Risk Management on the Internet

Internet: A critical tool for businesses today.

Internet
Communication:
Clients
Suppliers
Partners
Personal

Factors that increase the threat
Broadband Technology
ADSL, DSL, ISDN, Cable-Modem, etc.
Economy Globalization
A new era of interaction between nations, economies and people.
Increase in technology complexity.
The complexity is directly proportional to the bugs in the systems.

What are the risks on the Internet? Key Cases & Events

Consequences of poor security
Financial Loss
Theft
Intellectual Property
Credit Card/Personal Information
Virus
Loss of Trust
E-Graffiti
Denial of Service

Consequences of poor security
Virus I Love You – Caused financial loss in excess of $10 billion, estimates Computer Economics.
It is estimated that the attacks on Yahoo!, Buy.com, eBay, CNN, & Amazon.com caused $1.2 billions of lost revenue. ( Source: The Yankee Group).
Theft of credit card information have included CD Universe (300,000), VISA USA (485,000) and more recently a hacker accessed 5.6 million credit cards from a company that processes transactions on behalf of merchants.
FINANCIAL LOSS

Abuse & Losses in Industry, Goverment and Education...
90% detected intruders in their systems.
70% reported serious flaws in security:
Theft of intellectual and digital property.
Financial fraud.
Faulty service and sabotage.
223 Respondents Source: SF CSI 0 10 20 30 40 50 60 70 80 90 Intrusions Flaws

Abuse & Losses in Industry, Goverment and Education...
80% acknowledged financial losses due to computer breaches .
44% were willing and/or able to quantify their financial losses .
Losses Totaled $ 455,848,000
20 30 40 50 60 70 80 Losses Quantify 223 Respondents Source: SF CSI

Hackers, Crackers, Script Kiddies and Thieves

http://www.infochannel.com.mx/

http://www.sanpedro.gob.mx/

http://www. cordiplan.gov.ve /

How money was lost 2002 CSI/FBI Computer Crime and Security Survey Nota : Average Losses per ocurrence . Financial Fraud Theft of proprietary information System penetration by an outsider Unauthorized insider access Sabotage of data networks $6.5 M + $4.6 M + $541,000 $300,000 $226,000

How security has been handled until now

The traditional security model
Prevention
Increased revenues
Confidentiality “Trust”
“ Implementing a robust security will increase earnings, establish confidentiality between your clients, suppliers and partners”

Avoiding the threat is not sufficient
Every security product has failed occasionally.
98% of all respondents acknowledged having anti-virus software, nevertheless 90% reported cases of contamination by virus.
91% of all respondents have firewalls in place, nevertheless 40% report ed system penetration , which has increased for the fourth consecutive year .
-- Computer Security Institute / FBI, 2002

Lack of Security
Consequences of…
Loss of confidence in the market
Reduction in the shareholding price
Hiring additional personnel
Difficulty when raising capital

Too Much Security
Consequences of…
Loss of revenue
Creates obstacles for the clients
Loss of image in the market

The perfect Balance
Providing the right balance between good security measures, which allow the right person to access the right data at the right time.

A new security perspective

Manage the Risk
Quantify the risk
Evaluate probabilities
Consequences of a disastrous event

Manage the Risk…
Take corrective measures
Reduce the risk
Diminish probabilities, consequences or both.
Transfer the risk
Acquire insurance policies to indemnify your organization and third-party.

Manage the Risk…
Effective use of security products to reduce the risk.
Why effective?
These tools should be implemented when the savings due to the reduction of the risk, justifies the investment in the product.

Manage the Risk…
Safe $500,000
Safe $ 25,000 / Insurance Policy $ 16,000
Safe $5,000 & Insurance Policy $5,000 (requires a safe).
Safe Diamond $ 50,000

Issues to consider when establishing a global security strategy
Accept part of the risk.
Reduce part of the risk using security products and procedures.
Transfer part of the risk.
Recruit adequate personnel based on responsability.
Integration.

Conclusion
Information security should NOT be considered merely a technical problem.
Information security should be a dynamic process that requires constant supervision, not only by technical personnel, but from personnel in general.

Questions ?

http://www.sekiur.com
Risk Management
on the Internet
For additional information:
Jos é Vicente Ortega
[email_address]
817-727-4530

http://www.sekiur.com	35
http://sekiur.com	9
http://translate.googleusercontent.com	1

Risk Management on the Internet

by sekiur on Sep 18, 2009

Accessibility

Categories

Tags

Upload Details

Usage Rights

3 Embeds 45

Statistics

Risk Management on the Internet — Presentation Transcript