Security Matters

1
Security Matters

• Its not about the network

2
Whats Your Biggest Threat?
http//flickr.com/photos/mikeygottawa/533355476/
3
The Top 12 Security ThreatsReported by CTOs

• 12. Extortion
• 11. Denial of Service (DoS)
• 10. Vandalism
• 9. Pharming
• 8. Phishing
• 7. Fraudulent Transaction

4
The Top 12 Security ThreatsReported by CTOs

• 6. Physical Loss
• 5. Unauthorized Access by Outsiders
• 4. Malware
• 3. Spam
• 2. Unauthorized Access by Insiders
• 1. Insider Misuse
• Source http//www.computereconomics.com/article.c
  fm?id1214

5
The Top 2 (and 6) Security ThreatsThe Cost of
an Inside Job

• Four in ten IT managers report incidents
  involving non-compliance while another 27 percent
  have seen unintentional release of corporate
  information.
• A typical incident requires 22 IT employee hours
  to remediate.

6
Security PhilosophyControl What You Can

• 0s and 1s, not people.
• Network, workstations, devices, applications,
  files.

7
Control What You CanNetworks

• NAT Routers
• Integrated VPN
• Dynamic IP addresses
• Wireless - closed

http//flickr.com/photos/abbyladybug/930518276/
8
Control What You CanWorkstations

• Firewalls
• Antivirus
• Anti-spyware
• Spam filtering
• Internet filtering (?)
• Backups

http//flickr.com/photos/53088165_at_N00/579761138/
9
Control What You CanIn the Cloud

• Enough seats for all users
• Independent passwords
• Automatic logout
• Required password changes

http//flickr.com/photos/86778817_at_N00/88641569/
10
Control What You CanDevices / Drives

• Passwords for all devices and drives
• Encryption for files stored on devices and drives

http//flickr.com/photos/ian-s/2152798588/
11
Security PhilosophyITs More than Digital

• In 2008each man, woman, and child will use 4,847
  sheets of the office paper, 36 sheets fewer than
  2007.
• Source http//www.entrepreneur.com/tradejournals/
  article/184744007.html

12
Security PhilosophyPlug the Biggest Holes

• Prioritize!
• Risk Value of Asset x Severity of Vulnerability
  x Likelihood of Attack
• Source http//h71028.www7.hp.com/ERC/cache/568165
  -0-0-0-121.html

13
Security PhilosophyPlan for Failure

• Know how you will respond to security breaches in
  terms of IT
• Plan for notifying important parties - its the
  law!

14
Security PhilosophyTrain for Success

• Ultimately, your success relies on your people
• Try Disaster Days trainings (make it fun!)
• Make security issues part of your regular
  communications

15
Security Resources

• HP Security Risk Assessment
• http//h71028.www7.hp.com/ERC/cache/568165-0-0-0-1
  21.html
• TechSoup Healthy and Secure Computing
• http//www.techsoup.org/hsc/
• CERT Octave
• http//www.cert.org/octave/
• SANS Reading Room
• http//sans.org/
• Security Focus
• http//www.securityfocus.com/
• NSA Security Confirguration Guides
• http//www.nsa.gov/snac/

16
As we look ahead into the next century, leaders
will be those who empower others.- Bill Gates,
founder Microsoft