Security Guide for Interconnecting Information Technology S - PowerPoint Presentation

Slide1

Security Guide for Interconnecting Information Technology Systems

ANUSHA KAMINENISECURITY MANAGEMENTSlide2

AGENDA

IntroductionBackgroundLifecycle of System InterconnectionSlide3

EXECUTIVE SUMMARY

Security guide for Interconnecting systemsLife-Cycle ManagementPlanning a system interconnectionEstablishing a system interconnectionMaintaining a system interconnection

Disconnecting a system

interconnection

ISA and MOU/A

System Interconnection Implementation planSlide4

INTRODUCTION

AuthorityPurposeScopeAudienceDocument StructureSlide5

BACKGROUND

Figure 1: Interconnection ComponentsSlide6

Why to interconnect IT systems?

Exchange data & informationProvide customized levelsCollaborate on Joint projectsProvide full time communicationsProvide online trainingProvide secure storage of dataSlide7

PLANNING A SYSTEM INTERCONNECTION

Figure 2. Steps to plan a system interconnectionSlide8

PLANNING A SYSTEM INTERCONNECTION

Establish a Joint planning teamDefine the Business casePerform C & ADetermine Interconnection RequirementsDocument Interconnection AgreementApprove or Reject InterconnectionSlide9

Determine Interconnection Requirements

Level and method of interconnectionImpact on existing Infrastructure and OperationsHardware RequirementsSoftware RequirementsData Sensitivity

User Community

Services and Applications

Security controls

Segregation of Duties

Incident Reporting and Response

Contingency PlanningSlide10

…..continued

Determine Interconnection Requirements

Data element naming and ownership

Data Backup

Change Management

Rules of Behavior

Security Training and Awareness

Roles and Responsibilities

Scheduling

Costs and BudgetingSlide11

Document Interconnection Agreement

Develop an interconnection security agreementEstablish a memorandum of UnderstandingSlide12

Approve or Reject Interconnection

Approve the interconnectionGrant interim approvalReject the interconnectionSlide13

ESTABLISHING A SYSTEM INTERCONNECTION

Fig 3. Steps to Establish a system InterconnectionSlide14

ESTABLISHING A SYSTEM INTERCONNECTION

Develop Implementation PlanExecute Implementation PlanActivate InterconnectionSlide15

Execute Implementation Plan

Implement or configure security controlsFirewallsIntrusion DetectionAuditing

Identification and Authentication

Logical Access controls

Virus scanning

Encryption

Physical and Environmental securitySlide16

…. continued Execute

Implementation PlanInstall or configure hardware and softwareCommunications lineVPN

Routers and switches

Hubs

Servers

Computer Workstations

Integrate Applications

Conduct operational and security testing

Conduct security Training and awareness

Update systems security plans

Perform Recertification and ReaccreditationSlide17

MAINTAINING A SYSTEM INTERCONNECTION

Maintain clear lines of communicationMaintain equipmentManage user ProfilesConduct security reviewsAnalyze audit logsReport & respond to security incidents

Coordinate contingency planning activities

Perform Change management

Maintain system security plansSlide18

DISCONNECTING A SYSTEM INTERCONNECTION

Planned disconnectionEmergency disconnectionRestoration of interconnectionSlide19

EXECUTIVE SUMMARY

Security guide for Interconnecting systemsLife-Cycle ManagementPlanning a system interconnectionEstablishing a system interconnectionMaintaining a system interconnection

Disconnecting a system

interconnection

ISA and MOU/A

System Interconnection Implementation planSlide20

IMPORTANT TERMS

Audit TrailIntegrated Services Digital Network(ISDN)Interconnection Security Agreement(ISA)Intrusion Detection System (IDS)Memorandum of Understanding/Agreement(MOU/A)

RADIUS (Remote Authentication Dial-In User Service)

Security Controls

System interconnection

Virtual Private Network(VPN)Slide21

QUESTIONS?