Managing IT IT Security in in e-GP GP Alejandro Susel - - PowerPoint PPT Presentation

managing it it security in in e gp gp
SMART_READER_LITE
LIVE PREVIEW

Managing IT IT Security in in e-GP GP Alejandro Susel - - PowerPoint PPT Presentation

Apr 21, 2023 547 likes •787 views

Managing IT IT Security in in e-GP GP Alejandro Susel asusel@holos-consulting.com The evolu lution of power INDUSTRIAL REVOLUTION 02 Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com The evolu lution of in

slide-1
SLIDE 1

Alejandro Susel

asusel@holos-consulting.com

Managing IT IT Security in in e-GP GP

slide-2
SLIDE 2

INDUSTRIAL REVOLUTION

The evolu lution of power…

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

02

slide-3
SLIDE 3

The evolu lution of in information…

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

03

slide-4
SLIDE 4
  • Technology
  • A way of doing something or performing an activity
  • Information
  • Any tool that allows us diminish the uncertainty in the decision making process
  • System
  • Collection of elements or components that are organized for a common purpose

In Information technology – So Some defin inition (busin iness perspective)

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

04

slide-5
SLIDE 5
  • Information System
  • System to provide information
  • Computer System
  • Total o partial automation of an Information System
  • Information and Communication Technology
  • Hardware + Software + Communications + Human Resources
  • Hardware: Everything that can be broken with a hammer
  • Software: Everything you just can insult or curse

In Information system vs.

  • s. Com
  • mputer system

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

05

slide-6
SLIDE 6

Which is is th the sa safer computer?

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

06

slide-7
SLIDE 7

CONFIDENTIALITY AVAILABILITY INTEGRITY INFORMATION

The pill illars of

  • f in

information

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

07

slide-8
SLIDE 8

Its pillars: Confidentiality, Integrity and Availability… Very important!!! Objectives:

  • That the person or company that says to be on the other side of the network is who it claims to be
  • That the transmission through the network has not been modified
  • That the transmitted data are only seen by those authorized
  • That the transmitted data can not be repudiated or rejected

TRU RUST How do do we we bu build ild it it?

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

08

slide-9
SLIDE 9

How do we protect this Great Asset?... Divide and rule!!!!!

Dimension Physical Logical People Availability Integrity Confidentiality

        

Concept

An An in information system is is a a GR GREAT Ass sset!!!!

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

09

slide-10
SLIDE 10

ASSET VULNERABILITY THREAT

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

Let’s understand ot

  • ther im

important con

  • ncepts

10

slide-11
SLIDE 11
  • A risk is the uncertainty of

whether or not an event

  • ccurs, affecting the

achievement of institutional goals and

  • bjectives
  • The level of risk may be

measured according to its impact and probability of

  • ccurrence

What is a Risk??

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

  • Quantitatively this

relationship is reflected in the function: Risk= ƒ (Probability , Impact)

  • Risks may be the result of

the effect of internal and external factors

11

slide-12
SLIDE 12

"When someone asks me how I can describe my experience of almost forty years at sea, I simply say: placid ...... .. of course there have been winds, storms, fog .... but I never saw a shipwreck or I was shipwrecked, not even some Threat of a disastrous end " E.J. Smith, Captain of RMS Titanic, April 1912

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

How doe

  • es th

the need of

  • f man

anage risk risks ap appear?

12

slide-13
SLIDE 13

13

Alinear la estrategia a la TOLERANCIA al riesgo de la entidad.

Assume Risk Estrategias de respuestas

  • Aceptar
  • Planificar
  • Etc.

REDUCE RISK

Ej: Controlar

Avoid - Transfer

EVITAR

  • Enajenar
  • Detener
  • Apuntar
  • Prohibir
  • Eliminar
  • Etc.

TRANSFERIR

  • Asegurar
  • Limitar
  • Tercerizar
  • Reasegurar
  • Indemnizar
  • Dividir
  • Etc.

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

slide-14
SLIDE 14

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

Benefit its of

  • f Ri

Risk Man anagement

14

slide-15
SLIDE 15

Balance the cost of implementing each option vs the associated benefits.

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

Evaluate tr treatment op

  • ptions

Severity Risk Strategy

15

slide-16
SLIDE 16

One purchase…….One transaction One bid invitation… One transaction One bid response… One transaction

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

Our focu

  • cus TODAY… Publi

lic Procurement!!!

  • Elements of a transaction
  • How do we ensure the security of a transaction
  • Using experience of e-commerce
  • TRUST, the BASE for developing e-procurement

16

slide-17
SLIDE 17
  • Double effect control access
  • Digital certificates and Digital signature
  • Encrypting

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

Im Imple lementing Con

  • nfidenciali

lity

17

slide-18
SLIDE 18
  • The importance of identifying who is offering, concepts such as authentication and its

features would be interesting. Pros and Cons of the different authentication methods

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

Id Identify fyin ing who is is of

  • fferin

ing

18

slide-19
SLIDE 19
  • Also the integrity of the offer itself. How we validate it and provide legal certainty (access to

documents and managing submission and opening dates, for example)

  • How do we know that the offer received is authentic and valid. The same applies to the rest of the

documents (purchase orders, invoices, etc.)

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

The in integrit ity of

  • f th

the of

  • ffer itse

itself

19

slide-20
SLIDE 20
  • Other área is about how we protect privacy of information and confidential data in the offers

submitted

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

Priv rivacy of

  • f in

information an and confidential data

20

slide-21
SLIDE 21

Exposed and destroying value Control to Minimize risks Managing risks adds value

“No brakes – Out

  • f control”

“Full brakes Cannot move” Uninformed Managed Obssesed High Optimal Low Value

  • Nothing is 100% safe
  • Find the balance between risk and control
  • Want to significantly reduce your organizations’ IT security-related risks? Change the behavior of

your users

Managing IT Security in e-GP Alejandro Susel / asusel@holos-consulting.com

Key tak akeaways

21

slide-22
SLIDE 22

THANK YOU!

Managing IT Security in e-GP

Alejandro Susel

asusel@holos-consulting.com