1 / 10

Internet Security

Internet Security. Michael O’Farrell Ernst & Young 23-November-1999. Background. The Internet is increasingly used for commercial activities e.g. Information, Ordering, Payment...

xalvadora-kieva
Download Presentation

Internet Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Security Michael O’Farrell Ernst & Young 23-November-1999

  2. Background • The Internet is increasingly used for commercial activities e.g. Information, Ordering, Payment... • The best known of these are the companies who sell directly to customers known as Business to Customer (B2C). e.g. Amazon and eBay ... The biggest Internet growth area is Business to Business (B2B). 2

  3. B2B - is happening already • Greater level of electronic communication (e-mail) • Companies use the web for various purposes; • Catalogues (pictures, sound, text and prices) • Form filling (e.g. surveys, applications) • Account information (balances, transactions) • Many Companies are replacing EDI systems with simpler Internet-based inter-company communication. These inter-company links are direct connections between the computers of partner firms. 3

  4. Whats the big deal with Internet Security • Ability to trust the other party is more difficult over the Internet alone. • Any security weaknesses can impact customer confidence. • Insecure trading partners can be a threat to an organisation, because of the risk of ... • virus infection • disclosure of information they trusted you with • as an avenue to try and ‘hack’ their organisation. 4

  5. Common vulnerabilities - the scare stories • Viruses • they can cause disruption and nobody will want to talk to you (electronically) if you are infected. • Poor security controls on computers. • The most basic is proper use of passwords.The e-mail you send and files you store are protected by password This is the key to your electronic filecabinet. Having no control allows anybody to write a document or send an e-mail in your name. 5

  6. Other Concerns • Backup • What is the effect of your computer failing - a ‘crash’. Do you have a backup copy of your general ledger ? • Hacking • If you connect full time to the Internet consider that others on the network will find you and may want to explore your computer. • Are you what your email says ? • It is possible to ‘forge’ messages on the Internet. A Company getting an email from ‘you’ needs assurance that the message came from you and that the information was not tampered with.

  7. Some answers ... • Do the basics ... • Up to date anti-virus software on ALL your computers • A good, secret password that is changed regularly • Up to date software that has all the recommended security features turned on. • Backup software and data stored securely. • Follow the Law on protection of personal information. • If your system is more complex take the time to review the risks and address them. • Use digital signatures to prove your identity. 7

  8. Summary • Trading partners will use more Internet technology for their transactions. • This technology increases the risks to your organisation which must be balanced against the benefits of using it. • Good controls, up to date software and, in some cases, hardware can significantly reduce the risks.

  9. Would you be comfortable if your bank and insurance broker habitually kept their premises unlocked overnight ? You have a responsibility to your customers and trading partners to ensure your systems (especially Internet) are secure.

  10. References - on the web. • Irish and EU legislation on the Internet • http://www.echo.lu/ • http://www.odtr.ie/html/legislation.html • http://www.irlgov.ie/taoiseach/publication/infosocactionplan/infosocframework.htm • http://www.irlgov.ie/tec/communications/commsleg.htm • Information Society Commission • http://www.infosocomm.ie/background.htm • Information Security organisations • http://www.ciac.org/ • http://www.sans.org/newlook/home.htm 10

More Related