1 / 19

Managing Security for our Mobile Technology

Managing Security for our Mobile Technology. Security Management Purpose. Protection of Assets Protection of Services Prevention of Fraud Overall protection of revenue. Content. Physical Security Infrastructure Security Responding to Emergencies. Two Areas of Security. Physical

aquila-calhoun
Download Presentation

Managing Security for our Mobile Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Securityfor ourMobile Technology

  2. Security Management Purpose • Protection of Assets • Protection of Services • Prevention of Fraud • Overall protection of revenue

  3. Content • Physical Security • Infrastructure Security • Responding to Emergencies

  4. Two Areas of Security • Physical • Base stations • Data centres • Network sites • Network/Platform Infrastructure • Servers • Routers • Firewalls

  5. Corporate Strategies – Physical Security • Managed access • Managing who has the right to access • Security monitoring • Monitoring priority sites through cameras and electronic access • Fences, keys, alarming • Securing the perimeter to prevent access • Site security auditing • Ensuring compliance to security policy • Guard monitoring

  6. The Infrastructure Security Posture Every Way In WORM WORM WORM WORM WORM ATTACK

  7. Corporate Strategies – Infrastructure Security • Establish security policies • Security alert methods • Dedicated centre of excellence for IT/IP security mgt • Vulnerability management processes • Security incident management processes • Intrusion detection

  8. Today's Organizational IssuesManagement of Infrastructure Security • Increase of skills in hacking and fraudulent tools and techniques • Protecting what you don’t know (understanding the risk) • Cost of managing security • Ability for organizations to act • Complexity of our infrastructure • Increasing identification of vulnerabilities • Recognition and support by senior management of security management

  9. Defense in Depth • Protect at all levels • Focus on depth in setting up defense • Apply security technology at all layers • Apply security principles and processes at all layers

  10. Code Red Propagation July 19, midnight - 159 hosts infected

  11. Code Red Propagation (cont’d) July 19, 11:40 am - 4,920 hosts infected

  12. Code Red Propagation (cont’d) July 20, midnight - 341,015 hosts infected

  13. Technical knowledge required Threat Capabilities:More Dangerous and Easier to Use Internet Worms Packet Forging/ Spoofing High Stealth Diagnostics DDoS Sweepers Back Doors Sophistication of hacker tools Sniffers Exploiting Known Vulnerabilities Disabling Audits Self Replicating Code Password Cracking Password Guessing Low 1980 1990 2000

  14. Cost of Poor Security Type of Crime 2002 2003 Unauthorized Privileged Access $ 106K $322K +300% Financial fraud $ 807K $3.5M +430% Telecommunications Fraud $ 101K $415K +410% Web Defacement $ - $58K - Denial of service $ 181K $397K +220% Virus, Worm, Trojan Infection $ 891K $2.2M +245% Unauthorized Insider Access $ 145K $262K +180% • TOTAL $ 2.2M $7.1M +320% • Compare this to the cost of implementing a comprehensive security solution! Source: 2003 Australian Computer Crime and Security Survey

  15. Responding to Emergencies

  16. Business Continuity Plans • Business Continuity Plans have been developed for all our strategic sites, Internet Data Centres, and Melbourne and Sydney cable tunnels. • Generic Site recovery Process developed for 410 sites and is generic enough to apply to all sites. • Critical processes and applications used to support the processes have: • Business Continuity Plans • Application Recovery Plans • Infrastructure Recovery Plans

  17. Blackout 2003 Scenario in Australia • All category 1 and 2 sites have Emergency Power Plant • Sites which do not have Emergency Power Plant would run out of battery reserve over a varied period of time • Portable generation equipment would not be viable in this scenario due to demands by other community groups and the likelihood of theft. • Business Continuity Plans applied to protect services • Initiate Serious Incident Mgt Process

  18. Example - Responding to Fires, Floods, etc The Key is Process How it would work - Example • Centralised Serious Incident Mgt Team • Sites in affected area monitored • Situation monitored • Distribution of resources • Appropriate activities commissioned • Centralised, national command and planning activities

  19. Conclusion • Mobile’s Infrastructure Security mgt expands across both Physical and Logical aspects • Corporate strategies to address the growing complexity of security risk in infrastructure • Key to any Security or Emergency mgt – Is its management processes • Focus on the management of Security Risk with prevention as the priority

More Related