Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system."— Presentation transcript:

1 Reliability and Security

2 Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system Disaster planning Security is a process, not a product

3 Internet Security What’s different about the Internet and computerized attacks? Complexity Automation Action at a distance Propagation of techniques Class breaks

4 Is IT Security a Technical Problem? Socio-technical systems view of IT security –Technical system includes hardware software, networks, data –Social system includes people, processes, organization, work design, objectives –Socio-technical solution is the best total solution, may not optimize either social or technical solution

5 Is IT Security a Technical Problem? Schneier – security is provided within a context. –An asset is secured from a particular type of attack from a particular type of attacker –Assets and attacks exist in contexts –Context (especially the social part) matters more than technology

6 Types of Attack What’s the same Theft Embezzlement Vandalism Exploitation Fraud Extortion Threat of harm Privacy violations

7 Attack Types Schneier’s classification –Criminal attacks –Privacy violations –Publicity attacks By attacker motive –Financial or other gain –To damage others –Privacy violations

8 Gain Motivated Attacks Fraud Intellectual Property Theft Identity Theft Brand Theft Publicity Attacks

9 Privacy Violations Stalking Surveillance Databases Traffic Analysis Broad Scale Electronic Monitoring

10 Attacks aimed at damaging others Denial-of Service attacks Defacing web sites Viruses and their ilk

11 Adversaries Those classified as criminals Hackers Lone Criminals Malicious Insiders Organized Crime Terrorists

12 Adversaries Those with claims of legitimacy Industrial spies The press The police National Intelligence Organizations Infowarriors

13 Phishing

14 Antiphishing.org

15 Microsoft Vulnerabilities Sharp increase in attacks on Windows based PCs in 1 st half of 2004 –1237 new vulnerabilities or 48/week Increase in number of bot networks –30,000 from 2,000 in previous 6 months Increase in percent of e-commerce attacks from 4% to 16% 450% increase in new Windows viruses – 4,496

16

17

18

19 Risk Components Magnitude of loss Likelihood of loss Exposure to loss

20 Management of Risk Control Information Time

21

22

23

24

25 Miscellaneous Defensive Measures Security policies Firewalls Intrusion detection Encryption Authentication

26 Liability Argument Who should be held liable? –Software vendors, e.g. Microsoft –Network owner, e.g. ISP (Comcast) –Person who wrote the attack tool –Person who used the attack tool –The public The ATM example

27 Three Steps to Improving IT Security 1)Enforce liability 2)Permit parties to transfer liability 3)Provide mechanisms to reduce risk

Download ppt "Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system."

Similar presentations

Cyber Crime and Technology

Cyber Crime and Technology
Introduction and Overview of Digital Crime and Digital Terrorism

Introduction and Overview of Digital Crime and Digital Terrorism
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.

Similar presentations

Ads by Google