Security Implications of Integrating Systems (part 1)

Video Activity

In this Security Implications of Integrating Systems and Third Party Organizations lesson you'll learn strategies for managing risk when external entities become part of your internal business operations. We begin by introducing onboarding for new employees as well as business partners & vendors, what concerns arise using social media, the various ...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
3 hours 47 minutes
Difficulty
Beginner
CEU/CPE
3
Video Description

In this Security Implications of Integrating Systems and Third Party Organizations lesson you'll learn strategies for managing risk when external entities become part of your internal business operations. We begin by introducing onboarding for new employees as well as business partners & vendors, what concerns arise using social media, the various types of service delivery and support services agreements there are and other. [toggle_content title="Transcript"] Summarizing the security implications of integrating systems and data with third party organizations. The first item we'll talk about is on-boarding and off-boarding business partners. For on-boarding, whenever you introduce new people, new contractors, new personnel into your business environment, you're introducing new risk. There are security concerns you should have. On-boarding has to do with bringing new employees or business partners up to speed on the security protocols and objectives within your organization. You have to allow them time to understand the security practices within your organization. That is the on-boarding, as you're bringing them on board, you introduce them to your policies. Introduce the personnel, introduce the staff, introduce your business partners to your policies so that everybody is on the same page. For off -boarding, this is when you're letting staff go or you're ending business partnerships with other organization. For off-boarding it ensures that employees or partners leaving the organization and the business do not pose a security threat or risk to the organization. They should go through exit interviews, they should ensure that we have knowledge of all responsibilities they had, all access they had such that some of these access we could disable. You don't want people that have left the organizations or have no business relationships any further, to still have access to your network environment. Social media networks and applications, we need to be very careful in this day and age. There is a lot of dependence on social media: Facebook, twitter and some other ones like that. We have to be very careful how much information or the nature of the information we let out on some of these pages. Information going out to these media have to be properly reviewed to ensure that they actually mean what they mean. It is possible that individuals are trying to say something but end up typing something else. We also have to be careful so that sensitive or personally identifiable data or private information is not disclosed through some of these media. Also applications that we have these days. We have a lot of apps that are used for access from organizations. A lot of organizations create their own apps. We have to be careful how much information is captured by these apps, what information could be disclosed about the organization as well. What these apps have access to on media on which they are installed. All of these pose a security responsibility of the organization so we must look into them in more detail to ensure that there is no breach of confidentiality or even integrity and availability of information through the use of these media and these apps. Inter-probability agreements, these are agreements that are put in place to spell out the terms of agreement between different entities working towards a mutual goal. Two or more entities working towards a mutual goal have to come up with these Inter-probability agreements such that they have a common understanding of what the goals will be or what the goals are so that no one organization is working counter to other organizations that are in the agreement. The service level agreement is an agreement understanding between two entities. This could be internal to an organization or external to an organization. Organization A is providing organization B a service. Both have to sit down to agree on the level of service to be delivered. What is expected? How often is it expected and what is the baseline? So that if something is lacking, organization B who's receiving the service knows how to better respond or correct organization A providing the service. So between these two organizations, there has to be the service level agreements. Service level agreements could also be formed within an organization itself. It could be between departments such that we know between two departments, the level of service that is required, the level of service that has been agreed so that we can keep a benchmark as to, is the service dropping or are we meeting the service agreement? Business partner agreements have to be formed within organizations such that multiple organizations that are working towards a common goal understand the agreements that are between or that service these goals. The Business partner agreements describe how businesses would be conducted amongst the partners. We have general agreements, we have limited agreements, we have business agreements, limited liability agreements, general agreements and joint partnership agreements. All these agreements have to be arrived at. They have to be carefully spelt out so that every entity understands their responsibilities. The memorandum of agreements, this relates the terms of cooperation between two organizations wishing to seek a common goal. They have to come up with what we call the memorandum of agreement. In this agreement they spell out their individual responsibilities. They spell out their area of authority, their jurisdictions and responsibilities towards the achievement of the common goal between the two organizations. These have to cover things like their security policies, their procedures, their policies, their practices and standards so that every entity understands carefully their responsibilities towards the common goal. The inter-connection security agreement, this agreement details how information between two organizations will securely connect and share information in a secure fashion. We want to have two organizations explain to each other these methods or these protocols or these services are required for our systems to directly connect to your own systems so that we can effectively, securely and confidently share information without data breach, confidentiality, integrity or availability disappointments. Organizations have to sit together and agree on the terms, the protocols, the network architecture so that data could be securely shared amongst both organizations without any compromise to the security goals. [/toggle_content]

Video Transcription
00:04
summarizing the security implications of integrating systems on data. We thought party
00:11
organizations
00:13
the first item would talk about his on boarding on off boarding business partners
00:19
for on boarding
00:21
Whenever you introduced new people, new contractors, new personnel into your business environment,
00:29
you are introducing new risk. There are security concerns. You should have
00:34
the own. Borden
00:36
has to do it. Bring a new employee or business practice partners off to speed on the security protocols on objectives within the organization. You have to allow them time, understand the security practices within your organization. That is the only body. And as you are bringing them on board,
00:55
you introduce them to your policies. Introduce the personnel,
00:58
introduce their staff, introduce your business partners to your policies so that everybody is on the same page
01:04
for off boarding. This is when you're letting stuff go or you're
01:11
ending business partnerships with other organization for your body. It ensures that employees or partners leaving the organization on the business do not pose a security threat or risk to the organization,
01:23
so they should go to exit interviews. They should ensure that we have knowledge of all
01:32
responsibilities. The heart
01:34
oh access they hade so that some of this access we could disable.
01:41
You don't want people that I've left the organizations or have no business relationships. Any further toe still have access to your network environment,
01:49
so shall meet their networks on applications. We need to be very careful in this day and age. There's a lot of dependence on social media
01:57
Facebook tweeter
02:00
on some other ones like that. We have to be very careful how much information or the nature of the information we let out on some of these pages. So information going out so these media have to be properly reviewed to ensure that they actually mean what they mean.
02:19
It is possible
02:20
that individuals are trying to say something, but end up
02:24
typing something else. We also have to be careful so that sensitive or personally identifiable data or private information is not disclosed through some of these media.
02:37
Also applications that we have these days. We have a lot of APS that I used for access from organizations.
02:44
Another of organizations create their own abs. We have to be careful how much information is captured by these APS. What information could be disclosed about the organization as well what these UPS have access to on media on which they are installed. All of these pose a security responsibility
03:01
off the organization. So we must look into them in more detail to ensure that
03:06
there is no breach off confidentiality or even integrate integrity on availability of information through the use off these media on these maps.
03:16
Interoperability agreements. These are agreements
03:21
that are formed between that I put in place to spell out the terms off agreement between different entities working towards a mutual goal.
03:30
So two and two or more entities working towards a mutual goal have to come up with this interoperability agreement so that they have a common understanding off what the goals will be or what the goals are so that no one organization is working counter to other organizations that
03:50
in the agreement
03:52
the service level agreement is an agreement understanding between
03:55
two entities. This could be internal to an organization or external to an organization organization. A is providing organization, be a service, would have to sit down to agree on the level of service to be delivered.
04:12
What is expected? How often is it expected on what is the baseline so that if something is locking organization, be who's receiving the service known? How knows howto better respond or correct organization? A. Providing the service. So between these two organizations, there has to be the several level
04:31
service level agreement.
04:32
Service level agreements could also be formed within an organization itself. It could be between departments
04:40
so that we know between two departments the level of service that is required. The level of service that has been agreed so that we can keep a benchmark as toe. Is the service dropping or are we meeting the service agreement?
04:56
Business partner agreements have to be formed within organizations so that multiple organizations that are working towards a common goal understand the agreements that between or that service these gold
05:10
the Business Partner Agreement describe how businesses will be conducted Among the partners
05:15
General Limited Way have general agreement. We have limited agreements. We have business agreements,
05:23
you know, limited liability agreements, general agreements on joint partnership agreements. All these agreements have Toby arrived at They have to be careful. You spelled out so that every entity understands their responsibilities.
05:39
The memorandum of agreement.
05:41
This relates the terms off cooperation between two organizations wishing to seek a common goal. So two organizations reaching to seek a common goal. They have to come up with what we call the memorandum of agreement. In these agreements, they spell out their individual responsibilities. This spell out their area, authority, their jurisdictions
06:00
on responsibilities towards
06:02
the achievement off the common goal between the two organizations. These after cover things like their security policies.
06:11
They're Presidio's, their policies, their practices and standards so that every entity understands carefully their responsibilities towards the common goal.
06:20
The Interconnection Security Agreement. This agreement details how information between two organizations will securely connect
06:30
on share information in the secure fashion.
06:33
We want to have two organizations explained to each other this these methods or these protocols or the service's are required for our systems to drive. You connect to your own systems so that we can effectively securely on confidently share information. Without that, our breach,
06:51
confidentiality, integrity or availability disappointments. So organizations have to sit together and agree on the terms, the protocols, the network architecture so that that would be securely shared amongst both organizations
07:10
without any compromise, tow the security goals
Up Next
IT Security Governance

IT Security Governance is a type of risk management process that can be applied to business operations, identifying critical information and protecting that information from enemies

Instructed By