Download - June, 2007: Working in Iraq
![Page 1: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/1.jpg)
1
Information Security Management
Working in Iraq
Bill Casti, CQA, SSCP, CISM, CISA, CITP, ITIL Foundations
ASQ Section 0511
Northern Virginia
20 June 2007
![Page 2: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/2.jpg)
2
Introduction
• Position: Senior Advisor, IT Information Security Management, eGovernment Services,
Economic Governance II Project
• What are all those letters?
• CQA = ASQ Certified Quality Auditor
• SSCP = ISACA Systems Security Certified Practitioner
• CISA = ISC2 Certified Information Systems Auditor
• CISM = ISC2 Certified Information Security Manager
• CITP = British Computer Society Chartered IT Professional
• ITIL Foundations = passed IT Infrastructure Library Foundations exam
![Page 3: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/3.jpg)
3
Quality Management in Iraq
• Short answer: There isn’t any.
• Longer answer: In order to build effective, consistent, repeatable, documented quality management, you need a stable infrastructure, and that’s not there in Iraq as a whole.
• Quality Management for this presentation: This slide show has been quality-managed by me, but I can’t tell you much about quality management in the Government of Iraq…there’s no formal or informal system for that. Someday maybe, but not today.
• Day2Day working environment in Iraq for regular workers: Their big issue is getting to and from work alive. QMS kind of takes a backseat to that.
![Page 4: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/4.jpg)
4
• Project is USAID-funded
• Project was just picked up for both of its one-year extension options, runs thru September 2009
• Project designed to help restore and rebuild economic governance for the Government of iraq
• Project parameters include: Fiscal, Tax and Customs Reform; Monetary policy and Central Bank; Financial Reform; Commercial Law and Institutional Reform; Utilities/Regulatory Reform and Government-wide IT; Social Service and Pension Reform; General policy Implementation and Special Projects
Econ Gov II Project
![Page 5: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/5.jpg)
5
• Providing technical assistance to the Iraqi government in order to help them establish for their information requirements the legislation, processes, procedures, and technical requirements required to economically manage the resources, collection, storage, and sharing of information with the goal to provide:
•Transparency of Government• Increased access to Government• Decrease in discrimination• Increase in commerce• Increase in foreign investment• Reduction in the cost of government• Increased efficiency of government• Increased security• Private Sector participation
My TOR (Terms of Reference)
![Page 6: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/6.jpg)
6
TOR (cont.)
Tasks
• Provide assistance to the National CIO Office:
1. Establish Government-wide information security standards that comply with international best practice
2.Establish a plan for implementing IT security standards across all Government Ministries
3.Build capacity and understanding of security standards
![Page 7: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/7.jpg)
7
Expected Deliverables
• In conjunction with team members and the National CIO office develop Government wide IT security standards
• In conjunction with team members and the National CIO office develop a comprehensive IT security management capacity building program that covers
o Security policy
o Disaster recovery planning
o Risk management
o Securing the network
o Intrusion detection, hacking
o Computer forensics
o Implementing PKI
• Develop and conduct the following training seminars:
o Disaster recovery planning
o Securing the network
o Risk management
![Page 8: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/8.jpg)
8
Some Threats to Information
• Employees : who can you trust?
• Unstable infrastructure
• Information transmission risks, both natural and man-made
• Verbal communications
• Printed documents
• Facility security
• Back-up sites
![Page 9: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/9.jpg)
9
Information Security Management
The ISO 17799 Way
Safeguarding the confidentiality,
integrity, and availability of
written, spoken and computer information.
![Page 10: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/10.jpg)
10
What is Information Security?
BS ISO/IEC 17799:2005 defines this as:
Confidentiality: ensuring that information is accessible only to those authorized to have access
Integrity: safeguarding the accuracy and completeness of information and processing methods
Availability: ensuring that authorized users have access to information and associated assets when required
![Page 11: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/11.jpg)
11
Security for Advisors
• Private security service is employed full-time to take advisors to/from venues in the Red Zone
• To Venues:
• All Advisors wear body armor during any travel outside the IZ, covered with a dark-colored sweatshirt or casual shirt
• Lead car is Level 4 armored, low-profile BMW or Mercedes that fits into the milieu of typical cars you see on the street; no big Chevy Suburbans or Ford Excursions with lots of flashing lights and military escorts; two armed guards in front, maximum of two advisors in back
• Trailing car is soft-side Nissan Altima or similar low profile car with two armed guards.
![Page 12: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/12.jpg)
12
Corporate Camp Living
![Page 13: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/13.jpg)
13
Camp Living (cont.)
![Page 14: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/14.jpg)
14
Camp Living (cont.)
![Page 15: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/15.jpg)
15
Camp Living (cont.)
![Page 16: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/16.jpg)
16
Camp Living (cont.)
![Page 17: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/17.jpg)
17
Camp Living (cont.)
![Page 18: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/18.jpg)
18
Camp Living (cont.)
![Page 19: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/19.jpg)
19
Camp Living (cont.)
![Page 20: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/20.jpg)
20
Thanksgiving 2006
![Page 21: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/21.jpg)
21
Thanksgiving 2005
![Page 22: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/22.jpg)
22
Traveling to/from the Airport
![Page 23: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/23.jpg)
23
Science & Technology Counterparts
Sundus Mousa Dr. Mahmood ShariefDirector-General ITD
![Page 24: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/24.jpg)
24
Red Zone Pics
![Page 25: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/25.jpg)
25
Red Zone Pics
![Page 26: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/26.jpg)
26
Red Zone Pics
![Page 27: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/27.jpg)
27
Travel to/from BIAP
![Page 28: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/28.jpg)
28
Baghdad international Airport
![Page 29: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/29.jpg)
29
BIAP
![Page 30: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/30.jpg)
30
Note
‘The relevance of any control should be determined in the light of the specific risks an organization is facing. Selection of controls should be based on a risk assessment.’
BS ISO/IEC 17799:2005
![Page 31: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/31.jpg)
31
Controls for Best Practice
• An Information Security Management Plan
• Documented Roles and Responsibilities
• Ongoing Information Security Education and Training
• Ongoing Risk Assessments and Management of Risk
• Reporting of Information Security Incidents and Events
• Documented Disaster Recovery and Continuity of Business Operations Plans
• Leveraging existing or off-the-shelf controls as needed to reduce labor and financial costs and to preclude “reinventing the wheel”
![Page 32: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/32.jpg)
32
Customer and Other Contractual Requirement Considerations
• Security Screening
• Restricted Access
• Physical perimeters
• Data storage
• Encryption
• Digital signatures
• Biometrics
![Page 33: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/33.jpg)
33
Questions?
![Page 34: June, 2007: Working in Iraq](https://reader033.vdocuments.us/reader033/viewer/2022061120/546cb3a7af795971298b500e/html5/thumbnails/34.jpg)
34
Contact Information
Bill Casti, CQA, SSCP, CISM, CISA, CITP, ITIL Foundations
eGovernment Services IT Advisor, eGovernment Services
Iraq Economic Governance II Project
BearingPoint
+964 (0) 790.191.9612 Iraqna Mobile
+1.703.879.5635 Skype VoIP
Email: [email protected]