Upload
valentine-hodges
View
216
Download
1
Embed Size (px)
Citation preview
INFORMATION SECURITYINFORMATION SECURITYTHE NEXT GENERATIONTHE NEXT GENERATION
1313thth World Electronics Forum World Electronics Forum
IsraelIsrael Christopher JoscelyneChristopher Joscelyne
Board Member & Membership ChairmanBoard Member & Membership ChairmanAEEMAAEEMA
November 2007November 2007
Boundaries between personal and business Boundaries between personal and business computing have become difficult to define because computing have become difficult to define because everyone and everything is becoming linked. everyone and everything is becoming linked.
In order to survive, enterprises must manage the In order to survive, enterprises must manage the new risks this environment creates.new risks this environment creates.
SIGNIFICANT CHALLENGESSIGNIFICANT CHALLENGES
The enormous quantity of information assets in most The enormous quantity of information assets in most organisations.organisations.
Assets' inherent vulnerabilities and the potential Assets' inherent vulnerabilities and the potential
threats to their confidentiality, integrity, and threats to their confidentiality, integrity, and availability. availability.
Rapid adoption of new devices and methods of use Rapid adoption of new devices and methods of use inside and outside the enterpriseinside and outside the enterprise
SIGNIFICANT CHALLENGESSIGNIFICANT CHALLENGES
A variety of co-workers, with inconsistent attitudes to A variety of co-workers, with inconsistent attitudes to information security, working together and sharing information security, working together and sharing informationinformation
The many requirements for information security, The many requirements for information security, including legal and regulatory, marketplace including legal and regulatory, marketplace requirements from customers and partners, and requirements from customers and partners, and corporate governance.corporate governance.
COMMON THREATSCOMMON THREATS
Lost or stolen laptop computers (over 600,000 per Lost or stolen laptop computers (over 600,000 per year in the US, of which 97% are not recovered)year in the US, of which 97% are not recovered)
Lost or stolen PDAs (current estimate is double the Lost or stolen PDAs (current estimate is double the number of lost or stolen laptop computers)number of lost or stolen laptop computers)
Lost or stolen USB flash memory devices (millions lost Lost or stolen USB flash memory devices (millions lost with no protection of the stored data)with no protection of the stored data)
LACK OF SKILLS IS A SIGNIFICANT PROBLEMLACK OF SKILLS IS A SIGNIFICANT PROBLEM
According to recent research, while 87 percent of According to recent research, while 87 percent of organizations are confident that they can deal with organizations are confident that they can deal with viruses, spam and malware, only 35 percent feel they viruses, spam and malware, only 35 percent feel they are able to deal with the prospect of lost data. are able to deal with the prospect of lost data.
Kace Research Study – May 2007Kace Research Study – May 2007
INFORMATION SECURITY – KEY MOTIVATORSINFORMATION SECURITY – KEY MOTIVATORS
RealizationRealization that corporate knowledge is a high that corporate knowledge is a high value information asset that is worth protectingvalue information asset that is worth protecting
AcceptanceAcceptance at boardroom level that protection of at boardroom level that protection of information assets is a corporate responsibilityinformation assets is a corporate responsibility
ActionAction at boardroom level to implement information at boardroom level to implement information security initiativessecurity initiatives
NON-TECHNICAL TREND IN 2007NON-TECHNICAL TREND IN 2007
Induction process for new employees that communicates Induction process for new employees that communicates policy in clear non-technical language that is understoodpolicy in clear non-technical language that is understood
Ongoing education programs to create and maintain a culture of Ongoing education programs to create and maintain a culture of respect for information and the need to protect itrespect for information and the need to protect it
TECHNICAL TREND IN 2007TECHNICAL TREND IN 2007
New and emerging technologies that protect data without New and emerging technologies that protect data without choking productivity, inside and outside the enterprisechoking productivity, inside and outside the enterprise
Security Security is becoming embedded in the infrastructure is becoming embedded in the infrastructure
Convergence of disk encryption, removable media Convergence of disk encryption, removable media encryption, end point security, data loss protection, encryption, end point security, data loss protection, document content security and digital rights management document content security and digital rights management into a suite of compatible modulesinto a suite of compatible modules
SOME PRACTICAL CONSIDERATIONSSOME PRACTICAL CONSIDERATIONS
““One size fits all” usually fails to meet the varying needs of One size fits all” usually fails to meet the varying needs of enterprise employeesenterprise employees
Granular approach to policy enforcement allows flexibilityGranular approach to policy enforcement allows flexibility
Implementation must reflect levels of trust and encourage staff Implementation must reflect levels of trust and encourage staff productivityproductivity
Greater tracking and auditing of Greater tracking and auditing of incomingincoming data and data and outgoingoutgoing data creates reports that are meaningful for fine tuning of data creates reports that are meaningful for fine tuning of security policiessecurity policies
ENGAGING WITH VENDORSENGAGING WITH VENDORS
Select “mix and match” modules from one or more Select “mix and match” modules from one or more vendors, based on your priorities, to ensure you get vendors, based on your priorities, to ensure you get what you want, when you want it, using your available what you want, when you want it, using your available technical resourcestechnical resources
THE TASKS FOR ASSOCIATIONSTHE TASKS FOR ASSOCIATIONS
Establish security policies that can be enforced Establish security policies that can be enforced Guard information assets and protect data integrityGuard information assets and protect data integrity Audit and review all processes and proceduresAudit and review all processes and procedures Educate staff with an ongoing program that Educate staff with an ongoing program that
reinforces the value of information securityreinforces the value of information security Maintain and develop a culture of security as a Maintain and develop a culture of security as a
practical example to members and others who practical example to members and others who engage with or interact with the associationengage with or interact with the association
FURTHER INFORMATIONFURTHER INFORMATION
CHRISTOPHER JOSCELYNECHRISTOPHER JOSCELYNE
[email protected]@apro.com.au
SafeKnowledgeSafeKnowledge®®
AUSTRALIAN PROJECTSAUSTRALIAN PROJECTS