Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Similar presentations


Presentation on theme: "Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical."— Presentation transcript:

1 Information Security Jim Cusson, CISSP

2 Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical Center 1,500,000 2009-11-19 Health Net 80,000 2009-11-18 Universal American Insurance Recent Breaches 130,000,000 2009-01-20 Heartland Payment Systems 94,000,000 2007-01-17 TJX Companies Inc. 90,000,000 1984-06-01 TRW, Sears Roebuck 76,000,000 2009-10-05 National Archives and Records Administration

3 Cost of a Breach 40,000,000 2005-06-19 CardSystems, Visa, MasterCard, American Express 30,000,000 2004-06-24 America Online 26,500,000 2006-05-22 U.S. Department of Veterans Affairs 25,000,000 2007-11-20 HM Revenue and Customs, TNT 17,000,000 2008-10-06 T-Mobile, Deutsche Telekom 16,000,000 1986-11-01 Canada Revenue Agency Largest Breaches In its study of 43 companies that suffered a data breach last year, the Ponemon Institute found the cost per compromised record in 2008 to be $202 per record

4 Actual Costs Legal, Credit Monitoring, Reputation, Mailings, Stock Price, etc The security breach at TJX Companies Inc. could cost the company $100 per lost record, or a total of $4.5 billion Heartland Breach Cost Company $32 Million So Far (August 2009) According to the Ponemon Institute's study, the Heartland breach will likely be more costly than the theft of data from TJX In 2008 - $6.6 million per incident Costs include the costs of detecting and responding to the loss of data, along with legal and administrative expenses, customer defections and opportunity loss

5 Identity Theft As of November 24, 2009 the total number of breaches reported by the ITRC (Identity Theft Resource Center) is 444 The taking of the victim’s identity to obtain credit, credit cards from banks and retailers, steal money from the victim’s existing accounts, apply for loans, establish accounts with utility companies, rent an apartment, file bankruptcy or obtain a job using the victim’s name Identity theft is "an absolute epidemic”. Increased in the last four or five years. It is nationwide. Affects everybody You can't detect it until it's probably too late.

6 Types Of Breaches Document Disposal – Paper documents improperly disposed Stolen Laptops – Laptop stolen and info retrieved from hard drive Virus – Malicious software, key loggers, etc send info off site Web – Vulnerability in web server exploited Lost Disk Drive – Lost/sold hard drive accessed to retrieve data Hack – Password guessed, system hacked Fraud – Social Engineering, people duped into giving bank accounts Lost Backup Tape – Backup tapes lost/stolen, accessed to retrieve data Internal – Trusted employees steal data and sell it

7 What Is Information Security Information security is the process of protecting information. It protects its confidentiality, integrity and availability. Confidentiality – Ensuring data is accessed only by those who should Integrity – Ensuring data is not modified Availability – Ensuring data is accessible

8 How To Secure Information Network Design Access Control Firewalls Intrusion Detection/Protection Systems Anti-Virus Backups Disaster Recovery/Business Continuity

9 Challenges Cost – Protection is expensive Compliance – GLBA, HIPPA, PCI, SOX Proving Effectiveness – How to show they’re getting value

10 Communication! Communication is huge! Project Teams – Most members don’t know security Management – Often aren’t technical Enforcement – How to tell someone “it’s not secure” Policy – Writing for end users, enforcement


Download ppt "Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical."

Similar presentations


Ads by Google