Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 PCE Systems Ltd IT Systems Integrity Chris Nabavi BSc SMIEEE.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 PCE Systems Ltd IT Systems Integrity Chris Nabavi BSc SMIEEE."— Presentation transcript:

1 © 2006 PCE Systems Ltd IT Systems Integrity Chris Nabavi BSc SMIEEE

2 © 2006 PCE Systems Ltd  Have you ever stopped to consider what would happen if, through theft, hacking, fire, flood etc. you lost: –Your communications (web & email) –Your trade secrets and employee records –Your accounts, payroll and designs –Your ability to process orders –In fact - all computer facilities? You’d use paper? You’d use paper? IT Systems are Mission Critical

3 © 2006 PCE Systems Ltd The Consequences  Direct Loss –Loss of hardware & data by fire, theft etc.  Indirect Loss –Sales, goodwill, competitive advantage  Productivity Loss –Data corruption, staff time, general chaos  Legal Exposure –Contracts, slander, illegal use, director liability

4 © 2006 PCE Systems Ltd  Has a web-site where users of a drug register  Sends reminder to take drugs when due  Inadvertently shows all email addresses  Compensation claim for breach of privacy  Regulatory fines  Damage to brand  Loss of confidence = Huge Financial Loss = Huge Financial Loss A Pharmaceutical Company

5 © 2006 PCE Systems Ltd The Cost to British Business  44% of businesses suffered at least 1 security breach in past year  Average cost of an incident is £30,000 Source: Information Security Breaches Survey 2002 by DTI & PWC £1,800,000,000 Computer related disasters cost the UK £1,800,000,000 per year Source: NCC

6 © 2006 PCE Systems Ltd Sobering Statistics  43% of companies that suffer a major loss of data go out of business as a direct consequence Source: McGladrey & Pullen  90% of those without a contingency plan do not survive 1 year Source: Touche Roche

7 © 2006 PCE Systems Ltd Disaster Recovery Plan  Many large American corporations suffered terrible losses of both staff and facilities in the attack on September 11 th 2001  Some went out of business  Others had a disaster recovery plan  These ones survived

8 © 2006 PCE Systems Ltd But, Its Not Just the Big Boys!  SME’s usually have: –Fewer resources –Everything in one location –Less up-to-date systems …. And …. –No security, no training, no content filtering, no back-ups, no archives, no usage rules, no back-ups, no archives, no usage rules, no firewalls and no spare cash to buy time no firewalls and no spare cash to buy time  Don’t wait for a disaster before acting

9 © 2006 PCE Systems Ltd Disaster Recovery Plan  Assess the risks  Minimise / avoid them where possible  Keep copies of vital data off-site  Develop series of realistic recovery steps  Test the plan  Check your insurance cover –Standard cover often excludes data loss etc.

10 © 2006 PCE Systems Ltd Reduce the Risks  Educate staff about the risks  Introduce an “acceptable use policy”  Limit access on a “business need basis”  Install suitable technology & updates  Ensure compliance with legislation  Re-assess the risks regularly

11 © 2006 PCE Systems Ltd Employee Issues  Acceptable use policy: –Define what employees may and may not do  Train employees on security awareness –Downloading software, passwords etc.  Limit access and install content filtering  Warning: 80% of IT intrusions are perpetrated from inside the company

12 © 2006 PCE Systems Ltd  Internal email between two employees suggests competitor is financially unstable  Visitor to office reads email on screen  Notifies third party of what he saw  Third party sues for slander  Settled for £450,000 plus costs The Danger of Emails

13 © 2006 PCE Systems Ltd Back-ups  Make back-ups regularly & store off site  Back up data, software & configurations  Run a documented media rotation and back-up / archiving scheme  Test the back-up mechanism, since half of them don’t actually work!  Warning: 2% of disasters are caused by tests with faulty back-ups!

14 © 2006 PCE Systems Ltd Beware Wireless LAN’s  63% of wireless LAN’s are left on their default settings with no encryption –So anybody parked outside has access –Set up wireless LAN’S properly before use

15 © 2006 PCE Systems Ltd Anti-virus  Install anti-virus software on all PC’s  Keep virus definitions up-to-date  Set PC’s to do regular automatic scans  Ban downloading of software from the Internet, floppies or memory sticks No dancing Father Christmases this year No games or unauthorised software

16 © 2006 PCE Systems Ltd  Use a reputable stand-alone firewall  Block all protocols not actually needed  Ensure employees cannot bypass firewall  Test the firewall with a mock attack Firewall

17 © 2006 PCE Systems Ltd And Finally...  If you don’t have the expertise or time in-house, talk to us and we will arrange for an expert to sort it out for you. Alternatively, keep your fingers crossed!

Download ppt "© 2006 PCE Systems Ltd IT Systems Integrity Chris Nabavi BSc SMIEEE."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Protecting ICT Systems

Protecting ICT Systems
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
General Awareness Training

General Awareness Training

Similar presentations

Ads by Google