1 / 17

IT Systems Integrity

IT Systems Integrity. Chris Nabavi BSc SMIEEE. IT Systems are Mission Critical. Have you ever stopped to consider what would happen if, through theft, hacking, fire, flood etc. you lost: Your communications (web & email) Your trade secrets and employee records

akiko
Download Presentation

IT Systems Integrity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT Systems Integrity Chris Nabavi BSc SMIEEE © 2006 PCE Systems Ltd

  2. IT Systems are Mission Critical • Have you ever stopped to consider what would happen if, through theft, hacking, fire, flood etc. you lost: • Your communications (web & email) • Your trade secrets and employee records • Your accounts, payroll and designs • Your ability to process orders • In fact - all computer facilities? You’d use paper? © 2006 PCE Systems Ltd

  3. The Consequences • Direct Loss • Loss of hardware & data by fire, theft etc. • Indirect Loss • Sales, goodwill, competitive advantage • Productivity Loss • Data corruption, staff time, general chaos • Legal Exposure • Contracts, slander, illegal use, director liability © 2006 PCE Systems Ltd

  4. A Pharmaceutical Company • Has a web-site where users of a drug register • Sends reminder to take drugs when due • Inadvertently shows all email addresses • Compensation claim for breach of privacy • Regulatory fines • Damage to brand • Loss of confidence = Huge Financial Loss © 2006 PCE Systems Ltd

  5. The Cost to British Business • 44% of businesses suffered at least 1 security breach in past year • Average cost of an incident is £30,000 Source: Information Security Breaches Survey 2002 by DTI & PWC Computer related disasters cost the UK £1,800,000,000 per year Source: NCC © 2006 PCE Systems Ltd

  6. Sobering Statistics • 43% of companies that suffer a major loss of data go out of business as a direct consequence Source: McGladrey & Pullen • 90% of those without a contingency plan do not survive 1 year Source: Touche Roche © 2006 PCE Systems Ltd

  7. Disaster Recovery Plan • Many large American corporations suffered terrible losses of both staff and facilities in the attack on September 11th 2001 • Some went out of business • Others had a disaster recovery plan • These ones survived © 2006 PCE Systems Ltd

  8. But, Its Not Just the Big Boys! • SME’s usually have: • Fewer resources • Everything in one location • Less up-to-date systems …. And …. • No security, no training, no content filtering, no back-ups, no archives, no usage rules, no firewalls and no spare cash to buy time • Don’t wait for a disaster before acting © 2006 PCE Systems Ltd

  9. Disaster Recovery Plan • Assess the risks • Minimise / avoid them where possible • Keep copies of vital data off-site • Develop series of realistic recovery steps • Test the plan • Check your insurance cover • Standard cover often excludes data loss etc. © 2006 PCE Systems Ltd

  10. Reduce the Risks • Educate staff about the risks • Introduce an “acceptable use policy” • Limit access on a “business need basis” • Install suitable technology & updates • Ensure compliance with legislation • Re-assess the risks regularly © 2006 PCE Systems Ltd

  11. Employee Issues • Acceptable use policy: • Define what employees may and may not do • Train employees on security awareness • Downloading software, passwords etc. • Limit access and install content filtering • Warning: 80% of IT intrusions are perpetrated from inside the company © 2006 PCE Systems Ltd

  12. The Danger of Emails • Internal email between two employees suggests competitor is financially unstable • Visitor to office reads email on screen • Notifies third party of what he saw • Third party sues for slander • Settled for £450,000 plus costs © 2006 PCE Systems Ltd

  13. Back-ups • Make back-ups regularly & store off site • Back up data, software & configurations • Run a documented media rotation and back-up / archiving scheme • Test the back-up mechanism, since half of them don’t actually work! • Warning: 2% of disasters are caused by tests with faulty back-ups! © 2006 PCE Systems Ltd

  14. Beware Wireless LAN’s • 63% of wireless LAN’s are left on their default settings with no encryption • So anybody parked outside has access • Set up wireless LAN’S properly before use © 2006 PCE Systems Ltd

  15. Anti-virus • Install anti-virus software on all PC’s • Keep virus definitions up-to-date • Set PC’s to do regular automatic scans • Ban downloading of software from the Internet, floppies or memory sticks No dancing Father Christmases this year No games or unauthorised software © 2006 PCE Systems Ltd

  16. Firewall • Use a reputable stand-alone firewall • Block all protocols not actually needed • Ensure employees cannot bypass firewall • Test the firewall with a mock attack © 2006 PCE Systems Ltd

  17. And Finally ... • If you don’t have the expertise or time in-house, talk to us and we will arrange for an expert to sort it out for you. Alternatively, keep your fingers crossed! © 2006 PCE Systems Ltd

More Related