe Scope Of The Information Security Management System1880 Words   |  8 PagesA. Scope Outline The scope of the Information Security Management System (ISMS) is limited to Small Hospital Grant Tracking System (SHGTS) (a Microsoft Access 97 database), its host general support system (GSS) (JINX server EOC3FPR02GroupsSSR), and the remote access server (RAS). The servers are located at the Healthy Body Wellness Center (HBWC) executive office facility. 1. Business Objectives The primary business objective of the Healthy Body Wellness Center (HBWC) is to promote improvements inRead MoreSecurity Management Models for Information Systems Essay1075 Words   |  5 PagesBackground Security management within the context of information systems â€Å"needs a paradigm shift in order to successfully protect information assets† (Eloff Eloff, 2003). Due the rapid increase in information security threats, security management measures have been taken to proactively remedy the growing threat facing information security. As a result of this, security management â€Å"is becoming more complex everyday, many organization’s security systems are failing, with serious results† (Fumey-NassahRead MoreCode Of Practice For Information Security Management System1090 Words   |  5 PagesThe ISO 27002 Information Technology Security Techniques, Code of Practice for Information Security Management and NIST 800-53 standards were used to make revisions to the SLA. In particular, the ISO 27002 standards are industry recognized standards for development of an information security management system. The NIST 800-53 are U.S. government security standards for federa l information systems; granted, they are also used for non-governmental systems. In sum, the difference between the two frameworksRead MoreThe Health Body Wellness Center1559 Words   |  7 Pageshospital grant tracking system. This system enables them to allocate and track the gifts within a specified period. OGG assigns awards to one hospital and follows how they have been utilized within a period of one month. The unused portion of the subsidy is recalled and issued to another hospital. This is done in a continuous and rotational manner. The organization has a security objective of protecting the database from being altered. Since the data is held in the system, there are regulations thatRead MoreSecurity Information And Event Management1496 Words   |  6 Pagesheavily on the management of information across their organization – from customer records to critical corporate financial data. Without high-tech measures to protect all enterprise data from security threats, the businesses’ processes, regulatory compliance efforts, and even financial security can be at risk. The security information and event management (SIEM) market is defined by the customer s need to analyze security event data in real time for internal and external threat management, and to collectRead MoreEssay on Internal Control Checklist870 Words   |  4 PagesComprehensive Checklist for Evaluating Internal Controls ACC/544: Internal Control Systems Comprehensive Checklist for Evaluating Internal Controls As defined by the COSO framework, there are five elements that are used to explain an internal control system applied in an organization. These elements include: 1. Control Environment – The control environment is the foundation for the other four components of internal control. It outlines discipline and structure for the internal controlRead MoreKey Features Of Information Systems1727 Words   |  7 PagesFeatures of information systems 2 2.0 What is a Management Information System (MIS)? 3.0 MIS Packages 4.0 5.0 6.0 Features of information systems There are five features of information systems. The first feature is software. Both simple and complex software is available. Simple software can be used by smaller companies that need a basic system. Complex software is used by bigger companies which can afford to invest in this as they require very detailed management to be ableRead MoreComputerised Management Information System in Students Result and Transcript Computation1428 Words   |  6 PagesCOMPUTERISED MANAGEMENT INFORMATION SYSTEM IN STUDENTS RESULT AND TRANSCRIPT COMPUTATION 1James Agajo 2Ogedengbe Emmanuel 3Bagudu Igbekele Federal Polytechnic Auchi, Edo State, Nigeria ABSTRACT: This work proffers solution to the problem associated with the old conventional way of manual generation and issuance of transcript, Automated transcript system addresses the problem of excessive paper work, delay in transcript issuanceRead MoreEvaluation Of A Transaction Processing System937 Words   |  4 Pagesprocessing system is an information processing system for business transactions involving the collection, modification and retrieval of all transaction data. Transaction processing system characteristics are performance, reliability and consistency. Management information systems is an arrangement of equipment and procedures, that are often computerized, and is designed to provide managers with information and support on activities and functions for management company. Management information system