managing it it security in in e gp gp
play

Managing IT IT Security in in e-GP GP Alejandro Susel - PowerPoint PPT Presentation

Managing IT IT Security in in e-GP GP Alejandro Susel asusel@holos-consulting.com The evolu lution of power INDUSTRIAL REVOLUTION 02 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com The evolu lution of in


  1. Managing IT IT Security in in e-GP GP Alejandro Susel asusel@holos-consulting.com

  2. The evolu lution of power … INDUSTRIAL REVOLUTION 02 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  3. The evolu lution of in information … 03 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  4. In Information technology – So Some defin inition (busin iness perspective) • Technology • A way of doing something or performing an activity • Information • Any tool that allows us diminish the uncertainty in the decision making process • System • Collection of elements or components that are organized for a common purpose 04 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  5. In Information system vs. s. Com omputer system • Information System • System to provide information • Computer System • Total o partial automation of an Information System • Information and Communication Technology • Hardware + Software + Communications + Human Resources • Hardware: Everything that can be broken with a hammer • Software: Everything you just can insult or curse 05 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  6. Which is is th the sa safer computer? 06 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  7. The pill illars of of in information INFORMATION CONFIDENTIALITY AVAILABILITY INTEGRITY 07 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  8. TRU RUST How do do we we bu build ild it it? Its pillars: Confidentiality, Integrity and Availability … Very important!!! Objectives: • That the person or company that says to be on the other side of the network is who it claims to be • That the transmission through the network has not been modified • That the transmitted data are only seen by those authorized • That the transmitted data can not be repudiated or rejected 08 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  9. An in An information system is is a a GR GREAT Ass sset!!!! How do we protect this Great Asset?... Divide and rule!!!!! Concept Availability Confidentiality Integrity    Physical Dimension    Logical    People 09 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  10. Let’s understand ot other im important con oncepts ASSET VULNERABILITY THREAT 10 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  11. What is a Risk?? • • A risk is the uncertainty of Quantitatively this whether or not an event relationship is reflected in occurs, affecting the the function: achievement of Risk = ƒ ( Probability , Impact) institutional goals and objectives • • The level of risk may be Risks may be the result of measured according to its the effect of internal and impact and probability of external factors occurrence 11 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  12. How doe oes th the need of of man anage risk risks ap appear? "When someone asks me how I can describe my experience of almost forty years at sea, I simply say: placid ...... .. of course there have been winds, storms, fog .... but I never saw a shipwreck or I was shipwrecked, not even some Threat of a disastrous end " E.J. Smith, Captain of RMS Titanic, April 1912 12 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  13. Estrategias de respuestas REDUCE RISK Assume Risk • Aceptar • Planificar • Etc. EVITAR • Enajenar • Detener • Apuntar • Prohibir • Eliminar • Etc. TRANSFERIR • Asegurar • Limitar • Tercerizar Avoid - • Reasegurar Transfer • Indemnizar Ej: Controlar • Dividir • Etc. Alinear la estrategia a la TOLERANCIA al riesgo de la entidad. 13 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  14. Benefit its of of Ri Risk Man anagement 14 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  15. Evaluate tr treatment op options Balance the cost of implementing each option vs the associated benefits. Severity Risk Strategy 15 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  16. ocus TODAY … Publi lic Procurement!!! Our focu One purchase…….One transaction One bid invitation … One transaction One bid response … One transaction • Elements of a transaction • How do we ensure the security of a transaction • Using experience of e-commerce • TRUST, the BASE for developing e-procurement 16 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  17. Im Imple lementing Con onfidenciali lity • Double effect control access • Digital certificates and Digital signature • Encrypting 17 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  18. Identify Id fyin ing who is is of offerin ing • The importance of identifying who is offering, concepts such as authentication and its features would be interesting. Pros and Cons of the different authentication methods 18 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  19. The in integrit ity of of th the of offer itse itself • Also the integrity of the offer itself. How we validate it and provide legal certainty (access to documents and managing submission and opening dates, for example) • How do we know that the offer received is authentic and valid. The same applies to the rest of the documents (purchase orders, invoices, etc.) 19 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  20. Priv rivacy of of in information an and confidential data • Other área is about how we protect privacy of information and confidential data in the offers submitted 20 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  21. Key tak akeaways • Nothing is 100% safe • Find the balance between risk and control • Want to significantly reduce your organizations ’ IT security-related risks? Change the behavior of your users High Managing risks adds value Optimal Value Exposed and Control to destroying value Minimize risks Low Uninformed Managed Obssesed “No brakes – Out “Full brakes of control” Cannot move” 21 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  22. Managing IT Security in e-GP THANK YOU! Alejandro Susel asusel@holos-consulting.com

Recommend


More recommend