Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Content Security For The Next Decade

    Încărcat de

    quocirca
    21 vizualizări33 pagini
    Content security for the next decade Is your organisation ready to weather the storm? 0% Finance Utility Telecomms and Media Public Sector Retail Industrial Healthcare Contractors Partners Suppliers Customers use of laptops Number of employees use of mobile devices Number of employees Employee use of mobiles to access IT 1,200 European and US small and mid-sized businesses, 2006.

    Descriere originală:

    Titlu original

    Content security for the next decade

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Content security for the next decade Is your organisation ready to weather the storm? 0% Finance Utility Telecomms and Media Public Sector Retail Industrial Healthcare Contractors Partners Suppliers Customers use of laptops Number of employees use of mobile devices Number of employees Employee use of mobiles to access IT 1,200 European and US small and mid-sized businesses, 2006.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    21 vizualizări33 pagini

    Content Security For The Next Decade

    Încărcat de

    quocirca
    Content security for the next decade Is your organisation ready to weather the storm? 0% Finance Utility Telecomms and Media Public Sector Retail Industrial Healthcare Contractors Partners Suppliers Customers use of laptops Number of employees use of mobile devices Number of employees Employee use of mobiles to access IT 1,200 European and US small and mid-sized businesses, 2006.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 33

    Content security for the next decade

    Is your organisation ready to weather the storm?

    Bob Tarzey,
    Service Director
    Quocirca Ltd

    Security seminar –
    Nov 11th 2008
    Agenda

     The need for content security


     The risk landscape
     Security policy for the business
     Technology - problem and solution

    © 2008 Quocirca Ltd 2


    Agenda

     The need for content security


     The risk landscape
     Security policy for the business
     Technology - problem and solution

    © 2008 Quocirca Ltd 3


    Percentage saying external users are
    provided access to internal systems
    0% 20% 40% 60% 80%

    Finance
    Utility
    Telecomms and Media
    Public Sector
    Retail
    Industrial
    Healthcare
    Contractors Partners Suppliers Customers

    Source, Quocirca, The Distributed Business Index, March 2008

    © 2008 Quocirca Ltd 4


    Use of laptops

    Number of employees

    Percentage of laptops

    1,200 European and US small and mid-sized businesses, 2006


    Use of mobile devices

    Number of employees

    Employee use of mobiles to access IT

    1,200 European and US small and mid-sized businesses, 2006


    © 2008 Quocirca Ltd 6
    Not a new problem

    1980s
    Print and fax

    FTP

    Corporate IT Firewall
    Email

    Web

    IM

    Blogs, wikis, RSS

    Social networks/
    virtual worlds

    2008
    Data, information or content

    Content generators

    Create data
    and
    information

    © 2008 Quocirca Ltd 8


    Agenda

     The need for content security


     The risk landscape
     Security policy for the business
     Technology - problem and solution

    © 2008 Quocirca Ltd 9


    Nationwide – just a laptop theft?

    FSA fine: £980K

    © 2008 Quocirca Ltd 10


    Cost of data breach

    Direct Indirect

    Theft Reputation
    Fines Customer loss
    Disclosure Share price

    © 2008 Quocirca Ltd 11


    Compliance and disclosure

    Government and EU regulations Industry regulations

    US and other non-EU regulations Miscellaneous


    Non-Disclosure
    Agreement
    Software Licence
    Agreement
    © 2008 Quocirca Ltd 12
    The main sources of data leaks

    External – Malware –
    Internal
    spyware, phishing,
    Employee carelessness/stupidity
    Pharming etc.
    Broken business processes
    Poor policy

    External –
    Hackers
    Internal – Employee malice
    © 2008 Quocirca Ltd 13
    Causes of leaks – mostly internal

    Employee oversight

    Poor business process

    Manager approved

    Malicious

    Other

    Source, Symantec, Risk


    Assessment Findings, 2008

    © 2008 Quocirca Ltd 14


    Do employees implement back door solutions for
    IM, VoIP, web conferencing etc.

    0% 10% 20% 30% 40%

    Definitely

    Probably

    Possibly

    No

    Don't know

    Source, Superhighway at the Crossroads –Quocirca, September 2008


    © 2008 Quocirca Ltd 15
    Use of Web 2.0 technologies in businesses

    Heavily
    Moderately
    Sparingly
    Not at all

    Source, Quocirca, Why


    Application Security is
    © 2008 Quocirca Ltd Crucial, March 2008 16
    Policies and technologies for Limiting or
    blocking use

    Yes

    Working on creating
    them
    No

    Source, Quocirca, Why


    Application Security is
    Crucial, March 2008
    © 2008 Quocirca Ltd 17
    Internal threat - malice

    Money

    Coercion

    Ideology

    Oct 2005
    © 2008 Quocirca Ltd 18
    Ignoring the internal threat

    Desire
    to trust
    Provide
    access Weak
    policy
    Deny
    Avoid bad
    press

    © 2008 Quocirca Ltd 19


    Number of organisations worldwide targeted by
    phishing attacks by month (March 2006 to June 2008)

    Source, MarkMonitor – October 2008


    © 2008 Quocirca Ltd 20
    Hacking

    © 2008 Quocirca Ltd 21


    Agenda

     The need for content security


     The risk landscape
     Security policy for the business
     Technology - problem and solution

    © 2008 Quocirca Ltd 22


    The need for policy

    Policy should:
    1. Aim to prevent breaches
    2. Detail how breaches are handled
    3. Be reviewed date in light off
    • New technology
    • New legislation
    • New business processes

    © 2008 Quocirca Ltd 23


    Aim of policy

    To define how people


    (internal and external)

    Handle content

    © 2008 Quocirca Ltd 24


    Standard starting points

    ISO 27001

    © 2008 Quocirca Ltd 25


    Agenda

     The need for content security


     The risk landscape
     Security policy for the business
     Technology - problem and solution

    © 2008 Quocirca Ltd 26


    Consequences for IT security

    Security

    People

    Content

    Servers and end points

    Network
    Time
    © 2008 Quocirca Ltd 27
    The encryption conundrum

    The right data needs to easy to share, with


    the right people and at the right time

    © 2008 Quocirca Ltd 28


    Managing end-points

    User access devices USB Mania

    © 2008 Quocirca Ltd 29


    End of life

    © 2008 Quocirca Ltd 30


    DLP – data leak prevention

    Print Blogs

    USB SMTP
    Policy
    FTP Web 2.0

    Web Mail HTTP

    © 2008 Quocirca Ltd 31


    Conclusion

    The imperative for content security


    • Aim to enable open communications
    • Recognise threats of poor content
    security
    • Clear policy for communications and
    content security
    • Technology to enforce in the context of
    a given business’s requirements

    © 2008 Quocirca Ltd 32


    Conclusions

    Thanks, this presentation will be available on


    www.quocirca.com

    Thank you
    Bob Tarzey
    Quocirca
    www.quocirca.com

    © 2008 Quocirca Ltd 33

    S-ar putea să vă placă și