women in technology 2009 mary henthorn. security prevent loss, theft, or inappropriate access...
TRANSCRIPT
Security and PrivacyWomen in Technology
2009Mary Henthorn
Security◦Prevent loss, theft, or inappropriate access
Privacy◦Ensure freedom from intrusion or disturbance
Security Policies Protect Privacy
Security and Privacy
Who’s responsible?
Security and Privacy
Chief Executive Officer Chief Technology Officer Chief Security Officer IT Professional Other Business Mom Everyone
Women in IT
Physical
Logical
There Is No Perimeter
Cameras Logs Monitoring Breach notification letters Data backup tapes RFID
Security May Breach Privacy
Breach laws Freedom of information
$20 Million Settlement on VA Data Theft
State tape with data on 800,000 missing
TV News Crew – and You!
Know your enemies Classify your assets Identify constraints and parameters Assess risks Implement security, develop policies
Repeat!
What’s Your Strategy?
Physical◦Equipment failure◦Natural disaster◦Manmade disaster◦Theft
Logical◦Malware◦Denial of service◦Data corruption
Threats
Physical accessibility Physical weaknesses Location
People
Application weaknesses◦Memory, input, race, privilege, user interface
Inadequate access control
Vulnerabilities
Property◦Dollar value
Systems◦Criticality
Data◦Sensitivity
Classify Assets
Extremely
Critical
Critical
Not Critical
Laws
Regulations
Contracts
Policies
Constraints and Parameters
Violation of law Disclosure of personal information Violation of contracts, regulations, or policy Loss of revenue Misuse of resources Corruption of data Unavailable resources Loss of reputation Criminal or civil liability Loss of trust
Risks
1. Use and update firewalls and anti-virus2. Properly setup and patch OS and applications3. Use appropriate authentication – passwords4. Lock unattended workstations5. Backup data6. Use the Internet with caution7. Be careful with email, social networking8. Review security regularly9. Respond to incidents appropriately10. Recognize security is everyone’s responsibility
Defensive Strategies
Layers of protection
◦Internet access point traffic analysis◦Router firewall◦Desktop firewall
◦Fence and secured gate◦Locked front door◦Locked office door
Defense in Depth
Variety of protection
◦Firewall◦Anti-virus◦Authentication
◦Security cameras◦Locked doors and file cabinets◦Scanners
Defense in Breadth
Be Informed, Stay Alert
Creative Office Security
Computer Emergency Readiness Team◦ www.uscert.gov
National Institute of Standards and Technology◦ www.nist.gov
Identity Theft◦ www.ftc.gov/idtheft
Arkansas Security◦ www.dis.arkansas.gov/security
Resources