Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAFE KNOWLEDGEwww.zondex.com INFORMATION MANAGEMENT Chris Joscelyne AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection.

Published byWarren Harris Modified over 8 years ago

Similar presentations

Presentation on theme: "SAFE KNOWLEDGEwww.zondex.com INFORMATION MANAGEMENT Chris Joscelyne AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection."— Presentation transcript:

1 SAFE KNOWLEDGEwww.zondex.com INFORMATION MANAGEMENT Chris Joscelyne AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection

2 SAFE KNOWLEDGEwww.zondex.com Information Management THE FUTURE LANDSCAPE “The business environment of the future is likely to be very different from today’s, where boundaries between personal and business computing will blur and everyone and everything will be linked. In order to survive, firms must manage the new risks this environment creates” David Lacey Risk Management Bulletin

3 SAFE KNOWLEDGEwww.zondex.com Information Management THE ENTERPRISE GOAL The ultimate integration of policies, people, process and technology that will allow us to deliver the right information to the right people at the right time in the right context.

4 SAFE KNOWLEDGEwww.zondex.com Information Management THE ENTERPRISE TODAY “I’m flat out working on my technical responsibilities and I really don’t have the time or resources to get involved with IT security. As long as the network functions smoothly, I’m happy.” Comment from an enterprise IT manager

5 SAFE KNOWLEDGEwww.zondex.com Information Management THE ENTERPRISE TODAY “I have delegated responsibility for all IT security policy to the people in our IT department. They are the IT technical specialists, so this is their logical role.” Comment from an enterprise CEO

6 SAFE KNOWLEDGEwww.zondex.com Information wars “The 21 st Century will be dominated by information wars.” Alvin Toffler Futurist

7 SAFE KNOWLEDGEwww.zondex.com Information security “Organisations must take reasonable steps to keep information secure. Encryption of data is a basic expectation.” Australian Federal Privacy Commissioner

8 SAFE KNOWLEDGEwww.zondex.com Privacy protection “Our survey indicated that while 67% of companies were addressing the requirements outlined in the Privacy Amendment (Private Sector) Act 2000, 55% did not currently encrypt sensitive personal information.” Deloitte Touche Tohmatsu

9 SAFE KNOWLEDGEwww.zondex.com Security problems n Lack of access control

10 SAFE KNOWLEDGEwww.zondex.com Unauthorised access n 70% - internal n Inadvertent access n Office “sticky beaks” n Employees wishing to steal information or damage the employer’s reputation n 30% - external n Recreational hacker groups n Protest groups n Criminals Source: Market research – Australian Projects 2003

11 SAFE KNOWLEDGEwww.zondex.com An unfortunate coincidence n Many organisations require passwords with a minimum of 8 characters n The word “password” has 8 characters n In an organisation in Sydney, the password for over 70% of employees was “password” ------------------------------------------------ n A medical centre in Melbourne required passwords with a minimum of 6 characters. n 100% of doctors had the same password, “doctor”.

12 SAFE KNOWLEDGEwww.zondex.com Security problems n Lack of access control n Unprotected data distribution

13 SAFE KNOWLEDGEwww.zondex.com Unprotected data distribution n Unencrypted email messages and attachments inadvertently sent to unauthorised recipients inside or outside the enterprise n CD-ROMs containing unencrypted confidential data, distributed in unsealed inter-office envelopes or in general mail deliveries

14 SAFE KNOWLEDGEwww.zondex.com Security problems n Lack of access control n Unprotected data distribution n Unsafe storage of data

15 SAFE KNOWLEDGEwww.zondex.com Unsafe data storage practices n Removable media accessible to all employees n Removable media data content unencrypted n Critical data stored on premises with no safety copies stored securely elsewhere n Backup media removed to an unsafe location after hours

16 SAFE KNOWLEDGEwww.zondex.com Security problems n Lack of access control n Unprotected data distribution n Unsafe data storage practices n Unsatisfactory perimeter defence

17 SAFE KNOWLEDGEwww.zondex.com Perimeter defence problems n Lack of understanding of where enterprise perimeters are located n Poor or non-existent security policies relating to laptop PCs, PDAs and other memory devices n No means to prescribe and enforce policies n Inability to detect any difference between normal and abnormal activity as devices connect n No response plan should an incident be detected

18 SAFE KNOWLEDGEwww.zondex.com Security problems n Lack of access control n Unprotected data distribution n Unsafe data storage practices n Unsatisfactory perimeter defence n Lost and stolen equipment

19 SAFE KNOWLEDGEwww.zondex.com Laptops and PDAs are vulnerable to theft Laptop PC and PDA thefts in New South Wales in 2004 n Over 15,000 devices reported stolen n Most had no data protection installed Source: NSW Bureau of Crime statistics

20 SAFE KNOWLEDGEwww.zondex.com Global trend in laptop computer thefts n 80% “amateur” opportunistic thefts n Of these, 80% resold or given to friends n 20% kept for personal use - - - - - - - - - - - - - - - - - - - - - - - - - - - n 20% “professional” thefts n Of these, 50% stripped for spare parts or rebirthing n 50% sold intact Source: Oxygen / STOP

21 SAFE KNOWLEDGEwww.zondex.com Stolen laptops - cost n Equipment replacement cost n Lost software n Lost information n Time to reinstall software and set up n Time to re-enter data n Work interruption Total cost of replacement of hardware, software and data is generally 3 to 5 times the replacement value of the hardware alone. Source: Gartner Group “Total cost of stolen laptops”

22 SAFE KNOWLEDGEwww.zondex.com Laptop & PDA security Security can be divided into two elements: n Physical security n User access control and data encryption The top priorities are: n Changing users' attitudes and habits n Protecting data with encryption Private ownership of PDAs by employees can pose a highly sensitive challenge for the manager who must enforce security policies in relation to these devices.

23 SAFE KNOWLEDGEwww.zondex.com IT Security Check List n Who is responsible for developing and managing IT security policy in your enterprise? n Does your enterprise perceive it as a “technical” issue or a top-down management responsibility? n Is IT security policy in clear non-technical language, and is it communicated effectively to staff? n Do staff adhere to security policies and directives? n Have you implemented a robust access control infrastructure with appropriate user permissions? n How safe is stored data and data in transit, including emails and removable media? n Are your laptop computers & PDA devices encrypted and controlled at enterprise level

24 SAFE KNOWLEDGEwww.zondex.com Information Management The solution? n Develop policies n Adopt technical solutions to implement and enforce policies n Educate employees in language they can understand

25 SAFE KNOWLEDGEwww.zondex.com Chris Joscelyne chris@apro.com.au Tel: 02 9652 2600 Fax:02 9652 2700 www.apro.com.au Reflex – PC Guardian – SecuriKey – Trust Digital – Zondex

Download ppt "SAFE KNOWLEDGEwww.zondex.com INFORMATION MANAGEMENT Chris Joscelyne AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection."

Similar presentations

Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.

Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.

Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.

AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
1 ZIXCORP The Criticality of Email Security Dena Bauckman Director Product Management April 2015.

1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.
SECURITY: 2014. Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.

SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.

Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.

Similar presentations

Ads by Google