P1247676902KgnSb - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

P1247676902KgnSb

Description:

Merchant problems with credit card payments & inventory ... 25.4 million investment by Yahoo!, Japan's Softbank Holdings, and venture firm Sequoia Capital ... – PowerPoint PPT presentation

Number of Views:54
Avg rating:3.0/5.0
Slides: 13
Provided by: stev246
Category:

less

Transcript and Presenter's Notes

Title: P1247676902KgnSb


1
(No Transcript)
2
Security Considerations for E-Alliances
  • Pete Murphy
  • CISO AmSouth Bank
  • 1/13/2003

3
The Internet Dilemma
  • Web Site visits are virtually anonymous
  • E-Business models are failing
  • Card holder repudiation of charges
  • Merchant problems with credit card payments
    inventory
  • Identity theft, other fraud creating uncertainty
  • Visible hacker attacks add to uneasiness
  • Underestimation of fulfillment challenges
  • Everyone wants e-business to be successful - Can
    it be?
  • Yes, if you recognize the risks and take action

4
The Value Of Maintaining Trust
E-Loan
Information Sources DJI
5
Considerations for E-Alliances
  • Protection
  • Maintain security control.
  • Comply with your companys security standards -
    at a minimum.
  • Documented security plan.
  • Notification of planned system configuration
    changes.
  • Cooperate with Vulnerability Assessments.

6
Considerations for E-Alliances
  • Detection
  • Monitor for security breaches.
  • Physical system inspection.
  • Maintenance and ownership of system records.
  • Right to audit.
  • Right to monitor independently.

7
Considerations for E-Alliances
  • Response
  • Notification of breaches.
  • Cooperation with investigative activities and
    CIRT guidelines for event escalation.
  • Monitor for system vulnerability information.
  • Timely application of security patches.
  • Recovery
  • Key system and data files are backed-up, securely
    stored, and available to meet the business
    recovery time objective.
  • Recoverability is periodically tested.

8
Vulnerability Exploit Cycle
Novice IntrudersUse CrudeExploit Tools
AutomatedScanning/ExploitTools Developed
Crude ExploitTools Distributed
Widespread Use of Automated Scanning/Exploit
Tools
Intruders Begin Using New Types of Exploits
AdvancedIntruders DiscoverVulnerability
Source Carnegie Mellon Software Engineering
Institute
9
Trends Incidents Reported
142
121
164
Source Carnegie Mellon Software Engineering
Institute
142 Average Increase Per Year!!!
10
Evolution of Malicious Tools / Techniques
Required Attacker Knowledge
stealth / advanced scanning techniques
High
packet spoofing
denial of service
DDOS attacks
sniffers
www attacks
sweepers
automated probes/scans
GUI
back doors
network mgmt. diagnostics
disabling audits
Attack Sophistication
hijacking sessions
burglaries
exploiting known vulnerabilities
password cracking
self-replicating code
password guessing
Low
1980
1985
1990
1995
2000
Source Carnegie Mellon Software Engineering
Institute
11
Summary
  • Maintaining Consumer Trust is Paramount
  • A Well-rounded Security Program is a Must
  • Manage Third-party Alliances Closely
  • Stay Current Through Early Warning Channels
  • Exercise Your Response Strategy Before You
    Actually Need It

12
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "P1247676902KgnSb" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!