Security Matters It’s not about the network

What’s Your Biggest Threat? http://flickr.com/photos/mikeygottawa/533355476/

The Top 12 Security Threats Reported by CTOs 12. Extortion 11. Denial of Service (DoS) 10. Vandalism 9. Pharming 8. Phishing 7. Fraudulent Transaction

12. Extortion

11. Denial of Service (DoS)

10. Vandalism

9. Pharming

8. Phishing

7. Fraudulent Transaction

The Top 12 Security Threats Reported by CTOs 6. Physical Loss 5. Unauthorized Access by Outsiders 4. Malware 3. Spam 2. Unauthorized Access by Insiders 1. Insider Misuse Source: http://www.computereconomics.com/article.cfm?id=1214

6. Physical Loss

5. Unauthorized Access by Outsiders

4. Malware

3. Spam

2. Unauthorized Access by Insiders

1. Insider Misuse

Source: http://www.computereconomics.com/article.cfm?id=1214

The Top 2 (and #6) Security Threats The Cost of an “Inside Job” Four in ten IT managers report incidents involving non-compliance while another 27 percent have seen unintentional release of corporate information. A typical incident requires 22 IT employee hours to remediate.

Four in ten IT managers report incidents involving non-compliance while another 27 percent have seen unintentional release of corporate information.

A typical incident requires 22 IT employee hours to remediate.

Security Philosophy Control What You Can 0’s and 1’s, not people. Network, workstations, devices, applications, files.

0’s and 1’s, not people.

Network, workstations, devices, applications, files.

Control What You Can Networks NAT Routers Integrated VPN Dynamic IP addresses Wireless - closed http://flickr.com/photos/abbyladybug/930518276/

NAT Routers

Integrated VPN

Dynamic IP addresses

Wireless - closed

Control What You Can Workstations Firewalls Antivirus Anti-spyware Spam filtering Internet filtering (?) Backups http://flickr.com/photos/53088165@N00/579761138/

Firewalls

Antivirus

Anti-spyware

Spam filtering

Internet filtering (?)

Backups

Control What You Can In the Cloud Enough seats for all users Independent passwords Automatic logout Required password changes http://flickr.com/photos/86778817@N00/88641569/

Enough seats for all users

Independent passwords

Automatic logout

Required password changes

Control What You Can Devices / Drives Passwords for all devices and drives Encryption for files stored on devices and drives http://flickr.com/photos/ian-s/2152798588/

Passwords for all devices and drives

Encryption for files stored on devices and drives

Security Philosophy IT’s More than Digital In 2008…each man, woman, and child will use 4,847 sheets of the office paper, 36 sheets fewer than 2007. Source: http://www.entrepreneur.com/tradejournals/article/184744007.html

In 2008…each man, woman, and child will use 4,847 sheets of the office paper, 36 sheets fewer than 2007.

Source: http://www.entrepreneur.com/tradejournals/article/184744007.html

Security Philosophy Plug the Biggest Holes Prioritize! Risk = Value of Asset x Severity of Vulnerability x Likelihood of Attack Source: http://h71028.www7.hp.com/ERC/cache/568165-0-0-0-121.html

Prioritize!

Risk = Value of Asset x Severity of Vulnerability x Likelihood of Attack

Source: http://h71028.www7.hp.com/ERC/cache/568165-0-0-0-121.html

Security Philosophy Plan for Failure Know how you will respond to security breaches in terms of IT Plan for notifying important parties - it’s the law!

Know how you will respond to security breaches in terms of IT

Plan for notifying important parties - it’s the law!

Security Philosophy Train for Success Ultimately, your success relies on your people Try Disaster Days trainings (make it fun!) Make security issues part of your regular communications

Ultimately, your success relies on your people

Try Disaster Days trainings (make it fun!)

Make security issues part of your regular communications

Security Resources HP Security Risk Assessment http://h71028.www7.hp.com/ERC/cache/568165-0-0-0-121.html TechSoup Healthy and Secure Computing http://www.techsoup.org/hsc/ CERT Octave http://www.cert.org/octave/ SANS Reading Room http://sans.org/ Security Focus http://www.securityfocus.com/ NSA Security Confirguration Guides http://www.nsa.gov/snac/

HP Security Risk Assessment

http://h71028.www7.hp.com/ERC/cache/568165-0-0-0-121.html

TechSoup Healthy and Secure Computing

http://www.techsoup.org/hsc/

CERT Octave

http://www.cert.org/octave/

SANS Reading Room

http://sans.org/

Security Focus

http://www.securityfocus.com/

NSA Security Confirguration Guides

http://www.nsa.gov/snac/

As we look ahead into the next century, leaders will be those who empower others. - Bill Gates, founder Microsoft