Vulnerability Citigroup: Customer losses from hack attack reaches $2.7M – 2011 Hacked in April to June 2011, Sony reportedly lost almost $171 million Money stolen from the hacked business accounts was used by a group related to Al Qaeda to fund terrorist attacks in Asia. According to reports, refunding costumers cost AT&T almost $2 million. $1 million was stolen from stock brokerages Fidelity Investments, Scottrade, E*Trade, and Charles Schwab. The rest of the money was taken from fraudulent tax refunds, with the stolen identities of more than 300 people. News Corporation made a loss of $1.6bn (£1.2bn) in the last quarter as it absorbed $2.8bn in charges related to a plan to spin off its ailing publishing businesses.
Before we continue….. Suppose youre a CEO which policy would you choose : – Very strict – Moderate – Full of freedom
Thats why We Need Security & Control Inadequate security and control may create serious legal liability. Businesses must protect not only their own information assets but also those of customers, employees, and business partners. Failure to do so can lead to costly litigation for data exposure or theft. A sound security and control framework that protects business information assets can thus produce a high return on investment.
Security Aspects for Management Electronic Records Management Policies, procedures and tools for managing the retention, destruction, and storage of electronic records Electronic Evidence Computer data stored on disks and drives, e- mail, instant messages, and e-commerce transactions Computer Forensics Scientific collection, examination, authentication, preservation, and analysis of computer data for use as evidence in a court of law
Security Aspects for Management Risk Assessment Determines the level of risk to the firm if a specific activity or process is not properly controlled Acceptable Use Policy (AUP) Authorization policies Identifying acceptable security goals
Quick Summary Security aspects for management Security is important Security Authorization Assess the risk control
Before we continue…… Suppose that your company involve in serious fraud, and you got the electronic evidence, what would you do ?
Security Ensuring Business Continuity Downtime: Period of time in which a system is not operational Fault-tolerant computer systems: Redundant hardware, software, and power supply components to provide continuous, uninterrupted service High-availability computing: Designing to maximize application and system availability
Security Ensuring Business Continuity Load balancing: Distributes access requests across multiple servers Mirroring: Backup server that duplicates processes on primary server Recovery-oriented computing: Designing computing systems to recover more rapidly from mishaps
Security Ensuring Business Continuity Disaster recovery planning: Plans for restoration of computing and communications disrupted by an event such as an earthquake, flood, or terrorist attack Business continuity planning: Plans for handling mission-critical functions if systems go down
Quick Summary Ensuring Business Continuity Fault tolerant high availability, downtime Recovery oriented Load balancing, mirroring Disaster Recovery Planning
Before we continue…… As customer, can you mention which company is really care about ensuring business continuity ?
Before we continue…… What is the real disaster for digital firm ?
Opportunities & Challenges Creation of secure, reliable Web sites and systems that can support e-commerce and e- business strategies Designing systems that are neither overcontrolled nor undercontrolled Implementing an effective security policy