Information Systems Misuse Threats

1
Information Systems Misuse Threats
Countermeasures

• Vijay Gawde
• Head Technical ServicesMIEL e-Security Pvt.
  Ltd.

2
Information Systems Misuse Threats
Countermeasures

• Misuse of Information Systems
• Exposures
• Cost of misuse
• Countermeasures
• How MIEL Can help

3
Misuse of Information systems

• Non business-web-surfing email
• Instant messaging
• IRC
• P2P (Kazaa, e-donkey etc..)
• Pornography
• Online gambling games
• Video, Streaming media, MP3 music
• Hacking
• Software piracy
• Storage of non-business data on office PCs.

4
Exposures

• Security breaches
• Bandwidth non-availability
• Accidents (e.g. attachment of wrong files with
  email)
• Sharing sensitive information to outsiders
• Degradation of network performance
• Loss of Intellectual property data theft
• Virus, worm, spy-ware
• Hoaxes, spam

5
Threats Impact
6
Costs companies pay

• Cost of virus infections
• just in our department alone we expended 1,700
  hours at 120/hour cleaning, patching, and stuff
  like that
• IDC April 04
• Cost of litigation
• average cost of defending one sexual harassment
  suit or to resolve a relatively serious
  harassment grievance within an organization is
  currently 65,000. Claims are made almost daily
• Gartner 03

7
Cost of misuse
It takes only about 150 employees for a company
to lose million dollars annually
8
Internet misuse statistics
9
Countermeasures

• First step Acceptable usage policy
• Security policies and controls NDA, Work ethics
• Desktop controls
• Media Control
• Physical security controls
• Training awareness program
• Policy based content filtering
• Web content filtering
• Mail content filtering

10
Protection Layers

• Content security
• Detects inbound and outbound embedded threats
  that Firewall, AV and Address Lookup cant
  recognize

• Anti-virus
• Blocks specific in-bound malicious content
• Based on signature
• Cannot extract embedded malicious threats

• Address lookup
• Includes Real-time Black List or URL Blocking
• Blocks outbound access based on where and who

• Firewall IDS
• Blocks inbound access based on network and
  protocol

11
How MIEL can help?

• What do we do?
• We secure content and protect against digital
  attacks by enforcing policies that increase
  productivity, reduce IT costs and create a safer
  business environment
• Our world leading business is founded on solving
  all the content security issues associated with
  email and the web

12
MIEL Universe
13
Training - MIEL offering

• E-security seminars/workshops
• E-security training Courses
• E-security management programs
• E-security advanced training Courses
• E-security Certification Courses

14
Consultancy Audit- MIEL offering

• Risk Assessment
• Current State Assessment
• BS-7799 Gap Analysis
• BS 7799 Consultancy
• Information Security Strategy Formulation
• Information Security Policies and Procedures
  (ITSSP)
• Business Continuity Planning
• Periodic Security Review
• Desktop Audit

15
Technical Services-MIEL offering

• Network Security Architecture
• Periodic Security Reviews
• Application Security testing
• Vulnerability Assessment
• Penetration testing
• Implementation of Security solutions
• Computer Forensics

16
Thank You