Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise IT Security What you need to know Presented By Vipul Shah Director, PC Solutions Limited.

Similar presentations


Presentation on theme: "Enterprise IT Security What you need to know Presented By Vipul Shah Director, PC Solutions Limited."— Presentation transcript:

1 Enterprise IT Security What you need to know Presented By Vipul Shah Director, PC Solutions Limited

2 Objective Raise awareness that IT Security is 1. an important business issue, 2. deserves the attention of the organisational leadership AND 3. must be part of an overall risk management strategy for the organisation

3 If you are a leader within an organisation Ask yourself 1. Has computer security received my attention? 2. Do I assist my IT team by providing them with the tools they need to do their jobs? 3. Do I support my IT team by abiding by the policies that have been set? 4. Do we have good company wide IT policies in place? Probably not Probably NO

4 So does Anyone care about Security? When we buy a new car we 1.first install the state of the art alarm system 2.then we install tracker 3.then we insure the car so that if 1 and 2 fail we can still buy another and 4.then we employ security guards – at home, at the office and even on the streets We always worry about loss or damage to our assets. We crave security !

5 Where are your companys assets? Buildings Vehicles Fixtures and fittings Computer and office equipment IS That it? Information and Data held on computers and servers throughout the organisation is also a business asset

6 What is the information worth? 1. If your competitor got the names and details of all your customers would you have a problem? 2. If a fire destroyed all your buildings and your records what would you do? 3. If the day before a major tender your hard drive crashed– what would you do?

7 What is the information worth? 1. If your competitor got the names and details of all your customers would you have a problem? 2. If a fire destroyed all your buildings and your records what would you do? 3. If the day before a major tender your hard drive crashed– what would you do? If you are in the service industry then your information is your PRIMARY asset. Impossible to put a value on how much it is really worth.

8 When thinking of your corporate assets INCLUDE your IT systems and the data that resides on them. Step one to an effective security system Know what you want to protect

9 What are the risks to your IT assets ? Physical risks –Theft –Damage –Disaster –Catastrophe Digital Risks –Viruses –Denial of Service –Unauthorised access –Abuse of the systems –Malicious code

10 Physical Risks Walls/ fences Locks Security guards Fire detection systems Fire proof safes Off-site storage of data/ backups

11 Digital Risks Viruses Denial of Service Unauthorised access Abuse of the systems Malicious code

12 Viruses Well Known Risk How many have AV software? How many paid for AV software? How do you manage the updates/ upgrades process? –Do you have a policy? –Do you have someone responsible/accountable? –Are you protecting all the entry points?

13 Denial of Service Attack in which the organisation is denied access to a specific service Known to have affected Global Brands such as Yahoo and ebay Often carried out by exploiting known weaknesses in the OS When a DoS attack happens Would you –know you were being subjected to a DoS attack? –How would you react? –Is there a plan in place to deal with the event?

14 Unauthorised Access unauthorised use of your corporate systems –Theft, unauthorised changes, deletion, and unauthorised distribution Issue of Data Security and Integrity Many ways these are carried out –user error, ex-employees whose passwords are still active, Hackers etc. Impact –From Minor embarassment to multi-million $$$ losses affecting many people

15 Unauthorised access 2 What do you do to limit unauthorised access? –Have you got effective password management? –Do users know never to give their passwords out to anyone? –How well does your IDS work? –Have you investigated encryption ? You have a financial audit annually – when was the last time you had a IT security audit?

16 Abuse of the Systems Generally internal to the organisation –Physical world – my guys having a long break –Virtual world – Use of IT resources for personal use (lara croft manuals) SPAM –Unsolicited email sent to people without their consent Mail relay –Use of your bandwidth to send mails (SPAM)

17 Abuse of the Systems (2) Why is this an issue? –TIME Cost of SPAM to a 100 user organisation will exceed US $5,000 per year. –Use of resources paid for by the organisation –Loss of business Do you have an appropriate use policy? –For example no personal use of email during the working day? No XXX material!Company policy on not sending out SPAM mail?

18 Malicious Code Software designed to cause losses/ damage? Some written by employees (fraud/ revenge) More publicity – Worms and Trojans –Blaster Worm – takes advantage of error in s/w code to spread to many computers and then launch a coordinated attack on MS Windows update site –Nachi worm – designed to clean the Blaster worm then delete itself on 1/1/2004 –Klez – around since April but still prevalent and exploits weakness in IE 5 and 5.5 without SP. Mails itself to people on the mailing list

19 Malicious Code (2) How do you guard? Employee designed S/W – Difficult but needs an effective authorisation procedure Worms – make sure AV is always uptodate and ensure all latest patches are installed Massive task given the number of patches being released Are you protecting all the different entry points?

20 Digital Risks Viruses Denial of Service Unauthorised access Abuse of the systems Malicious code

21 Some other issues IT Staff are probably stretched fighting fires Range of skills unavailable – impossible to be good at everything Intrusion Detection Systems generating so many alerts impossible to tell actual threats from background noise Lack of management support – I dont want to know your problems just fix it

22 Recap Raise awareness that IT Security is 1. an important business issue, 2. deserves the attention of the organisational leadership AND 3. must be part of an overall risk management strategy for the organisation

23 The risks are known Your choice to act or ignore

24 ACT Identify your IT assets and determine their value Identify the risks and determine the likelihood of the risk Formulate a policy to manage the risks Train the users in implementing the policy Use a firm that can help you design an effective risk management strategy

25 Questions? Contact Vipul Shah Tel: 2133040 or 0741 784 786 Email: vipul@pcsolutions.co.tzvipul@pcsolutions.co.tz Mtendeni Street, DSM


Download ppt "Enterprise IT Security What you need to know Presented By Vipul Shah Director, PC Solutions Limited."

Similar presentations


Ads by Google