Information Security Upgrade

priority and next will

try sec the sts like ceo article about cy security attack

[μουσική] atty in order to ask him

rec

[μουσική]

can [μουσική]

sle so security and

cey

[μουσική]

inform the assessment we will have action in then after implementing the action we will have update of our risk assessment and the final step and the most critical how main and upgrade security lev let's go for a detailed record of information categories we are handling in our company these are some categories we are handling and also we must we must create a detail asset inventory the asset inventory we must have in place operating systems not only machines virtual machines etc even human are assets for our company thein of gu us lead us to configuration management database cb where we want to go but at first list do the work what we take account in order to

evaluate ours the financial and the int this will give you the value of every asset and every information and will have you to have an asset categorization and information classification let's have an example of information evaluation we have developed and application sells like crazy customers give us a revenue of 300000 eur per the cost financial cost of this application is the summary of program wages about 000 eur per have only project so the real cost the real value this information is for st costs about 100000 eur buyable cost is if it fails the company will be out of work for about 24 hours 24 hours for company cost [μουσική] 000 the financial cost is the real value

of ass in order simple more simple risk assessment can ranges in

our etc etc after evaluate we class our we can whatever wec whatever for level we ation we

are technic

[μουσική]

[μουσική]

security test us aure

for box ass security ass penetration test [μουσική] do

blacky to have a window window could come into our premises by passing all security measures physical security mees we have in place in order to control our guests the second is interview with person we do that because technical of more my compy maybe have utm etc etc but someone could

myb

after doing things time to conduct cano formal method like 27005 oct etc can risk assessment methodology must be documented deta so we have our asset evaluation we have our internal audit findings and we have our technical security assessment assessment test find these three are the input for the output is something like that

[μουσική]

ours

next step for the security officer after conducting ass what actions that taken

order can treat a risk is apply security controls transfer the risk to another party av the risk by stopping an activity that is too risky or by performing it in a different in a completely different way the last way we can is by accepting it we cannot accept all the risks we are facing

so

theol

[μουσική] new val

l50 no one [μουσική]

[μουσική] bcc decision makers in topi whatever

to

actions [μουσική] solutions

could 2000 3000 and then the most critical part is to quantify what is the new risk level we are facing after impl action we in order toate our c level managers to give money for actions ac [μουσική] what will who until what resources require must know what are the resources we require because if we do not have the resources then have the actions weed

was this steps le us event in information security management syst because everyone must know what are the rules of the game everyone must know what he must do in his job in security so have to build policies procedures guidelines for what is policy company ceo says what he expects from information security in business this is policy access to all corporate system is contr the ceo does know what does that means the information security officer transl ce

personal corpor all systems must re at least username

strong the it department takes the information security officers rules and develops guidelines on how to implement user access control in every system at every app so this is how we build our information security management system the key starting point is first of all we must define the roles and the responsibilities of information sec security officer information security team of physic security

rec if have conflict responsibilities in r the [μουσική] isms impl the controls that in the action weu risk ass in order what real res [μουσική]

[μουσική] cat ma

ma last thing we must do the last step is when the desired security level has been so we are going to our and we are saying done all we decided in our action we downgrade our risk levels so everything is good what we must do in order to maintain this level

[μουσική]

ait sec technic physic

security

party

ait

sec ke to maintain security level landscapes ch we must evolve our isms in order to in order to new lands in the step what we protect in the are the

mosty

whats risk level [μουσική] res as and the final step we must have in all mees weer prev sl in order main sec

lev is presentation

[μουσική]

order ce requirement seas [μουσική]

[μουσική]

[μουσική] ce [μουσική]

[μουσική]

what

in exp we have minimum

pass lo policy disagree with explanation of the

stat

[μουσική]

r

[μουσική]

[μουσική]

con

[μουσική]

[μουσική]

[μουσική] c

theo deci to follow what will lead us to [μουσική] builds if we are an it company the policy could be at the level of procedure and then more

deta be

l how trust person he is the man that has the money give me the money in order to build the level of security i him [μουσική] and if can

sleep for

my of have will have meetings in order to say sometimes feels like you need to extrapolate extrapolate a lot from single policy statement define [μουσική] ofs generic i security security my does what security [μουσική]

in thank you e