Risk Management on the Internet


Published on

Managing Risk On The Internet.

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The risks to engaging in E-Commerce are similar to that of any Web site, or even internal systems, except that the impact of a security issue can have a much greater effect on your organization. “ E-Commerce sites experienced three times the number of incidents involving information loss/theft of data and revenue loss was seven time more likely than a simple Web environment. (PriceWaterhouseCoopers information security survey.) These issues are magnified in an E-Commerce environment due to actual costs, as well as a “multiplier effect” of the breach due to loss of trust. Online users rank security as their number one concern around E-Commerce, with 60% responding that this is the largest concern. (Yankelovich Partners 1998 Survey.) “ You know stalling an engine on an airplane can have much more serious consequences that an engine stall in your family car.”
  • The reports are frightening: web sites are paralyzed for entire business days, unauthorized network penetration, lost information. Hacking is on the rise from pranksters, competitors, and insiders, alike. And, of course, there’s a cost associated with those break-ins. The cost of lost information can be as high as $1.8 million. The U.S. based FBI estimates that electronic crime costs US companies $10B a year. And the consequential damage is often difficult to estimate-what is the price of an employee list given to recruiter, someone steals product plans, confidential information is altered. Security has rapidly escalated to a top priority as organizations become more networked to achieve their goals.
  • If you have any questions about Security I would be happy to entertain them now or afterwards during the break. Thank you all for your attention. Good Day.
  • Risk Management on the Internet

    1. 1. Risk Management on the Internet
    2. 2. Internet: A critical tool for businesses today.
    3. 3. Internet <ul><li>Communication: </li></ul><ul><ul><li>Clients </li></ul></ul><ul><ul><li>Suppliers </li></ul></ul><ul><ul><li>Partners </li></ul></ul><ul><ul><li>Personal </li></ul></ul>
    4. 4. Factors that increase the threat <ul><li>Broadband Technology </li></ul><ul><ul><li>ADSL, DSL, ISDN, Cable-Modem, etc. </li></ul></ul><ul><li>Economy Globalization </li></ul><ul><ul><li>A new era of interaction between nations, economies and people. </li></ul></ul><ul><li>Increase in technology complexity. </li></ul><ul><li>The complexity is directly proportional to the bugs in the systems. </li></ul>
    5. 5. What are the risks on the Internet? Key Cases & Events
    6. 6. Consequences of poor security <ul><li>Financial Loss </li></ul><ul><li>Theft </li></ul><ul><ul><li>Intellectual Property </li></ul></ul><ul><ul><li>Credit Card/Personal Information </li></ul></ul><ul><li>Virus </li></ul><ul><li>Loss of Trust </li></ul><ul><li>E-Graffiti </li></ul><ul><li>Denial of Service </li></ul>
    7. 7. Consequences of poor security <ul><li>Virus I Love You – Caused financial loss in excess of $10 billion, estimates Computer Economics. </li></ul><ul><li>It is estimated that the attacks on Yahoo!, Buy.com, eBay, CNN, & Amazon.com caused $1.2 billions of lost revenue. ( Source: The Yankee Group). </li></ul><ul><li>Theft of credit card information have included CD Universe (300,000), VISA USA (485,000) and more recently a hacker accessed 5.6 million credit cards from a company that processes transactions on behalf of merchants. </li></ul>FINANCIAL LOSS
    8. 8. Abuse & Losses in Industry, Goverment and Education... <ul><li>90% detected intruders in their systems. </li></ul><ul><li>70% reported serious flaws in security: </li></ul><ul><ul><li>Theft of intellectual and digital property. </li></ul></ul><ul><ul><li>Financial fraud. </li></ul></ul><ul><ul><li>Faulty service and sabotage. </li></ul></ul>223 Respondents Source: SF CSI 0 10 20 30 40 50 60 70 80 90 Intrusions Flaws
    9. 9. Abuse & Losses in Industry, Goverment and Education... <ul><li>80% acknowledged financial losses due to computer breaches . </li></ul><ul><li>44% were willing and/or able to quantify their financial losses . </li></ul><ul><li>Losses Totaled $ 455,848,000 </li></ul>20 30 40 50 60 70 80 Losses Quantify 223 Respondents Source: SF CSI
    10. 10. Hackers, Crackers, Script Kiddies and Thieves
    11. 11. http://www.infochannel.com.mx/
    12. 13. http://www.sanpedro.gob.mx/
    13. 15. http://www. cordiplan.gov.ve /
    14. 17. How money was lost 2002 CSI/FBI Computer Crime and Security Survey Nota : Average Losses per ocurrence . Financial Fraud Theft of proprietary information System penetration by an outsider Unauthorized insider access Sabotage of data networks $6.5 M + $4.6 M + $541,000 $300,000 $226,000
    15. 18. How security has been handled until now
    16. 19. The traditional security model <ul><li>Prevention </li></ul><ul><li>Increased revenues </li></ul><ul><li>Confidentiality “Trust” </li></ul>“ Implementing a robust security will increase earnings, establish confidentiality between your clients, suppliers and partners”
    17. 20. Avoiding the threat is not sufficient <ul><li>Every security product has failed occasionally. </li></ul><ul><li>98% of all respondents acknowledged having anti-virus software, nevertheless 90% reported cases of contamination by virus. </li></ul><ul><li>91% of all respondents have firewalls in place, nevertheless 40% report ed system penetration , which has increased for the fourth consecutive year . </li></ul><ul><li>-- Computer Security Institute / FBI, 2002 </li></ul>
    18. 21. Lack of Security <ul><li>Consequences of… </li></ul><ul><ul><li>Loss of confidence in the market </li></ul></ul><ul><ul><li>Reduction in the shareholding price </li></ul></ul><ul><ul><li>Hiring additional personnel </li></ul></ul><ul><ul><li>Difficulty when raising capital </li></ul></ul>
    19. 22. Too Much Security <ul><li>Consequences of… </li></ul><ul><ul><li>Loss of revenue </li></ul></ul><ul><ul><li>Creates obstacles for the clients </li></ul></ul><ul><ul><li>Loss of image in the market </li></ul></ul>
    20. 23. The perfect Balance <ul><li>Providing the right balance between good security measures, which allow the right person to access the right data at the right time. </li></ul>
    21. 24. A new security perspective
    22. 25. Manage the Risk <ul><li>Quantify the risk </li></ul><ul><ul><li>Evaluate probabilities </li></ul></ul><ul><ul><li>Consequences of a disastrous event </li></ul></ul>
    23. 26. Manage the Risk… <ul><li>Take corrective measures </li></ul><ul><ul><li>Reduce the risk </li></ul></ul><ul><ul><ul><li>Diminish probabilities, consequences or both. </li></ul></ul></ul><ul><ul><li>Transfer the risk </li></ul></ul><ul><ul><ul><li>Acquire insurance policies to indemnify your organization and third-party. </li></ul></ul></ul>
    24. 27. Manage the Risk… <ul><li>Effective use of security products to reduce the risk. </li></ul><ul><li>Why effective? </li></ul><ul><ul><li>These tools should be implemented when the savings due to the reduction of the risk, justifies the investment in the product. </li></ul></ul>
    25. 28. Manage the Risk… <ul><li>Safe $500,000 </li></ul><ul><li>Safe $ 25,000 / Insurance Policy $ 16,000 </li></ul><ul><li>Safe $5,000 & Insurance Policy $5,000 (requires a safe). </li></ul>Safe Diamond $ 50,000
    26. 29. Issues to consider when establishing a global security strategy <ul><li>Accept part of the risk. </li></ul><ul><li>Reduce part of the risk using security products and procedures. </li></ul><ul><li>Transfer part of the risk. </li></ul><ul><li>Recruit adequate personnel based on responsability. </li></ul><ul><li>Integration. </li></ul>
    27. 30. Conclusion <ul><li>Information security should NOT be considered merely a technical problem. </li></ul><ul><li>Information security should be a dynamic process that requires constant supervision, not only by technical personnel, but from personnel in general. </li></ul>
    28. 31. Questions ?
    29. 32. http://www.sekiur.com <ul><li>Risk Management </li></ul><ul><li>on the Internet </li></ul><ul><li>For additional information: </li></ul><ul><li>Jos é Vicente Ortega </li></ul><ul><li>[email_address] </li></ul><ul><li>817-727-4530 </li></ul>