Security and Privacy

1
Security and Privacy

• Women in Technology
• 2009
• Mary Henthorn

2
Security and Privacy

• Security
• Prevent loss, theft, or inappropriate access
• Privacy
• Ensure freedom from intrusion or disturbance
• Security Policies Protect Privacy

3
Security and Privacy

• Whos responsible?

4
Women in IT

• Chief Executive Officer
• Chief Technology Officer
• Chief Security Officer
• IT Professional
• Other Business
• Mom
• Everyone

5
There Is No Perimeter

• Physical
• Logical

6
Security May Breach Privacy

• Cameras
• Logs
• Monitoring
• Breach notification letters
• Data backup tapes
• RFID

7
TV News Crew and You!

• Breach laws
• Freedom of information
• 20 Million Settlement on VA Data Theft
• State tape with data on 800,000 missing

8
Whats Your Strategy?

• Know your enemies
• Classify your assets
• Identify constraints and parameters
• Assess risks
• Implement security, develop policies
• Repeat!

9
Threats

• Physical
• Equipment failure
• Natural disaster
• Manmade disaster
• Theft
• Logical
• Malware
• Denial of service
• Data corruption

10
Vulnerabilities

• Physical accessibility
• Physical weaknesses
• Location
• People
• Application weaknesses
• Memory, input, race, privilege, user interface
• Inadequate access control

11
Classify Assets

• Property
• Dollar value
• Systems
• Criticality
• Data
• Sensitivity

12
Constraints and Parameters

• Laws
• Regulations
• Contracts
• Policies

13
Risks

• Violation of law
• Disclosure of personal information
• Violation of contracts, regulations, or policy
• Loss of revenue
• Misuse of resources
• Corruption of data
• Unavailable resources
• Loss of reputation
• Criminal or civil liability
• Loss of trust

14
Defensive Strategies

• Use and update firewalls and anti-virus
• Properly setup and patch OS and applications
• Use appropriate authentication passwords
• Lock unattended workstations
• Backup data
• Use the Internet with caution
• Be careful with email, social networking
• Review security regularly
• Respond to incidents appropriately
• Recognize security is everyones responsibility

15
Defense in Depth

• Layers of protection
• Internet access point traffic analysis
• Router firewall
• Desktop firewall
• Fence and secured gate
• Locked front door
• Locked office door

16
Defense in Breadth

• Variety of protection
• Firewall
• Anti-virus
• Authentication
• Security cameras
• Locked doors and file cabinets
• Scanners

17
Be Informed, Stay Alert
18
Creative Office Security
19
Resources

• Computer Emergency Readiness Team
• www.uscert.gov
• National Institute of Standards and Technology
• www.nist.gov
• Identity Theft
• www.ftc.gov/idtheft
• Arkansas Security
• www.dis.arkansas.gov/security