© 2006 PCE Systems Ltd IT Systems Integrity Chris Nabavi BSc SMIEEE.

Slides:

Advertisements

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Security+ Guide to Network Security Fundamentals

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Why Comply with PCI Security Standards?

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

New Data Regulation Law 201 CMR TJX Video.

Information Security Information Technology and Computing Services Information Technology and Computing Services

Protecting ICT Systems

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

General Awareness Training

Information Security OECD, April 2001 International Computing Centre Managing Information Security Ed Gelbstein, International Computing Centre, Geneva.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

PCI: As complicated as it sounds? Gerry Lawrence CTO

GCSE ICT Viruses, Security & Hacking. Introduction to Viruses – what is a virus? Computer virus definition - Malicious code of computer programming How.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Security and backups GCSE ICT.

Module 7. Data Backups  Definitions: Protection vs. Backups vs. Archiving  Why plan for and execute data backups?  Considerations  Issues/Concerns.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Protecting Your Business Against the Unthinkable SBA Houston, August 2, 2006 Mark Piening Sr. Director Worldwide SMB Marketing.

Information Systems Security Operational Control for Information Security.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.

Protecting Your Business! SBA Ft. Lauderdale November 15, 2006 Gregory Levine, Sr. Director Marketing.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.

Note1 (Admi1) Overview of administering security.

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

Small Business Security Keith Slagle April 24, 2007.

Computer security By Isabelle Cooper.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.

By Liam Wright Manga comic group Japan SAFETY on your computer.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.

A2 LEVEL ICT 13.6 LEGAL ASPECTS DISASTER RECOVERY.

Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Armenia Twinning 2011 Component F – Information Society, 2 – 6 May DEVELOPMENT OF INFORMATION SOCIETY STATISTICS IN LITHUANIA SURVEY ON.

Learning Intention Security of Information. Why protect files? To prevent unauthorised access to confidential information To prevent virus/corruption.

Computer Security Sample security policy Dr Alexei Vernitski.

BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 7 EMPLOYMENT CONTRACTS & CODES OF CONDUCT.

10 things you can do today to reduce your security risk.

Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.

Welcome to the ICT Department Unit 3_5 Security Policies.

E&O Risk Management: Meeting the Challenge of Change

Current ‘Hot Topics’ in Information Security Governance Auditing

Lecture 14: Business Information Systems - ICT Security

Unit 7 – Organisational Systems Security

Planning and Security Policies

WJEC GCSE Computer Science

Presentation transcript:

© 2006 PCE Systems Ltd IT Systems Integrity Chris Nabavi BSc SMIEEE

© 2006 PCE Systems Ltd  Have you ever stopped to consider what would happen if, through theft, hacking, fire, flood etc. you lost: –Your communications (web & ) –Your trade secrets and employee records –Your accounts, payroll and designs –Your ability to process orders –In fact - all computer facilities? You’d use paper? You’d use paper? IT Systems are Mission Critical

© 2006 PCE Systems Ltd The Consequences  Direct Loss –Loss of hardware & data by fire, theft etc.  Indirect Loss –Sales, goodwill, competitive advantage  Productivity Loss –Data corruption, staff time, general chaos  Legal Exposure –Contracts, slander, illegal use, director liability

© 2006 PCE Systems Ltd  Has a web-site where users of a drug register  Sends reminder to take drugs when due  Inadvertently shows all addresses  Compensation claim for breach of privacy  Regulatory fines  Damage to brand  Loss of confidence = Huge Financial Loss = Huge Financial Loss A Pharmaceutical Company

© 2006 PCE Systems Ltd The Cost to British Business  44% of businesses suffered at least 1 security breach in past year  Average cost of an incident is £30,000 Source: Information Security Breaches Survey 2002 by DTI & PWC £1,800,000,000 Computer related disasters cost the UK £1,800,000,000 per year Source: NCC

© 2006 PCE Systems Ltd Sobering Statistics  43% of companies that suffer a major loss of data go out of business as a direct consequence Source: McGladrey & Pullen  90% of those without a contingency plan do not survive 1 year Source: Touche Roche

© 2006 PCE Systems Ltd Disaster Recovery Plan  Many large American corporations suffered terrible losses of both staff and facilities in the attack on September 11 th 2001  Some went out of business  Others had a disaster recovery plan  These ones survived

© 2006 PCE Systems Ltd But, Its Not Just the Big Boys!  SME’s usually have: –Fewer resources –Everything in one location –Less up-to-date systems …. And …. –No security, no training, no content filtering, no back-ups, no archives, no usage rules, no back-ups, no archives, no usage rules, no firewalls and no spare cash to buy time no firewalls and no spare cash to buy time  Don’t wait for a disaster before acting

© 2006 PCE Systems Ltd Disaster Recovery Plan  Assess the risks  Minimise / avoid them where possible  Keep copies of vital data off-site  Develop series of realistic recovery steps  Test the plan  Check your insurance cover –Standard cover often excludes data loss etc.

© 2006 PCE Systems Ltd Reduce the Risks  Educate staff about the risks  Introduce an “acceptable use policy”  Limit access on a “business need basis”  Install suitable technology & updates  Ensure compliance with legislation  Re-assess the risks regularly

© 2006 PCE Systems Ltd Employee Issues  Acceptable use policy: –Define what employees may and may not do  Train employees on security awareness –Downloading software, passwords etc.  Limit access and install content filtering  Warning: 80% of IT intrusions are perpetrated from inside the company

© 2006 PCE Systems Ltd  Internal between two employees suggests competitor is financially unstable  Visitor to office reads on screen  Notifies third party of what he saw  Third party sues for slander  Settled for £450,000 plus costs The Danger of s

© 2006 PCE Systems Ltd Back-ups  Make back-ups regularly & store off site  Back up data, software & configurations  Run a documented media rotation and back-up / archiving scheme  Test the back-up mechanism, since half of them don’t actually work!  Warning: 2% of disasters are caused by tests with faulty back-ups!

© 2006 PCE Systems Ltd Beware Wireless LAN’s  63% of wireless LAN’s are left on their default settings with no encryption –So anybody parked outside has access –Set up wireless LAN’S properly before use

© 2006 PCE Systems Ltd Anti-virus  Install anti-virus software on all PC’s  Keep virus definitions up-to-date  Set PC’s to do regular automatic scans  Ban downloading of software from the Internet, floppies or memory sticks No dancing Father Christmases this year No games or unauthorised software

© 2006 PCE Systems Ltd  Use a reputable stand-alone firewall  Block all protocols not actually needed  Ensure employees cannot bypass firewall  Test the firewall with a mock attack Firewall

© 2006 PCE Systems Ltd And Finally...  If you don’t have the expertise or time in-house, talk to us and we will arrange for an expert to sort it out for you. Alternatively, keep your fingers crossed!