Title: Click to edit Master title
1Click to edit Master title
Information Security A Discussion
Wednesday, December 6, 2006
Bob Steadman Director, National IT Security Sobeys
2Agenda
- Why protect information and computer systems?
- Briefly describe methods of protection.
- What are the major privacy and security issues
related to information and technology? - Identify the specific security measures
e-businesses provide for consumers. - Highlight a current security issue.
3Security Made Easy
41. Why protect information and computer systems?
- When we leave for work in the morning, we
automatically lock our doors. - We need to have the same automatic locks for our
computers.
5It only happens to others ...doesnt it?
6(No Transcript)
7(No Transcript)
8(No Transcript)
9(No Transcript)
10(No Transcript)
111. Why protect information and computer systems?
- Evolution of Hacking
- Historical (websites playful disruption)
- Present (cyber terrorism)
- Hollywood Hype War Games Hackers Firewall
- Business Impact
- Direct / Indirect Financial Loss
- Corporate Image and Market Impact
122. Briefly describe methods of protection.
133. Major privacy/security issues related to
information technology?
- Privacy
- PIPEDA
- Identity Theft
- Confidentiality
- Litigation
- Compliance
- SOX
- Bill 198
- PCI
14Canadian Rules
- Bill 198 (Ontario)
- Amends Canadian Securities Act
- Broadens OSC powers
- Penalties for non- compliance
- Directs regulators to enhance investor confidence
- CANADIAN INVESTOR CONFIDENCE MEASURES
- National Instrument 52-108 Auditor Oversight
- Multilateral Instrument 52-109
- Multilateral Instrument 52-110
- (Similar to various rules from SEC/PCAOB) Audit
Committees - Multilateral Instrument 52-111
154. Identify specific security measures
e-businesses provide consumers.
- Privacy Policy
- Encryption (SSL)
- Insurance mitigation
- Apologies
- Banks
- Visa
- Amex
165. Highlight a current security issue.
- Risk Gap
- Enemy Within (still highest)
- ATM / Gas Station
- Protecting Customer Data/Information
- Viruses / Spam / Spyware / Adware
- McAfee
- Bots MPEG Mobile Phone Malware
- Identity Theft
- Wireless
17The Risk Gap in Technology Environments
- RISK GAP
- unmitigated exposures (threats) and missed
opportunities
gtgt need to identify the nature of the Risk
Gap and provide recommendations for closing the
gap!
18Facilitating Strategic IT Investment Decisions
- In organizations' scramble for competitive
advantage and the haste to quickly utilize
information technology, issues of control are
sometimes subverted by operational priorities
19The Security Balance
- Security is a balancing act between ease of
access to information and protecting that
information from increasing threats
20Awareness Message
The key to security awareness is embedded in the
word security
SEC- -Y
U - R - IT
21(No Transcript)