Information Security Seminar

Information Technology: The Best Offense is a Good Defense

Agenda
Is Your Network at Risk?
Security Statistics
Types of Attacks
Security Strategies
Top 5 Security Tips
About Acend Corporate Learning
Questions?

Is Your Network at Risk?
Regularly impacted by viruses and Internet outages?
Users keep their password on post it notes?
Transferring files and documents?
Employees instant messaging through their computers?
Don’t regularly audit your security policies?

Security breaches can cause end user downtime
Reactive recovery measures can impact IT productivity and ability to deliver essential business services
You can lose significant amount of staff hours
Your company can suffer devastating loss of credibility with customers resulting in loss of Market Opportunities
Intellectual Property or Customer Information can be lost
Suffer Legal Liabilities as a result
Why is Information Security Important to Your Business? BOTTOM LINE: Billions of dollars are lost at the affected Web sites, losses in market capitalization, and the amount that will be spent on upgrading security infrastructures as a result of security breaches.

How Does this Happen?
Basic Security Breaches Involve Loss of:
Confidentiality: Information is read or copied by someone with unauthorized access
Integrity: Information is modified by someone whether by accident or intentional
Availability: Information is inaccessible to people who are authorized to use it

An insider attack against a large company could cause an average loss of $2.7 million in damages. (reported by the Computer Security Institute and the FBI)
Most common attacks reported by companies were virus attacks (82%) and insider abuse of network access (80%). (reported by the Computer Security Institute and the FBI)
In the 2003 Global Security Survey, 39% of respondents acknowledged that their systems had been compromised in some way within the last year. (reported in the Deloitte Touche 2003 Global Security Survey)
Hackers, worms and other high-tech interference caused $11.1 billion in damages. (reported by The Orange County Register, “Hacker Trackers” 2003)
How Bad is the Problem? January, 2004: MyDoom virus has become the fastest spreading virus to date, causing $22.6 Billion in damages in its first 72 hours, according to the mi2g Intelligence Unit

Security Attacks Reported from 1990-2003

Likely Sources of Attacks Independent Hacker Disgruntled Employee

Types of Attacks
Viruses – #1 type of attack with over 70,000 known viruses
Macro Viruses
Worms
File Viruses
Trojan Horses
Backdoor Trojans
Boot Sector Viruses
System Entry
Floppy disks, CD-ROM, e-mail, Internet, programs and documents.
Anti-virus Programs
Network and Desktop .

Types of Attacks
Denial of Service
Insider Abuse of Network
Unauthorized Access
Packet Sniffer
Probe or Scan

Security Strategies: Personnel
Training & Awareness
Security Policy
Physical Security Dedicated Management

Security Strategies: Technology
Viruses
Firewalls
Intrusion Detection
Authentication & Authorization
Encryption
Data & Information Backup

Top 5 Security Tips
Passwords
Encourage employees to choose passwords that are a minimum of eight characters, a combination of upper & lowercase characters, and mixed with symbols.
Require new passwords at least every 90 days.
Employees should never share passwords or write them down.
Software
Anti-Virus: Constantly monitor your anti-virus software to make sure that is kept current. Check for updates and patches offered by the creator of the anti-virus software.
Server: Make sure that your server software is the latest version and that all patches and updates are current. Do not provide any network services to all employees unless necessary.
Security Policies
Guidelines for organization.
Define acceptable and unacceptable activities.
When an employee leaves a company, remove their access.

Top 5 Security Tips
Network Administration:
Continuously monitor the network and look for new ways to protect it.
If you are using a web host or ISP, make sure that your security goals align with your web host.
Deploy encryption where available.
Education:
Ensure Network Administrators have the latest and greatest security training.
Train employees on the use of email attachments and the simple steps they can take to protect their PCs.
Make sure anti-virus software is installed on every machine and that employees know how to use it before opening any attachments.
Mandate computer security awareness and training based on company policy that teaches knowledge, attitude and behavior.

How Acend can Help
Customized Learning Plan to your personal needs
Minimize the difficulty of scheduling your employees to be out of the environment
Lessen the impact of having employees away on training
More effective learning
One-on-one instruction

Thank You for Coming!
Your Next Steps
Attend an Information Security Class for a hands on experience
Readiness meeting with your Solutions Executive to review your Information Security goals

For More Information…
Computer Security Institute:
http://www.gocsi.com
CERT ® Coordination Center:
http://www.cert.org
On Acend Corporate Learning:
www.acend.com

Any Questions?

Information Security Seminar

by Acend Corporate Learning on Aug 10, 2009

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 3

Statistics

Information Security Seminar — Presentation Transcript