Upload
jean
View
54
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Information Security. The CIA Triad. Confidentiality. The state of being secret. Security. Integrity. Availability. Present and ready for use. The state or quality of being entire or complete. The Job. http://technet.microsoft.com/en-us/library/cc723507.aspx. Agenda. Some Threats - PowerPoint PPT Presentation
Citation preview
Information Security
The CIA TriadConfidentialitConfidentialit
yy
IntegritIntegrityy
AvailabiliAvailabilityty
The state of being secret
The state or quality of being
entire or complete
Present and ready for use
SecuritySecurity
The Job
http://technet.microsoft.com/en-us/library/cc723507.aspx
Agenda
Some ThreatsSome Controls
San Francisco – Terry Childs
http://articles.sfgate.com/2008-12-27/bay-area/17133065_1_computer-network-mr-childs-passwords
UBS – Roger Duronio
http://www.cbsnews.com/stories/2002/12/18/tech/main533450.shtml
Certegy Check Services
Lost Backup Tapes
Australia – Vitek Boden
“…marine life died, the creek water turned black and the stench was unbearable for residents…”
- Australian EPA
This file is licensed under the Creative Commons Attribution-Share Alike 2.5 Generic license
California – Mario Azar
Google and China
Waheed Mahmood
http://news.bbc.co.uk/
Lost Laptop
Scottish Council Loses Pay Details
Customer Information in Bins
The Biggie …
SMART
Where is Security?
IT Security?
Information Security?
Physical Security?
Business Security? Business Assurance?
Some Problems
IT VendorsPeople – IT, employees, others …ComplexityTechnologyControl SystemsAnyone who thinks that I am responsible for Information Security
Agenda
Some ProblemsSome Solutions
- 22 -
Security Golden Rules
Accept Challenges
Display Your Badge
Assess Risks
Protect Your Identity
Thirty Minute Rule
Security Program
Risk ManagementPolicy … StandardsBusiness EngagementCulture / Behaviour ChangeSecurity ArchitectureMetrics and MeasurementsManagement SystemMoney / StaffControls
Further Reading
Bruce SchneierSANS Internet Storm Centre / NewsbitesSecurityFocusTitan RainAdvanced Persistent ThreatJericho Forum
Questions
Reading List
Ross Anderson: Security EngineeringBruce Schneier: Secrets & Lies