Security. Myths about Business Risks in the Information Age. Security is only about protecting “things” We don’t have any information anyone would want Security problems have never happened here. Firewalls provide enough security Technology will solve the security problem
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
The Economist and Arthur Andersen
Expected Loss = P1 * P2 * L
Minimize Threat Categories
Security is always a cost to efficiency. It must be promoted to be effective.
Segregation of duties
Physical Access Risk
Denial of serviceRisk Areas
Risks associated with the authorization, completeness and accuracy of transactions
Risks associated with inappropriate access to systems or data
Standards, rules, procedures and discipline to assure that personnel abide by established policies. Includes segregation of functions.
Securing operating systems and applications
Access protection from snooping, attacks, spoofing
User verification for PCAnywhere etc.
1. Hosts run unnecessary services
3. Information leakage through network service programs
4. Misuse of trusted access
5. Misconfigured firewall access lists
7. Misconfigured web servers
10.Inadequate logging, monitoring or detecting
2. Unpatched, outdated or default configured software
6. Weak Passwords
8.Improperly exported file sharing services
9. Misconfigured or unpatched Windows NT servers
11.Unsecured remote access
12.Lack of comprehensive policies and standards
1. A router sits between two
2. A programmer writes an access control list, which contains IP addresses that can be allowed onto the network.
3. A message gets sent to the router. It checks the address against the access control list. If address the is on the list, it can go through.
4. If the address isn't on the list, the message is denied access to the network.
1. Sue wants to send a message to Sam, so she finds his public key in a directory.
2. Sue uses the public key to encrypt the message and send it to Sam.
3. When the encrypted message arrives, Sam uses his private key to decrypt the data and read Sue's message.
International Biometric Group, New York
as reported in Computerworld, Quick Study: Biometrics, 10/12/98