CSI Survey 2007 Tiffany Gorman

Slides:

Advertisements

Similar presentations

Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Introduction and Overview of Digital Crime and Digital Terrorism

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Module 2.2 Security, legal and ethical issues Theme: Finding solutions.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Week 12 – Monday.  What did we talk about last time?  Security policies  Physical security  Lock picking.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Cyber-Warfare: The Future is Now!

CYBER CRIME AND SECURITY TRENDS

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

General Awareness Training

What distinguishes cyber crime from “traditional” crime? What distinguishes cyber crime from “traditional” crime? How has the Internet expanded opportunities.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Network Security Overview Ali Shayan Network Security Management’s Perspective Dangers: – Negligence – Dereliction of duty – Liable for damaged.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Mike Wyatt, Director State Public Sector Cyber Risk Services

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

Scott Charney Cybercrime and Risk Management PwC.

Cyber Security Management Lesson Introduction ●Understand organizational context for cyber security ●Understand the people, process and technology dimensions.

Cybercrime What is it, what does it cost, & how is it regulated?

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Security: Emerging Threats & Trends Danielle Alvarez, CISO.

A threat to global security and economy Koushik Mannepalli CMPE 294.

1 Pertemuan 8 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.

MIS323 – Business Telecommunications Chapter 10 Security.

WHAT IS CYBER SECURITY? Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great.

Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

Chapter One Copyright © 2016 Thomas J. Holt. All rights reserved.

EIC – Jornada ciberatacs cyber risk outlook June 2016.

“2016 Will Be Better” (Prediction to the OCU Staff in November 2015)

Technical Implementation: Security Risks

Securing Information Systems

Cybersecurity as a Business Differentiator

Securing Information Systems

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

Information Security Program

Cyber Security Zafar Sadik

Cybersecurity - What’s Next? June 2017

Level 2 Diploma Unit 11 IT Security

Public Facilities and Cyber Security

Data protection headaches: GDPR, brexit AND perimeter risk

I S P S loss Prevention.

Data Compromises: A Tax Practitioners “Nightmare”

Security in the Workplace: Information Assurance

Dissecting the Cyber Security Threat Landscape

Securing Information Systems

CYBER CRIME Matthew Purchase.

Curating an Effective Security Culture

CSI/FBI 2007, 2009, 2010/11 Key findings.

SECURITY POLICIES, LAWS AND COMPUTER CRIMES (CCI410) PERTEMUAN 12

Chapter 9 E-Commerce Security and Fraud Protection

Forensic and Investigative Accounting

INFORMATION SYSTEMS SECURITY and CONTROL

Philip Nichilo Vincent Carestia

Cybercrime and Canadian Businesses

Clemson University Red Flags Rule Training

Forensic and Investigative Accounting

Figuring out CyberSecurity Return On Investment

Presentation transcript:

CSI Survey 2007 Tiffany Gorman

Computer Crime and Security Survey Significant rise in estimated losses due to cybercrime Efforts in Cyber Security showing some return on investment Longest running survey in information security field- 12 years 494 computer security practitioners responded of 5000 requests

Key Findings Average annual loss reported up to $350,424 from $168,000 18% suffered one or more targeted attacks Financial fraud rose above virus attacks as source of greatest financial losses Insider abuse of network access became most prevalent security problem Reporting to law enforcement continued to increase

Issues Virus pattern recognition software to identify threats with known signatures Criminals more sophisticated Criminals no longer motivated by “glory”, but by financial gain Malware signature detection less effective Simply not paying attention

Issues Financial losses are estimates Down time difficult to predict IT Security not limited to technology; includes Audit and Legal Departments

Business Justifications 61% of respondents allocated <5% of IT budget to information security Training of employees responsible for sensitive information Security Awareness training <1% of budget ROI, NPV, and IRR necessary for mgmt approval

Frequency, Nature, and Cost of Breaches Less frequent, but cost more Small percentage attributed to insiders (<20%) Total losses: $66,930,950 Financial Fraud= #1 $21,124,750 Virus= #2 $8,391,800

Effectiveness of Security Anti-Virus Software Firewall VPN Internal Security Audits Penetration Testing External Security Audits

Actions Following Incidents Attempted to ID perpetrator Patch security holes Install security patches Install additional security software Report to law enforcement WHY NOT???? #1 Reason

Summary Trend of reduction of losses couldn’t continue Networks and operating systems complexity Cybercrime and ID theft reduce consumer confidence Move toward identity management Educate computer security professionals

QUESTIONS????