Presentation is loading. Please wait.

Presentation is loading. Please wait.

Creating a Security Verified Label Standard Patricia Joseph Joseph Consulting LLC.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Creating a Security Verified Label Standard Patricia Joseph Joseph Consulting LLC."— Presentation transcript:

1 Creating a Security Verified Label Standard Patricia Joseph Joseph Consulting LLC

2 Agenda  Introduction  The Threat is Real & increased trends in security breaches  What is the security problem, if 80% of breaches are preventable?  Need for security and the need for security Labels  Putting it all together; The security verified standard Labels  Conclusion  Questions

3 Introduction  A standard of measurement is needed in the industry to allow consumers the ability to determine quickly if the software and hardware functionality they wish to implement has the ability to be secure within their network.

4 The Threat is Real  Increase in security Breaches:  The number of data breaches up 21% in 2006 and Quadrupled in 2007  In 2008 47% increase over 2007  In the past five years, approximately 500 million records containing personal identifying information of United States residents stored in government and corporate databases was either lost or stolen.  80% of people have had their information stolen in the past five years at least once.

5 What are the gypsies after?  Everything  Credit card information  Health information  Marketing information  Personal Information  Your entire computer; CPU, Hardrive  Just about anything they can steel, aka The Gypsy Hacker

6 80% security Breaches preventable  In the case of a large discount store, mentioned in my abstract, wireless access was left completely open and unsecured.  In the case of a major health care industry, down for a month because of an XXS hacker message.  Major health association allowed major queries to the database exposing confidential information to the public  Simple fixes, Detrimental Impacts

7 Why are there a high number of breaches if 80% are preventable  How could we have a breach? We have a firewall  Main focus is on Functionality  Cost of Security Education of Security Chief Technical officer  Ignorance of the organization Individuals in the organization may not be educated in security or aware of security patches and fixes

8 Need for Security  Do we need Security and security standards?  Of course

9 Known Security Standards  Example of Standards:  Application Wasp  Sox/PCI  2700, NIST  IEEE  How do we put all of these standards together?

10 Standards Working Together Security Verified Label Standard implemented as both a 1. Software Standard 2. Organizational standard

11 All Working together: Security Verified Label standards  Using the OSI model as our basis of organization, we can distinguish and set standards for each layer Application layer Presentation layer Session layer Transport layer Net w ork layer Data link layer Physical layer Application layer standards Presentation layer standards Session layer standards Transport layer standards Network Layer Standards Data link layer standards Physical layer standard

12 Security Verified Label Standard 1. Software companies comply with set standards of how to make their software secure  Examples: Web software: SSL Capable + instructional documentation AIX containing documentation to harden OS

13 Security Verified Label Standard 1. Consumer has a simplified way of telling if software company has considered security through reading the package or product description.  Example: Unix Software Physical Level Secure capable Datalink Level Secure capable Network level Secure capable Web Software Application Level secure capable Session Level secure capable

14 Security Verified Label Standards: Benefits  Faster and easier way to tell through labels if the software you are buying has security capabilities.  Easy way to tell security for non-technical and non-security educated  Cheaper for organizations to implement this security standard  Easier for organizations to implement security through instructions given with software. If the software claims it fits this standard it must come with implementation instructions  Responsibility lies on each part of the organization

15 Working Together: IT Organization  Each part of the organization is responsible for their own piece of security Database Administrator MiddleWare Administrator Network Administrator Unix or Windows Admin Application Developer

16 Conclusion: Creating an Overall Standard  Security decisions need to be made easier, more cheaply for consumers  Using the OSI Model as our level by which to measure a level of security, a label can be given to the software stating at what level it has the potential to be secure.  This security verification standard would outline how the software and hardware would be considered secure. Each level according to the OSI model would contain it’s own set of standards. Once the software/ hardware passes the verification a label can appear next to the software. This will make decisions easier for consumers and essentially easier for upper management to understand.

17 Acknowledgements  http://www.wired.com/threatlevel/2009/11/cyber-attacks- preventable http://www.wired.com/threatlevel/2009/11/cyber-attacks- preventable  http://www.theregister.co.uk/2008/01/02/data_breaches_sky rocket http://www.theregister.co.uk/2008/01/02/data_breaches_sky rocket  http://www.identitytheft.info/breaches09.aspx http://www.identitytheft.info/breaches09.aspx  http://www.idtheftcenter.org/artman2/publish/m_press/2008 _Data_Breach_Totals_Soar.shtml

Download ppt "Creating a Security Verified Label Standard Patricia Joseph Joseph Consulting LLC."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Recommendations on the future of online GyroScope & Databse implementation.

Recommendations on the future of online GyroScope & Databse implementation.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
Internet, Intranet and Extranets

Internet, Intranet and Extranets
An Introduction to Information Systems in Organizations

An Introduction to Information Systems in Organizations
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.

©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
 Advantages  Easy to learn  Graphical Advantages  Help and Support  Widely used  Software compatibility  Customisable  Customisable Hardware 

 Advantages  Easy to learn  Graphical Advantages  Help and Support  Widely used  Software compatibility  Customisable  Customisable Hardware 
Mohammed Saiyeedur Rahman.  E-commerce is buying and selling goods over the internet. This could include selling/buying mobile phones, clothes or DVD’s.

Mohammed Saiyeedur Rahman.  E-commerce is buying and selling goods over the internet. This could include selling/buying mobile phones, clothes or DVD’s.
By: Dr. Mohammed Alojail College of Computer Sciences & Information Technology 1.

By: Dr. Mohammed Alojail College of Computer Sciences & Information Technology 1.
Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.

Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.
Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology

Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Adam Leidigh Brandon Pyle Bernardo Ruiz Daniel Nakamura Arianna Campos.

Adam Leidigh Brandon Pyle Bernardo Ruiz Daniel Nakamura Arianna Campos.
Entré NetMonitor Proactive IT monitoring, Management and support Think DIFFERENT about IT.

Entré NetMonitor Proactive IT monitoring, Management and support Think DIFFERENT about IT.
Fundamentals of Information Systems, Second Edition 1 Information Systems in Organizations.

Fundamentals of Information Systems, Second Edition 1 Information Systems in Organizations.
WORKING EFFECTIVELY IN AN INFORMATION TECHNOLOGY ENVIRONMENT

WORKING EFFECTIVELY IN AN INFORMATION TECHNOLOGY ENVIRONMENT
IBM Start Now Business Intelligence Solutions. Agenda Overview of BI Who will buy and why Start Now BI solution Benefit to customer.

IBM Start Now Business Intelligence Solutions. Agenda Overview of BI Who will buy and why Start Now BI solution Benefit to customer.

Similar presentations

Ads by Google