Information Security

The CIA TriadConfidentialitConfidentialit

yy

IntegritIntegrityy

AvailabiliAvailabilityty

The state of being secret

The state or quality of being

entire or complete

Present and ready for use

SecuritySecurity

The Job

http://technet.microsoft.com/en-us/library/cc723507.aspx

Agenda

Some Threats

Some Controls

San Francisco – Terry Childs

http://articles.sfgate.com/2008-12-27/bay-area/17133065_1_computer-network-mr-childs-passwords

UBS – Roger Duronio

http://www.cbsnews.com/stories/2002/12/18/tech/main533450.shtml

Certegy Check Services

Lost Backup Tapes

Australia – Vitek Boden

“…marine life died, the creek water turned black and the stench was unbearable for residents…”

- Australian EPA

This file is licensed under the Creative Commons Attribution-Share Alike 2.5 Generic license

California – Mario Azar

Google and China

Waheed Mahmood

http://news.bbc.co.uk/

Lost Laptop

Scottish Council Loses Pay Details

Customer Information in Bins

The Biggie …

SMART

Where is Security?

IT Security?

Information Security?

Physical Security?

Business Security? Business Assurance?

Some Problems

IT Vendors

People – IT, employees, others …

Complexity

Technology

Control Systems

Anyone who thinks that I am responsible for Information Security

Agenda

Some Problems

Some Solutions

- 22 -

Security Golden Rules

Accept Challenges

Display Your Badge

Assess Risks

Protect Your Identity

Thirty Minute Rule

Security Program

Risk Management

Policy … Standards

Business Engagement

Culture / Behaviour Change

Security Architecture

Metrics and Measurements

Management System

Money / Staff

Controls

Further Reading

Bruce Schneier

SANS Internet Storm Centre / Newsbites

SecurityFocus

Titan Rain

Advanced Persistent Threat

Jericho Forum

Questions

Reading List

Ross Anderson: Security Engineering

Bruce Schneier: Secrets & Lies