Enterprise IT Security - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Enterprise IT Security

Description:

deserves the attention of the organisational leadership AND ... Nachi worm designed to clean the Blaster worm then delete itself on 1/1/2004 ... – PowerPoint PPT presentation

Number of Views:374
Avg rating:3.0/5.0
Slides: 26
Provided by: vip70
Category:

less

Transcript and Presenter's Notes

Title: Enterprise IT Security


1
Enterprise IT Security
  • What you need to know
  • Presented By
  • Vipul Shah
  • Director, PC Solutions Limited

2
Objective
  • Raise awareness that IT Security is
  • an important business issue,
  • deserves the attention of the organisational
    leadership AND
  • must be part of an overall risk management
    strategy for the organisation

3
If you are a leader within an organisation
  • Ask yourself
  • Has computer security received my attention?
  • Do I assist my IT team by providing them with the
    tools they need to do their jobs?
  • Do I support my IT team by abiding by the
    policies that have been set?
  • Do we have good company wide IT policies in
    place?

Probably not
Probably NO
4
So does Anyone care about Security?
  • When we buy a new car we
  • first install the state of the art alarm system
  • then we install tracker
  • then we insure the car so that if 1 and 2 fail we
    can still buy another and
  • then we employ security guards at home, at the
    office and even on the streets
  • We always worry about loss or damage to our
    assets. We crave security !

5
Where are your companys assets?
  • Buildings
  • Vehicles
  • Fixtures and fittings
  • Computer and office equipment
  • IS That it?
  • Information and Data held on computers and
    servers throughout the organisation is also a
    business asset  

6
What is the information worth?
  • If your competitor got the names and details of
    all your customers would you have a problem?
  • If a fire destroyed all your buildings and your
    records what would you do?
  • If the day before a major tender your hard drive
    crashed what would you do?

7
What is the information worth?
  • If your competitor got the names and details of
    all your customers would you have a problem?
  • If a fire destroyed all your buildings and your
    records what would you do?
  • If the day before a major tender your hard drive
    crashed what would you do?

If you are in the service industry then your
information is your PRIMARY asset.   Impossible
to put a value on how much it is really worth.
8
  • When thinking of your corporate assets INCLUDE
    your IT systems and the data that resides on
    them.
  •  
  • Step one to an effective security system
  • Know what you want to protect

9
What are the risks to your IT assets ?
  • Physical risks
  • Theft
  • Damage
  • Disaster
  • Catastrophe
  • Digital Risks
  • Viruses
  • Denial of Service
  • Unauthorised access
  • Abuse of the systems
  • Malicious code

10
Physical Risks
  • Walls/ fences
  • Locks
  • Security guards
  • Fire detection systems
  • Fire proof safes
  • Off-site storage of data/ backups

11
Digital Risks
  • Viruses
  • Denial of Service
  • Unauthorised access
  • Abuse of the systems
  • Malicious code

12
Viruses
  • Well Known Risk
  • How many have AV software?
  • How many paid for AV software?
  • How do you manage the updates/ upgrades process?
  • Do you have a policy?
  • Do you have someone responsible/accountable?
  • Are you protecting all the entry points?

13
Denial of Service
  • Attack in which the organisation is denied access
    to a specific service
  • Known to have affected Global Brands such as
    Yahoo and ebay
  • Often carried out by exploiting known weaknesses
    in the OS
  • When a DoS attack happens Would you
  • know you were being subjected to a DoS attack?
  • How would you react?
  • Is there a plan in place to deal with the event?

14
Unauthorised Access
  • unauthorised use of your corporate systems
  • Theft, unauthorised changes, deletion, and
    unauthorised distribution
  • Issue of Data Security and Integrity
  • Many ways these are carried out
  • user error, ex-employees whose passwords are
    still active, Hackers etc.
  • Impact
  • From Minor embarassment to multi-million
    losses affecting many people

15
Unauthorised access 2
  • What do you do to limit unauthorised access?
  • Have you got effective password management?
  • Do users know never to give their passwords out
    to anyone?
  • How well does your IDS work?
  • Have you investigated encryption?
  • You have a financial audit annually when was
    the last time you had a IT security audit?

16
Abuse of the Systems
  • Generally internal to the organisation
  • Physical world my guys having a long break
  • Virtual world Use of IT resources for personal
    use (lara croft manuals)
  • SPAM
  • Unsolicited email sent to people without their
    consent
  • Mail relay
  • Use of your bandwidth to send mails (SPAM)

17
Abuse of the Systems (2)
  • Why is this an issue?
  • TIME
  • Cost of SPAM to a 100 user organisation will
    exceed US 5,000 per year.
  • Use of resources paid for by the organisation
  • Loss of business
  • Do you have an appropriate use policy?
  • For example no personal use of email during the
    working day? No XXX material!Company policy on
    not sending out SPAM mail?

18
Malicious Code
  • Software designed to cause losses/ damage?
  • Some written by employees (fraud/ revenge)
  • More publicity Worms and Trojans
  • Blaster Worm takes advantage of error in s/w
    code to spread to many computers and then launch
    a coordinated attack on MS Windows update site
  • Nachi worm designed to clean the Blaster worm
    then delete itself on 1/1/2004
  • Klez around since April but still prevalent and
    exploits weakness in IE 5 and 5.5 without SP.
    Mails itself to people on the mailing list

19
Malicious Code (2)
  • How do you guard?
  • Employee designed S/W Difficult but needs an
    effective authorisation procedure
  • Worms make sure AV is always uptodate and
    ensure all latest patches are installed
  • Massive task given the number of patches being
    released
  • Are you protecting all the different entry points?

20
Digital Risks
  • Viruses
  • Denial of Service
  • Unauthorised access
  • Abuse of the systems
  • Malicious code

21
Some other issues
  • IT Staff are probably stretched fighting fires
  • Range of skills unavailable impossible to be
    good at everything
  • Intrusion Detection Systems generating so many
    alerts impossible to tell actual threats from
    background noise
  • Lack of management support I dont want to know
    your problems just fix it

22
Recap
  • Raise awareness that IT Security is
  • an important business issue,
  • deserves the attention of the organisational
    leadership AND
  • must be part of an overall risk management
    strategy for the organisation

23
The risks are known
  • Your choice to act or ignore

24
ACT
  • Identify your IT assets and determine their value
  • Identify the risks and determine the likelihood
    of the risk
  • Formulate a policy to manage the risks
  • Train the users in implementing the policy
  • Use a firm that can help you design an effective
    risk management strategy

25
Questions?
  • Contact
  • Vipul Shah
  • Tel 2133040 or 0741 784 786
  • Email vipul_at_pcsolutions.co.tz
  • Mtendeni Street, DSM
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Enterprise IT Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!