Information Security Management Working in Iraq - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

Information Security Management Working in Iraq

Description:

SSCP = ISACA Systems Security Certified Practitioner ... travel outside the IZ, covered with a dark-colored sweatshirt or casual shirt ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 35
Provided by: billca3
Learn more at: http://www.asq0511.org
Category:

less

Transcript and Presenter's Notes

Title: Information Security Management Working in Iraq


1
Information Security ManagementWorking in Iraq
  • Bill Casti, CQA, SSCP, CISM, CISA, CITP, ITIL
    Foundations
  • ASQ Section 0511
  • Northern Virginia
  • 20 June 2007

2
Introduction
  • Position Senior Advisor, IT Information
    Security Management, eGovernment Services,
    Economic Governance II Project
  • What are all those letters?
  • CQA ASQ Certified Quality Auditor
  • SSCP ISACA Systems Security Certified
    Practitioner
  • CISA ISC2 Certified Information Systems Auditor
  • CISM ISC2 Certified Information Security
    Manager
  • CITP British Computer Society Chartered IT
    Professional
  • ITIL Foundations passed IT Infrastructure
    Library Foundations exam

3
Quality Management in Iraq
  • Short answer There isnt any.
  • Longer answer In order to build effective,
    consistent, repeatable, documented quality
    management, you need a stable infrastructure, and
    thats not there in Iraq as a whole.
  • Quality Management for this presentation This
    slide show has been quality-managed by me, but I
    cant tell you much about quality management in
    the Government of Iraqtheres no formal or
    informal system for that. Someday maybe, but not
    today.
  • Day2Day working environment in Iraq for regular
    workers Their big issue is getting to and from
    work alive. QMS kind of takes a backseat to that.

4
Econ Gov II Project
  • Project is USAID-funded
  • Project was just picked up for both of its
    one-year extension options, runs thru September
    2009
  • Project designed to help restore and rebuild
    economic governance for the Government of iraq
  • Project parameters include Fiscal, Tax and
    Customs Reform Monetary policy and Central Bank
    Financial Reform Commercial Law and
    Institutional Reform Utilities/Regulatory Reform
    and Government-wide IT Social Service and
    Pension Reform General policy Implementation and
    Special Projects

5
My TOR (Terms of Reference)
  • Providing technical assistance to the Iraqi
    government in order to help them establish for
    their information requirements the legislation,
    processes, procedures, and technical requirements
    required to economically manage the resources,
    collection, storage, and sharing of information
    with the goal to provide
  • Transparency of Government
  • Increased access to Government
  • Decrease in discrimination
  • Increase in commerce
  • Increase in foreign investment
  • Reduction in the cost of government
  • Increased efficiency of government
  • Increased security
  • Private Sector participation

6
TOR (cont.)
  • Tasks
  • Provide assistance to the National CIO Office
  • Establish Government-wide information security
    standards that comply with international best
    practice
  • Establish a plan for implementing IT security
    standards across all Government Ministries
  • Build capacity and understanding of security
    standards

7
Expected Deliverables
  • In conjunction with team members and the
    National CIO office develop Government wide IT
    security standards
  • In conjunction with team members and the
    National CIO office develop a comprehensive IT
    security management capacity building program
    that covers
  • o Security policy
  • o Disaster recovery planning
  • o Risk management
  • o Securing the network
  • o Intrusion detection, hacking
  • o Computer forensics
  • o Implementing PKI
  • Develop and conduct the following training
    seminars
  • o Disaster recovery planning
  • o Securing the network
  • o Risk management

8
Some Threats to Information
  • Employees who can you trust?
  • Unstable infrastructure
  • Information transmission risks, both natural and
    man-made
  • Verbal communications
  • Printed documents
  • Facility security
  • Back-up sites

9
Information Security Management
  • The ISO 17799 Way
  • Safeguarding the confidentiality,
  • integrity, and availability of
  • written, spoken and computer information.

10
What is Information Security?
  • BS ISO/IEC 177992005 defines this as
  • Confidentiality ensuring that information is
    accessible only to those authorized to have
    access
  • Integrity safeguarding the accuracy and
    completeness of information and processing
    methods
  • Availability ensuring that authorized users have
    access to information and associated assets when
    required

11
Security for Advisors
  • Private security service is employed full-time
    to take advisors to/from venues in the Red Zone
  • To Venues
  • All Advisors wear body armor during any travel
    outside the IZ, covered with a dark-colored
    sweatshirt or casual shirt
  • Lead car is Level 4 armored, low-profile BMW or
    Mercedes that fits into the milieu of typical
    cars you see on the street no big Chevy
    Suburbans or Ford Excursions with lots of
    flashing lights and military escorts two armed
    guards in front, maximum of two advisors in back
  • Trailing car is soft-side Nissan Altima or
    similar low profile car with two armed guards.

12
Corporate Camp Living
13
Camp Living (cont.)
14
Camp Living (cont.)
15
Camp Living (cont.)
16
Camp Living (cont.)
17
Camp Living (cont.)
18
Camp Living (cont.)
19
Camp Living (cont.)
20
Thanksgiving 2006
21
Thanksgiving 2005
22
Traveling to/from the Airport
23
Science Technology Counterparts
Sundus Mousa
Dr. Mahmood Sharief Director-General ITD
24
Red Zone Pics
25
Red Zone Pics
26
Red Zone Pics
27
Travel to/from BIAP
28
Baghdad international Airport
29
BIAP
30
Note
  • The relevance of any control should be
    determined in the light of the specific risks an
    organization is facing. Selection of controls
    should be based on a risk assessment.
  • BS ISO/IEC 177992005

31
Controls for Best Practice
  • An Information Security Management Plan
  • Documented Roles and Responsibilities
  • Ongoing Information Security Education and
    Training
  • Ongoing Risk Assessments and Management of Risk
  • Reporting of Information Security Incidents and
    Events
  • Documented Disaster Recovery and Continuity of
    Business Operations Plans
  • Leveraging existing or off-the-shelf controls as
    needed to reduce labor and financial costs and to
    preclude reinventing the wheel

32
Customer and Other Contractual Requirement
Considerations
  • Security Screening
  • Restricted Access
  • Physical perimeters
  • Data storage
  • Encryption
  • Digital signatures
  • Biometrics

33
Questions?
34
Contact Information
  • Bill Casti, CQA, SSCP, CISM, CISA, CITP, ITIL
    Foundations
  • eGovernment Services IT Advisor, eGovernment
    Services
  • Iraq Economic Governance II Project
  • BearingPoint
  • 964 (0) 790.191.9612 Iraqna Mobile
  • 1.703.879.5635 Skype VoIP
  • Email bill.casti_at_bearingpoint.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Security Management Working in Iraq" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!