Risk Management On The Internet
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Risk Management On The Internet as PDF for free.
More details
- Words: 719
- Pages: 32
Risk Management on the Internet
Internet: A critical tool for businesses today.
Internet • Communication: – – – –
Clients Suppliers Partners Personal
Factors that increase the threat • Broadband Technology – ADSL, DSL, ISDN, Cable-Modem, etc.
• Economy Globalization – A new era of interaction between nations, economies and people.
• Increase in technology complexity. • The complexity is directly proportional to the bugs in the systems.
What are the risks on the Internet? Key Cases & Events
Consequences of poor security • Financial Loss • Theft – Intellectual Property – Credit Card/Personal Information • Virus • Loss of Trust • E-Graffiti • Denial of Service
Consequences of poor security FINANCIAL LOSS • Virus I Love You – Caused financial loss in excess of $10 billion, estimates Computer Economics. • It is estimated that the attacks on Yahoo!, Buy.com, eBay, CNN, & Amazon.com caused $1.2 billions of lost revenue. (Source: The Yankee Group). • Theft of credit card information have included CD Universe (300,000), VISA USA (485,000) and more recently a hacker accessed 5.6 million credit cards from a company that processes transactions on behalf of merchants.
Abuse & Losses in Industry, Goverment and Education... • 90% detected intruders in their systems. • 70% reported serious flaws in security: – Theft of intellectual and digital property. – Financial fraud. – Faulty service and sabotage.
90 80 70 60 50 40 30 20 10 0 Intrusions
Flaws
223 Respondents Source: SF CSI
Abuse & Losses in Industry, Goverment and Education... 223 Respondents 80 70 60 50 40 30
• 80% acknowledged financial losses due to computer breaches. • 44% were willing and/or able to quantify their financial losses. • Losses Totaled $455,848,000
20 Losses
Quantify Source: SF CSI
Hackers, Crackers, Script Kiddies and Thieves
http://www.infochannel.com.mx/
http://www.sanpedro.gob.mx/
http://www.cordiplan.gov.ve/
How money was lost 2002 CSI/FBI Computer Crime and Security Survey
$6.5 M + $4.6 M +
Nota: Average Losses per ocurrence.
$541,000
$300,000
$226,000
Theft of proprietary information
Financial Fraud
Sabotage Unauthorized System of insider penetration data networks access by an outsider
How security has been handled until now
The traditional security model • Prevention • Increased revenues • Confidentiality “Trust” “Implementing a robust security will increase earnings, establish confidentiality between your clients, suppliers and partners”
Avoiding the threat is not sufficient • Every security product has failed occasionally. • 98% of all respondents acknowledged having anti-virus software, nevertheless 90% reported cases of contamination by virus. • 91% of all respondents have firewalls in place, nevertheless 40% reported system penetration, which has increased for the fourth consecutive year. -- Computer Security Institute / FBI, 2002
Lack of Security • Consequences of… – – – –
Loss of confidence in the market Reduction in the shareholding price Hiring additional personnel Difficulty when raising capital
Too Much Security • Consequences of… – Loss of revenue – Creates obstacles for the clients – Loss of image in the market
The perfect Balance • Providing the right balance between good security measures, which allow the right person to access the right data at the right time.
A new security perspective
Manage the Risk • Quantify the risk – Evaluate probabilities – Consequences of a disastrous event
Manage the Risk… • Take corrective measures – Reduce the risk • Diminish probabilities, consequences or both.
– Transfer the risk • Acquire insurance policies to indemnify your organization and third-party.
Manage the Risk… • Effective use of security products to reduce the risk. • Why effective? – These tools should be implemented when the savings due to the reduction of the risk, justifies the investment in the product.
Manage the Risk… 1. Safe $500,000 2. Safe $ 25,000 / Insurance Policy $ 16,000 Safe 3. Safe $5,000 & Insurance Policy $5,000 (requires a safe).
Diamond $ 50,000
Issues to consider when establishing a global security strategy • Accept part of the risk. • Reduce part of the risk using security products and procedures. • Transfer part of the risk. • Recruit adequate personnel based on responsability. • Integration.
Conclusion • Information security should NOT be considered merely a technical problem. • Information security should be a dynamic process that requires constant supervision, not only by technical personnel, but from personnel in general.
Questions?
http://www.sekiur.com
Risk Management on the Internet • For additional information: José Vicente Ortega [email protected] 817-727-4530
Internet: A critical tool for businesses today.
Internet • Communication: – – – –
Clients Suppliers Partners Personal
Factors that increase the threat • Broadband Technology – ADSL, DSL, ISDN, Cable-Modem, etc.
• Economy Globalization – A new era of interaction between nations, economies and people.
• Increase in technology complexity. • The complexity is directly proportional to the bugs in the systems.
What are the risks on the Internet? Key Cases & Events
Consequences of poor security • Financial Loss • Theft – Intellectual Property – Credit Card/Personal Information • Virus • Loss of Trust • E-Graffiti • Denial of Service
Consequences of poor security FINANCIAL LOSS • Virus I Love You – Caused financial loss in excess of $10 billion, estimates Computer Economics. • It is estimated that the attacks on Yahoo!, Buy.com, eBay, CNN, & Amazon.com caused $1.2 billions of lost revenue. (Source: The Yankee Group). • Theft of credit card information have included CD Universe (300,000), VISA USA (485,000) and more recently a hacker accessed 5.6 million credit cards from a company that processes transactions on behalf of merchants.
Abuse & Losses in Industry, Goverment and Education... • 90% detected intruders in their systems. • 70% reported serious flaws in security: – Theft of intellectual and digital property. – Financial fraud. – Faulty service and sabotage.
90 80 70 60 50 40 30 20 10 0 Intrusions
Flaws
223 Respondents Source: SF CSI
Abuse & Losses in Industry, Goverment and Education... 223 Respondents 80 70 60 50 40 30
• 80% acknowledged financial losses due to computer breaches. • 44% were willing and/or able to quantify their financial losses. • Losses Totaled $455,848,000
20 Losses
Quantify Source: SF CSI
Hackers, Crackers, Script Kiddies and Thieves
http://www.infochannel.com.mx/
http://www.sanpedro.gob.mx/
http://www.cordiplan.gov.ve/
How money was lost 2002 CSI/FBI Computer Crime and Security Survey
$6.5 M + $4.6 M +
Nota: Average Losses per ocurrence.
$541,000
$300,000
$226,000
Theft of proprietary information
Financial Fraud
Sabotage Unauthorized System of insider penetration data networks access by an outsider
How security has been handled until now
The traditional security model • Prevention • Increased revenues • Confidentiality “Trust” “Implementing a robust security will increase earnings, establish confidentiality between your clients, suppliers and partners”
Avoiding the threat is not sufficient • Every security product has failed occasionally. • 98% of all respondents acknowledged having anti-virus software, nevertheless 90% reported cases of contamination by virus. • 91% of all respondents have firewalls in place, nevertheless 40% reported system penetration, which has increased for the fourth consecutive year. -- Computer Security Institute / FBI, 2002
Lack of Security • Consequences of… – – – –
Loss of confidence in the market Reduction in the shareholding price Hiring additional personnel Difficulty when raising capital
Too Much Security • Consequences of… – Loss of revenue – Creates obstacles for the clients – Loss of image in the market
The perfect Balance • Providing the right balance between good security measures, which allow the right person to access the right data at the right time.
A new security perspective
Manage the Risk • Quantify the risk – Evaluate probabilities – Consequences of a disastrous event
Manage the Risk… • Take corrective measures – Reduce the risk • Diminish probabilities, consequences or both.
– Transfer the risk • Acquire insurance policies to indemnify your organization and third-party.
Manage the Risk… • Effective use of security products to reduce the risk. • Why effective? – These tools should be implemented when the savings due to the reduction of the risk, justifies the investment in the product.
Manage the Risk… 1. Safe $500,000 2. Safe $ 25,000 / Insurance Policy $ 16,000 Safe 3. Safe $5,000 & Insurance Policy $5,000 (requires a safe).
Diamond $ 50,000
Issues to consider when establishing a global security strategy • Accept part of the risk. • Reduce part of the risk using security products and procedures. • Transfer part of the risk. • Recruit adequate personnel based on responsability. • Integration.
Conclusion • Information security should NOT be considered merely a technical problem. • Information security should be a dynamic process that requires constant supervision, not only by technical personnel, but from personnel in general.
Questions?
http://www.sekiur.com
Risk Management on the Internet • For additional information: José Vicente Ortega [email protected] 817-727-4530
Related Documents
Risk Management On The Internet
October 2019 21
Notes On Risk Management
December 2019 18
Definitions Of Risk Management On The Web:
June 2020 3
On The Optimal Management Of Project Risk
November 2019 8
Risk Management
June 2020 20
Risk Management
June 2020 17More Documents from "V. Balasubramaniam"
Gerencia De Riesgos En Internet
October 2019 20
Risk Management On The Internet
October 2019 21
Apuntes Cto. Ies '09
June 2020 11
Carta A Un Interino. M.a. Santosguerra
November 2019 18
