1 / 17

Creating a Security Verified Label Standard

Creating a Security Verified Label Standard. Patricia Joseph Joseph Consulting LLC. Agenda. Introduction The Threat is Real & increased trends in security breaches What is the security problem, if 80% of breaches are preventable? Need for security and the need for security Labels

konala
Download Presentation

Creating a Security Verified Label Standard

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Creating a Security Verified Label Standard Patricia JosephJoseph Consulting LLC

  2. Agenda • Introduction • The Threat is Real & increased trends in security breaches • What is the security problem, if 80% of breaches are preventable? • Need for security and the need for security Labels • Putting it all together; The security verified standard Labels • Conclusion • Questions

  3. Introduction • A standard of measurement is needed in the industry to allow consumers the ability to determine quickly if the software and hardware functionality they wish to implement has the ability to be secure within their network.

  4. The Threat is Real • Increase in security Breaches: • The number of data breaches up 21% in 2006 and Quadrupled in 2007 • In 2008 47% increase over 2007 • In the past five years, approximately 500 million records containing personal identifying information of United States residents stored in government and corporate databases was either lost or stolen. • 80% of people have had their information stolen in the past five years at least once.

  5. What are the gypsies after? • Everything • Credit card information • Health information • Marketing information • Personal Information • Your entire computer; CPU, Hardrive • Just about anything they can steel, aka The Gypsy Hacker

  6. 80% security Breaches preventable • In the case of a large discount store, mentioned in my abstract, wireless access was left completely open and unsecured. • In the case of a major health care industry, down for a month because of an XXS hacker message. • Major health association allowed major queries to the database exposing confidential information to the public • Simple fixes, Detrimental Impacts

  7. Why are there a high number of breaches if 80% are preventable • How could we have a breach? We have a firewall • Main focus is on Functionality • Cost of Security • Education of Security • Chief Technical officer • Ignorance of the organization • Individuals in the organization may not be educated in security or aware of security patches and fixes

  8. Need for Security • Do we need Security and security standards? • Of course

  9. Known Security Standards • Example of Standards: • Application Wasp • Sox/PCI • 2700, NIST • IEEE • How do we put all of these standards together?

  10. Standards Working Together Security Verified Label Standard implemented as both a • Software Standard • Organizational standard

  11. Application layer Application layer standards Presentation layer Presentation layer standards Session layer Session layer standards T ransport layer Transport layer standards Netw ork layer Network Layer Standards Data link layer Data link layer standards Physical layer standard Ph ysical layer All Working together: Security Verified Label standards • Using the OSI model as our basis of organization, we can distinguish and set standards for each layer

  12. Security Verified Label Standard • Software companies comply with set standards of how to make their software secure • Examples: • Web software: SSL Capable + instructional documentation • AIX containing documentation to harden OS

  13. Security Verified Label Standard • Consumer has a simplified way of telling if software company has considered security through reading the package or product description. • Example:

  14. Security Verified Label Standards: Benefits • Faster and easier way to tell through labels if the software you are buying has security capabilities. • Easy way to tell security for non-technical and non-security educated • Cheaper for organizations to implement this security standard • Easier for organizations to implement security through instructions given with software. • If the software claims it fits this standard it must come with implementation instructions • Responsibility lies on each part of the organization

  15. Working Together: IT Organization • Each part of the organization is responsible for their own piece of security

  16. Conclusion: Creating an Overall Standard • Security decisions need to be made easier, more cheaply for consumers • Using the OSI Model as our level by which to measure a level of security, a label can be given to the software stating at what level it has the potential to be secure. • This security verification standard would outline how the software and hardware would be considered secure. Each level according to the OSI model would contain it’s own set of standards. Once the software/ hardware passes the verification a label can appear next to the software. This will make decisions easier for consumers and essentially easier for upper management to understand.

  17. Acknowledgements • http://www.wired.com/threatlevel/2009/11/cyber-attacks-preventable • http://www.theregister.co.uk/2008/01/02/data_breaches_skyrocket • http://www.identitytheft.info/breaches09.aspx • http://www.idtheftcenter.org/artman2/publish/m_press/2008_Data_Breach_Totals_Soar.shtml

More Related