Documente Academic
Documente Profesional
Documente Cultură
100000 80000
55,100
60000 40000
21,756
20000
6 132 252 406 773 1,334 2,340 2,412 2,573 2,134 3,734 9,859
0 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002
4,129
2,437
Tools
High
Intruder Knowledge
Attack Sophistication
Low
1980
password guessing
1985
1990
150
billion
120 90 60 30 0
Corporate Finances
Attacks are inevitable You can mitigate risk, but not eliminate it. Many Companies are not insured
Legal Liability
US State law already specifies liability Jones-Day review suggests companies must show they are above the mean in cyber security Partners will have to show security for its own sake and to fend off liability
Regulatory/Trade Implications
Intensive Interest in US Congress on Cyber Security Regulatory Proposals are being circulated demanding audits for cyber security Congressional Internet Committee 11/6/03 Should we write cyber security requirements into our future trade agreements?
Sponsors
ISAlliance/CERT Training
Concepts and Trends In Information Security Information Security for Technical Staff OCTAVE Method Training Workshop Overview of Managing Computer Security Incident Response Teams Fundamentals of Incident Handling Advanced Incident Handling for Technical Staff Information Survivability an Executive Perspective
Larry Clinton Operations Officer Internet Security Alliance lclinton@eia.org 703-907-7028 202-236-0001