Click to edit Master title

1
Click to edit Master title
Information Security A Discussion
Wednesday, December 6, 2006
Bob Steadman Director, National IT Security Sobeys
2
Agenda

• Why protect information and computer systems?
• Briefly describe methods of protection.
• What are the major privacy and security issues
  related to information and technology?
• Identify the specific security measures
  e-businesses provide for consumers.
• Highlight a current security issue.

3
Security Made Easy
4
1. Why protect information and computer systems?

• When we leave for work in the morning, we
  automatically lock our doors.
• We need to have the same automatic locks for our
  computers.

5
It only happens to others ...doesnt it?
6
(No Transcript)
7
(No Transcript)
8
(No Transcript)
9
(No Transcript)
10
(No Transcript)
11
1. Why protect information and computer systems?

• Evolution of Hacking
• Historical (websites playful disruption)
• Present (cyber terrorism)
• Hollywood Hype War Games Hackers Firewall
• Business Impact
• Direct / Indirect Financial Loss
• Corporate Image and Market Impact

12
2. Briefly describe methods of protection.

• Security
• Strategy

13
3. Major privacy/security issues related to
information technology?

• Privacy
• PIPEDA
• Identity Theft

• Confidentiality
• Litigation

• Compliance
• SOX
• Bill 198
• PCI

14
Canadian Rules

• Bill 198 (Ontario)
• Amends Canadian Securities Act
• Broadens OSC powers
• Penalties for non- compliance
• Directs regulators to enhance investor confidence
• CANADIAN INVESTOR CONFIDENCE MEASURES
• National Instrument 52-108 Auditor Oversight
• Multilateral Instrument 52-109
• Multilateral Instrument 52-110
• (Similar to various rules from SEC/PCAOB) Audit
  Committees
• Multilateral Instrument 52-111

15
4. Identify specific security measures
e-businesses provide consumers.

• Privacy Policy
• Encryption (SSL)
• Insurance mitigation
• Apologies
• Banks
• Visa
• Amex

16
5. Highlight a current security issue.

• Risk Gap
• Enemy Within (still highest)
• ATM / Gas Station
• Protecting Customer Data/Information
• Viruses / Spam / Spyware / Adware
• McAfee
• Bots MPEG Mobile Phone Malware
• Identity Theft
• Wireless

17
The Risk Gap in Technology Environments

• RISK GAP
• unmitigated exposures (threats) and missed
  opportunities

gtgt need to identify the nature of the Risk
Gap and provide recommendations for closing the
gap!
18
Facilitating Strategic IT Investment Decisions

• In organizations' scramble for competitive
  advantage and the haste to quickly utilize
  information technology, issues of control are
  sometimes subverted by operational priorities

19
The Security Balance

• Security is a balancing act between ease of
  access to information and protecting that
  information from increasing threats

20
Awareness Message
The key to security awareness is embedded in the
word security
SEC- -Y
U - R - IT
21
(No Transcript)