Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The 28 th Annual International Computer Software and Applications Conference COMPSAC 2004 Hong Kong September 28, 2004 10:30 am – 12:00 noon Session.

Published byAnnabelle Sparks Modified over 8 years ago

Similar presentations

Presentation on theme: "1 The 28 th Annual International Computer Software and Applications Conference COMPSAC 2004 Hong Kong September 28, 2004 10:30 am – 12:00 noon Session."— Presentation transcript:

1 1 The 28 th Annual International Computer Software and Applications Conference COMPSAC 2004 Hong Kong September 28, 2004 10:30 am – 12:00 noon Session 4: Panel On Risk Management And Dependability - What Are The Key Factors ? Risk Management of Corporate Confidential Information in Digital Form Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science The University of Hong Kong

2 2 1. Introduction  Electronic commerce becomes increasingly popular More information stored in electronic form Problem: management of electronic data Evaluate risk of leaking confidential information  Common Risk Management Equation: r ≈ p x s r = risk exposure in terms of impacts or costs p = probability of exposure s = size of loss due to exposure

3 3 Firewall setup loopholes Bugs in commercial software systems Bugs in in-house software Problems in outsourced systems Management of desktop computers for employees Management of notebook computers for staff traveling overseas Management of used floppies, CD-ROMs, etc Management of removable storage devises (e.g. USB thumb disks) Management of e-mail storage 2.Analyzing the Probability of Exposure  Probability of losing confidential e-data depends on the information infrastructure of the company  Common information infrastructure weak points:  Major Objective: to minimize the probability of exposure

4 4 3. Analyzing the Size of Loss  Events that may occur when confidential data are lost: Trade secrets of the company are stolen by competitors (e.g. proposal to bid for a project) Customers information is stolen and disclosed on web site (may lead to lowering of customer loyalty) Passwords for customer user accounts are cracked Passwords for system administer accounts are cracked Transaction records are removed (thus unable to collect revenues) System logs are deleted  Size of Loss depends on: Diversity of events Company’s information infrastructure weak points Nature of company (bank vs florist shop)  To simplify the analysis: Different levels of confidentiality (or importance) serve as indictors about the Size of Loss

5 5 Types of Attack or Misuse Detected in the Last 12 Months (by percent)

6 6 Types of Attack or Misuse in Organizations Reporting Financial Loss (by number)

7 7 Dollar Amount of Losses by Type

8 8 4. Conclusion  The discussion is far from complete For example, if: The penalty for committing e-crimes is heavier, the risk exposure will be reduced then: Would “severity of penalty” be a risk factor ? then: Would “Modification of the Equation” be needed ?  Common Risk Management Equation: r ≈ p x s

9 9 Panel On Risk Management And Dependability - What Are The Key Factors ? END

Download ppt "1 The 28 th Annual International Computer Software and Applications Conference COMPSAC 2004 Hong Kong September 28, 2004 10:30 am – 12:00 noon Session."

Similar presentations

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Threats to privacy in the forensic analysis of database systems Patrick Stahlberg, Gerome Miklau, and Brian Neil Levine Department of Computer Science.

Threats to privacy in the forensic analysis of database systems Patrick Stahlberg, Gerome Miklau, and Brian Neil Levine Department of Computer Science.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
There are different threats and impacts that affect an organisation. Threats are things that the organisation will get attacked by so for example viruses.

There are different threats and impacts that affect an organisation. Threats are things that the organisation will get attacked by so for example viruses.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
E-banking.

E-banking.
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.

File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Privacy Data Loss An Operational Risk Approach Michael Aiello Polytechnic University FE675 Operational Risk.

Privacy Data Loss An Operational Risk Approach Michael Aiello Polytechnic University FE675 Operational Risk.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Similar presentations

Ads by Google