Assuring Reliable and - PowerPoint PPT Presentation

1 / 26

About This Presentation

Title:

Assuring Reliable and

Description:

Virus hoaxes. Sent to frighten people about a virus threat that is bogus ... Security a moving target (hire an attacker; check CERT) ... – PowerPoint PPT presentation

Number of Views:72

Avg rating:3.0/5.0

Slides: 27

Provided by: andreae2

Category:

more less

Transcript and Presenter's Notes

Title: Assuring Reliable and

1
Chapter 6

Assuring Reliable and
Secure IT Services

2
Reliability

How will your business be affected by downtime?
What can be quantified in terms of losses?
What can not be quantified?
Attributions may play into this

3
Reliability Service Availability

Decreases with number of components

4
As the Number of Components Increases
15 components 25 downtime!
5
Minutes Down per Day
6
Days Down per Year
7
Redundancy

Helps achieve desired level of availability

8
Availability Decisions

Uninterruptible Electric Power Delivery
Physical Security
Climate Control and Fire Suppression
Network Connectivity
On Site Monitoring
Help Desk and Incident Response Procedures

9
Redundancy of Mission-Critical Components

N1 level
Service level in 99-99.9 range
NN level
Service level in 99.999-99.9999 range
Decisions re design of IT infrastructure
Which elements to make redundant?
Availability vs. Cost

10
Security and Employees

Main threat?
From inside the walls
White-collar crime costs 400 billion per year
Average non-managerial embezzlement is 60,000
Average managerial embezzlement is 250,000
Two-thirds of insider fraud is not reported
2 out of 5 businesses suffered 5 fraud losses
One quarter of those cost more than 1 million

11
Security and Employees

Computer-aided fraud
Vendor fraud
Writing payroll checks to fictitious employees
Claiming expense reimbursements for costs not
incurred
Stealing security codes, credit card numbers,
proprietary files
Stealing intellectual property
10 completely honest, 10 will steal, 80
depends on circumstances
Theft committed by those strapped for cash, who
have access to poorly protected funds, perceive
low risk of getting caught

12
Security and Employees

Triggers to unethical employee behavior
Efforts to balance work and family
Poor internal communications
Poor leadership
Work hours, work load
Lack of management support
Need to meet sales, budget, or profit goals
Little or no recognition of achievements
Company politics
Personal financial worries
Insufficient resources

13
Security and Collaboration Partners

Increasingly internetworked infrastructures
Need for concern about partners, suppliers,
distributors, customers computer security (and
your own)

14
Security and Outside Threats

In 2003, 90 of firms detected breaches in last
12 months
75 acknowledged losses (400K per company)
Hacking unauthorized access to computers and
computer information

15
Types of Cyber Crime

Virus software written with malicious intent to
cause annoyance or damage
Benign or malicious
Worms are most prevalent type of virus
Spreads itself, from file to file, computer to
computer via email and other Internet traffic
Love Bug worm and its variants affected 300,000
Internet host computers, millions of individual
PC users
File damage, lost time, high cost emergency
repairs costing 8.7 billion
Klez, Nimda, Sircam

16
Types of Cyber Crime

Denial-of-service attack (DoS) floods a web site
with so many request for service that it slows
down or crashes
Objective is to prevent legitimate customers from
accessing target site
ETrade, Yahoo!, Amazon.com have all been vcitims
Virus hoaxes
Sent to frighten people about a virus threat that
is bogus
Panic, loss of time, loss of productivity
Computer professionals spend time looking for
non problem

17
What Viruses Cant Do

Hurt your hardware (monitor, processor)
Hurt any files they werent designed to attack
(designed for MS Outlook, wont affect Eudora or
other e-mail application)
Infect files on write-protected disks

18
Security Precautions

Risk management
Identification of risks or threats
Implementation of security measures
Monitoring of those measures for effectiveness
Risk assessment
What can go wrong?
How likely is it to go wrong?
What are the possible consequences if it does go
wrong?
Implementing right amount and type of security is
a critical, but not an easy, matter
Backup procedures, anti-virus software,
firewalls, access authentication,
intrusion-detection software, system auditing

19
Security Precautions

Backups
Process of making a copy of the information
stored on a computer
Employee carelessness or ignorance cause 2/3 of
the financial cost of lost or damaged information
Backups should be made methodically and regularly
(at least once a week)
Anti-virus software
Detects and removes or quarantines computer
viruses
Should be able to get rid of virus without
destroying the software or information it came
with
Needs to be updated frequently (new viruses every
day)

20
Security Precautions

Firewalls keep outsiders out
Hardware and/or software that protects a computer
or network from intruders
Examines each message as it seeks entrance to the
network only those with right markings gain
access
Can also detect computer communicating with the
Internet without approval
Access Authentication keep insiders out
Protects computer systems from unauthorized
employees
Proving access rights
What you know password
What you have ATM card
What you look like biometrics (use of physical
characteristics)

21
Security Precautions

Encryption
Scrambles the contents of a file, which cant be
read without having the right decryption key
Public key encryption use of 2 keys (1 public, 1
private)
Intrusion-detection software
Looks for people on the network who shouldnt be
there or who are acting suspiciously
Security-auditing software
Checks out computer or network for potential
weaknesses

22
Security Management Framework