Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Telstra in Confidence Managing Security for our Mobile Technology."— Presentation transcript:

1 1 Telstra in Confidence Managing Security for our Mobile Technology

2 2 Telstra in Confidence Security Management Purpose Protection of Assets Protection of Services Prevention of Fraud Overall protection of revenue

3 3 Telstra in Confidence Content 1.Physical Security 2.Infrastructure Security 3.Responding to Emergencies

4 4 Telstra in Confidence Physical Base stations Data centres Network sites Network/Platform Infrastructure Servers Routers Firewalls Two Areas of Security

5 5 Telstra in Confidence Corporate Strategies – Physical Security Managed access –Managing who has the right to access Security monitoring –Monitoring priority sites through cameras and electronic access Fences, keys, alarming –Securing the perimeter to prevent access Site security auditing –Ensuring compliance to security policy Guard monitoring

6 6 Telstra in Confidence The Infrastructure Security Posture ATTACK WORM Every Way In WORM

7 7 Telstra in Confidence Corporate Strategies – Infrastructure Security Establish security policies Security alert methods Dedicated centre of excellence for IT/IP security mgt Vulnerability management processes Security incident management processes Intrusion detection

8 8 Telstra in Confidence Today's Organizational Issues Management of Infrastructure Security Increase of skills in hacking and fraudulent tools and techniques Protecting what you don’t know (understanding the risk) Cost of managing security Ability for organizations to act Complexity of our infrastructure Increasing identification of vulnerabilities Recognition and support by senior management of security management

9 9 Telstra in Confidence Defense in Depth Protect at all levels Focus on depth in setting up defense Apply security technology at all layers Apply security principles and processes at all layers

10 10 Telstra in Confidence Code Red Propagation July 19, midnight - 159 hosts infected

11 11 Telstra in Confidence Code Red Propagation (cont’d) July 19, 11:40 am - 4,920 hosts infected

12 12 Telstra in Confidence Code Red Propagation (cont’d) July 20, midnight - 341,015 hosts infected

13 13 Telstra in Confidence Technical knowledge required Threat Capabilities: More Dangerous and Easier to Use Sophistication of hacker tools Packet Forging/ Spoofing 19901980 Password Guessing Self Replicating Code Password Cracking Exploiting Known Vulnerabilities Disabling Audits Back Doors Sweepers Sniffers Stealth Diagnostics High Low 2000 DDoS Internet Worms

14 14 Telstra in Confidence Type of Crime20022003 Unauthorized Privileged Access $ 106K$322K +300% Financial fraud $ 807K$3.5M +430% Telecommunications Fraud$ 101K$415K +410% Web Defacement$ -$58K - Denial of service $ 181K$397K +220% Virus, Worm, Trojan Infection $ 891K$2.2M +245% Unauthorized Insider Access$ 145K$262K +180% –TOTAL$ 2.2M$7.1M +320% –Compare this to the cost of implementing a comprehensive security solution! Cost of Poor Security Source: 2003 Australian Computer Crime and Security Survey

15 15 Telstra in Confidence Responding to Emergencies

16 16 Telstra in Confidence Business Continuity Plans Business Continuity Plans have been developed for all our strategic sites, Internet Data Centres, and Melbourne and Sydney cable tunnels. Generic Site recovery Process developed for 410 sites and is generic enough to apply to all sites. Critical processes and applications used to support the processes have: –Business Continuity Plans –Application Recovery Plans –Infrastructure Recovery Plans

17 17 Telstra in Confidence Blackout 2003 Scenario in Australia All category 1 and 2 sites have Emergency Power Plant Sites which do not have Emergency Power Plant would run out of battery reserve over a varied period of time Portable generation equipment would not be viable in this scenario due to demands by other community groups and the likelihood of theft. Business Continuity Plans applied to protect services Initiate Serious Incident Mgt Process

18 18 Telstra in Confidence Example - Responding to Fires, Floods, etc The Key is Process How it would work - Example Centralised Serious Incident Mgt Team Sites in affected area monitored Situation monitored Distribution of resources Appropriate activities commissioned Centralised, national command and planning activities

19 19 Telstra in Confidence Conclusion Mobile’s Infrastructure Security mgt expands across both Physical and Logical aspects Corporate strategies to address the growing complexity of security risk in infrastructure Key to any Security or Emergency mgt – Is its management processes Focus on the management of Security Risk with prevention as the priority

Download ppt "1 Telstra in Confidence Managing Security for our Mobile Technology."

Similar presentations

© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
4 Information Security.

4 Information Security.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.

Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Security Controls – What Works

Security Controls – What Works
Increasing customer value through effective security risk management

Increasing customer value through effective security risk management
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.

Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter.

Similar presentations

Ads by Google