Information Security

The CIA TriadConfidentialitConfidentialit

yy

IntegritIntegrityy

AvailabiliAvailabilityty

The state of being secret

The state or quality of being

entire or complete

Present and ready for use

SecuritySecurity

The Job

http://technet.microsoft.com/en-us/library/cc723507.aspx

Agenda

Some ThreatsSome Controls

San Francisco – Terry Childs

http://articles.sfgate.com/2008-12-27/bay-area/17133065_1_computer-network-mr-childs-passwords

UBS – Roger Duronio

http://www.cbsnews.com/stories/2002/12/18/tech/main533450.shtml

Certegy Check Services

Lost Backup Tapes

Australia – Vitek Boden

“…marine life died, the creek water turned black and the stench was unbearable for residents…”

- Australian EPA

This file is licensed under the Creative Commons Attribution-Share Alike 2.5 Generic license

California – Mario Azar

Google and China

Waheed Mahmood

http://news.bbc.co.uk/

Lost Laptop

Scottish Council Loses Pay Details

Customer Information in Bins

The Biggie …

SMART

Where is Security?

IT Security?

Information Security?

Physical Security?

Business Security? Business Assurance?

Some Problems

IT VendorsPeople – IT, employees, others …ComplexityTechnologyControl SystemsAnyone who thinks that I am responsible for Information Security

Agenda

Some ProblemsSome Solutions

- 22 -

Security Golden Rules

Accept Challenges

Display Your Badge

Assess Risks

Protect Your Identity

Thirty Minute Rule

Security Program

Risk ManagementPolicy … StandardsBusiness EngagementCulture / Behaviour ChangeSecurity ArchitectureMetrics and MeasurementsManagement SystemMoney / StaffControls

Further Reading

Bruce SchneierSANS Internet Storm Centre / NewsbitesSecurityFocusTitan RainAdvanced Persistent ThreatJericho Forum

Questions

Reading List

Ross Anderson: Security EngineeringBruce Schneier: Secrets & Lies