Identificarea amenintarilor si vulnerabilitati in tehologia informationala

Amenintare - intenţia de distruge tehnologia informationala Vulnerabilitate – proprietatea de a fi usor atacat Tehnologia informationala – tehnologia care asigura utilizarea datelor (hardware si software)

1. Hardware – totalitatea componentelor (fizic) unui sistem informatic 2. Software - totalitatea componentelor (logic) unui sistem informatic 1. amenintari - intentionate –personalul de paza ar trebui inlocuit cu camere de filmat si sistem de alarma pentru a evita erorile umane . - neintentionate – sunt amenintarile care se produc neintentionat ,cum ar fi intreruperea energiei electrice ,inundatii ,incendii ,cutremure,fulgerele,caderile de tensiune ,praful,umezeala ,temperature variabila . vulnerabilitate natural sau uman, tehnic : furtul ,deterioarea . 2. amenintari -intentionate –infectarea cu un virus informatic ,furtul sau copierea programului pentru a fi folosit in aplicatii concurente ,alocarea necorepunzatoare de drepturi de access in retea ,accesarea unor situri virusate ,furt de informatii care pot fi utilizate in interesul concurentei . Pentru a evita aceste accidente fiecare calculator trebuie parolat ( user + parola) pentru a se vedea exact din server ( in fuctie de IP calculatorului siturile accesate . - neintentionate – stergerea neintentionata a unor programe . -virusi (ex) www.microsoft.com – antivirus (update de aplicatie si baza de date) hackeri utilizatori firewall criptari update de aplicatii update de sistem de operare

vulnerabilitati - instalarea unei aplicatii netestate

neconcordanta intre culegerea datelor si aplicatie (sistem informational si sistem informatic) . a company or a government department) Critical A business Business application Applications that is critical to the success of the enterprise..g. The target audience of the The security Critical business applications CB aspect will typically requirements of of any: include: the application and the Type (including arrangements   Owners of made for transaction processing. along with the  Information allocation of security managers (or appropriate resources. customer service.  Size (e.inlaturarea breselor lasate de programator Standardul bunei practice Aspect Focus Target audience Issues probed Scope and coverage Security management arrangements within:  A group of companies (or equivalent)  Part of a group (e. acceptable charge of business levels. information  Heads of security information security practices across the functions enterprise. equivalent)  IT auditors .g. funds and keeping them within  Individuals in transfer. subsidiary company or a business unit)  An individual organization (e. and workstation processes that are applications) dependent on applications  Systems integrators  Technical staff.g. business applications identifying risks process control. applications supporting thousands of users or just a few) Security Management (enterprisewide) The Security The target audience of the commitment provided by top management SM aspect will typically management to at enterpise include: promoting good level. such as members of an application support team.

g. including: one or more include: for network business services are Wide area networks applications identified. information or a particular security  Heads of systems requirements) systems development are identified. and the largest mainframe. offices.g. or integrated Systems A systems The target audience of the How business Development development SD aspect will typically requirements unit or include (including department. and  IT auditors warehouses) Networks A network The target audience of the How Any type of communications that supports NW aspect will typically requirements network. data centers  Running in  IT managers specialized environments  Third parties that (e. an individual  Third parties that department or business provide network unit) services (e. development project. The target audience of the How Computer installations: CI aspect will typically requirements include: for computer  Of all sizes (including services are identified. data. including:  Projects of all sizes (ranging from many worker-years to a few woker-days)  Those conducted by . factories.Computer A computer Installations installation that supports one or more business applications. Internet  Those based on service providers) Internet technology such  IT auditors  as intranets or extranets Voice. a purpose-built data operate computer center). computer installations computers are set up and run and groups of in order to meet  Individuals in those workstations) charge of running requirements.g.g. and how functions systems are designed and  System built to meet Development activity of all types.g. and   Heads of how the (WANs) or local area networks are specialist network networks (LANs) set up and run functions in order to meet  Large scale (e.  Owners of how the server-based systems. or in ordinary installations for the working environments organization (e. those  Network requirements. enterprise-wide) or small managers scale (e.

g. Business department)  of corporate general business unity.and the workstation protection of several individuals to security coordinators information applications groups of hundreds or to support associated with business mobile thousands)  Informationprocesses. specialist units or departments. De asemeni. any type of developer (e. or call use corporate  Individuals in the and critical business workstation center) end-user environment applications. applications  Of any size (e.g. stabilirea prioritatii accesului la baza de date. use corporate department. business unit education and  or awareness. in which business managers individuals applications factory floor. Aspect Focus Target audience Manager IT Issues probed Scope and coverage Este vorba despre o companie independenta in care sarcinile sunt impartite in mod clar intre angajati cu constientizarea responsabilitatilor specifice. .g.developers  IT auditors those requirements. Managementul securitatii implica evaluarea riscurilor. protejarea Security Management (enterprisewide) Mnagementul securitatii la nivelul entitatii analizate Managerul IT aduce la cunostinta Administrator retea personalului angajat responsabilitatile legate de Auditor IT intern asigurarea (serviciu externalizat) confidentialitatii si securitatii datelor procesate si a Tehnician IT.g. security managers (or  That include equivalent) individuals with varying degrees of IT skills and awareness of information security. computing. or business users)  Those based on tailormade software or application packages End User An The target audience of the The End-user environments: Environment environment UE aspect will typically arrangements (e. or critical  Local information. outsourcers. in informatiilor obtinute in urma cadrul prelucrarii departamentului IT acestora. a include: for user Of any type (e.

cu detin cheia hard proprietati ca si cele introduse care permite pe calculatorul central. Este o licenta in urma utilizatrea deplina retea cu un server si 9 incheierii unui a programului.conducerea asigura pregatirea impotriva amenintarilor continua a intentionate sau angajatilor cu neintentionate. conectarea la internet. Revizii Computerele functioneaza in birouri in care le este asigurata temperatura optima si sunt aparate de eventiuale amenintari de ordin fizic. WinMENTOR a fost face de catre persoanele care dupa cuplare avand aceleasi achizitionat legal. contract intre doua are o parola persoane juridice. Critical Foarte Business important Applications pentru business-ul desfasurat este produsul software de contabilitate utilizat Accesul la soft-ul Apliactia utilizata permite Programul informatic de contabilitate se lucrul in retea. Computer Reteaua de Installations computere asigura suportul tehnic pentru desfasurarea activitatii Tehnicianul IT. calculatoare conectate intre Fiecare calculator ele cu ajutorul unui swich. Utilizatorii administratorul de programelor retea. specialisti de la sesizeaza firma care a furnizat probleme aparute soft-ul de in timpul contabilitate asigura exploatarii buna functionare a programelor si le computerelor astfel comunica incat firma sa poata departamentului duce la indeplinire IT. Firma care a furnizat Este instalat un programul asigura si program firewall de monitorizare a servicii de accesului la baza consultanta in ceea de date. Deoarece este ce priveste posibila exploatarea acestuia. si minimizarea privire la exploatarea vulnerabilitatilor la care este eficienta si supus sistemul. acestui departament deleaga  responsabilitatile catre persoana spacializata in problema depistata. Managerul sarcinile de business. . concomitent cu modificarile legislative se pot descarca de pe siteul oficial al firmei. distincta inclusiv  serverul. De asemeni se asigura paza sediului 24 ore din 24. Datele transferate sunt cuplate logic. corecta a programelor utilizate. este Ultimele modificari instalat un antivirus cu ale programului licenta iar mailul este criptat.

Indivizi cu cunostinte de IT si de securitate a informatiei capabili sa inspire angajatilor responsabilitatile aferente postului si constientizarea urmarilor actiunilor intreprinse de acestia asupra aplicatiei utilizate si a business-ului in sine. Auditorul intern are de asemeni un rol important in elaborarea unor solutii si sugestii legate de functionalitatea si securitatea retelei. Astfel de indivizi provin .periodice sunt efectuate de catre administratorul de retea si tehnicianul IT. Pe Managerul IT viitor. securitate End User Aplicatii de Environment sustinere a proceselor specifice businessului Traininguri si Manager de business sesiuni de Manager IT informare pentru angajati din partea conducerii si asistenta din partea furnizorilor de programme informatice in ceea ce priveste modificarile si schimbarile aparute in programe. odata cu dezvoltarea Auditorul IT afacerii se va simti nevoia aparitiei unui Manager de astfel de grup de lucru. Networks Reteaua este Responsabilitatea conceputa pentru a privind intretinerea suporta nivelul retelei revine de trafic administratorului de retea asistat de tehnicianul IT si de eventuali specialisti externi Administratorul de Este o retea la scara mica de retea identifica poblemele retelei tip LAN si intocmeste un raport pe care-l  comunica managerului IT sugerandu-i acestuia solutii posibile de rezolvare. In cazul unor probleme mai complexe se apeleaza la serviciile unei firme specializate. ---------------------Pentru viitorul apropiat singura solutie in cazul aparitiei unor necesitati de acest fel ar fi externalizarea activitatii de dezvoltare de sisteme Systems Nu exista la Mangerul de Development momentul actual un business departament de dezvoltare a sistemelor.

http://www.smartofficenews.com/blog/main/archives/2005/11/outsourcing_it. http://www.informationweek.com/dienstleistungen/it-bedrohungs-und-risikoanalyseen. html 3.mspx 5.Aducerea la cunostinta angajatilor a responsabilitatilor legate de confidentialitatea informaiilor procesate si a datelor manipulate. www.microsoft.au/Business/Technology/W2M2N6L8 2.http://www.com/technet/security/guidance/architectureanddesign/ipse c/ipsecapd. http://oneconsult.org 4.com. de cele mai multe ori din interiorul companiei dar pot veni si din afara atunci cand este nevoie de astfel de specialisti  1.isaca.html .

Sign up to vote on this title
UsefulNot useful