SECURITY THREATS - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

SECURITY THREATS

Description:

An INCIDENT is characterised as the loss of a system and/or confidential information. ... iPods Are a data storage device as well as an MP3 music player ... – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 9
Provided by: markr48
Category:
Tags: security | threats

less

Transcript and Presenter's Notes

Title: SECURITY THREATS


1
SECURITY THREATS
  • Mark Green CISM
  • The Association for Survey Computing
  • 25th February 2009

2
WHAT IS A THREAT?
  • A THREAT is a circumstance that may exploit a
    vulnerability to causes an undesirable or
    unexpected INCIDENT
  • An INCIDENT is characterised as the loss of a
    system and/or confidential information.
  • Or, put another way
  • A THREAT is something you can smell
  • An INCIDENT is something youre standing in!

3
THREAT VECTORS
  • External
  • Organised Crime
  • ID theft is seen as a low risk form of bank
    robbery!
  • Changes in Technology Hardware, Software
    Operating Systems
  • Changes in Legislation or Regulation
  • Ignorance is no excuse
  • Internal
  • The Human Factor - Employees, partners,
    suppliers and other trusted third parties
    including cleaners
  • The Techno Generation entering employment
  • Changes to Standard Operating Procedure (SOP)

4
VULNERABILITY LANDSCAPE
  • Has changed dramatically in the last 5 years due
    to
  • Exponential increase of electronic information
    held by organisations
  • Erosion of Network Boundaries
  • Availability of ubiquitous, high speed access to
    the Internet
  • Proliferation of Internet connected devices
  • Arabella Hallawell, Gartner Global Security and
    Privacy Best Practices Analyst, predicted in an
    article in 2004 that
  • in less than a decade, organisations will
    typically deal with 30 times more information
    than they do today.

5
SECURITY THREATS
  • Careless or ill-informed staff The Human Factor
  • Unclear or badly communicated policies and
    procedures
  • Passwords that are weak, not changed regularly,
    written on post-it notes or shared to cover
    maternity leave or holidays
  • Taking documents off site to work on them on a
    Home PC
  • Staff leaving your company
  • In a recent survey 70 of respondents admitted
    they would take confidential information with
    them when they left employment
  • Hard Copy Documents
  • Theres no excuse when theyre finished with,
    shred them!
  • Considered implementing a clear desk policy at
    night
  • Only take what you need away from the office and
    lock the rest away

6
SECURITY THREATS
  • Electronic Communication Leakage
  • External e-mail is not secure
  • Deliberate or unintentional leakage by file
    attachment
  • Personal Web-Mail and Instant Messaging
  • Unencrypted or uncontrolled mobile computing
    devices
  • Laptops Theres no excuse, encrypt them!
  • Personal Digital Assistants (PDAs)
  • Mobile Phones
  • iPods Are a data storage device as well as an
    MP3 music player
  • Unencrypted or uncontrolled Storage Media
  • USB Stick/Keys (16Gb ) and Hard Drives (500Gb
    )
  • CD (700Mb) and DVD ROM (4.5Gb) - Remember the
    HMRC incident?

7
CONCLUSION
  • Information Assurance today is
  • A balance of People, Process and Technology
  • A business management and IT issue
  • About preparation
  • The consequences arising from a incident
  • Financial or criminal penalty
  • Damage to reputation brand value
  • Reduced customer investor confidence
  • Without doubt
  • People are one of the most important factors in
    information security
  • Theyre mostly unaware of their responsibilities
    or the consequences of their actions
  • Good practice, clear policy, awareness and
    education can dramatically change peoples habits
    for the good of your organisation and the
    community at large

8
THANK YOU FOR LISTENING
Write a Comment
User Comments (0)
About PowerShow.com