Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Zero to 60 in 10 Years Howard Muffler, Information Security Officer Joseph Progar, Information Security Analyst Embry-Riddle Aeronautical.

Published byEmerald Strickland Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security Zero to 60 in 10 Years Howard Muffler, Information Security Officer Joseph Progar, Information Security Analyst Embry-Riddle Aeronautical."— Presentation transcript:

1 Information Security Zero to 60 in 10 Years Howard Muffler, Information Security Officer Joseph Progar, Information Security Analyst Embry-Riddle Aeronautical University

2 BUSINESS IMPERATIVES

3 Past: Business Imperatives Create a “Web Presence” –Convey information –Market to current and prospective customers Expand research capabilities Explore new markets – local to global –Reach a wider audience –Defend against competitors Enhance student life

4 Past: Business Imperatives Develop online classes and classrooms Transition IT from service provider to business driver Security imperatives growing as well: –Pay more attention to information protection! –Recognize the Internet as a dangerous place

5 Present: Business Imperatives Internet = Requisite business tool –Anytime Anywhere –Empower constituents More Self-Services More communication and collaboration –Continue to innovate – expand markets further –Think like an entrepreneur – act like a business

6 Present: Business Imperatives Security is a bigger concern than ever –Don’t end up “In the News” (involuntarily) –Understand risks; mitigate vulnerabilities –Formalize security responsibility and functions –Ensure legal and regulatory compliance

7 Future: Business Imperatives Continue expansion in global markets Deliver product anytime and anywhere Expand brand recognition Concentrate on niche competencies

8 Future: Business Imperatives Security will continue to be critical –Imbed awareness into organization culture –Provide security which doesn’t conflict with education, productivity, & job responsibilities –Preserve constituent privacy –Ensure continued legal and regulatory compliance

9 ATTACKS

10 Past: Attackers and their Motives Attacker Researchers Teenagers Motivation Proof of Concept Fame / Infamy

11 Past: Common Attacks Viruses Worms Trojans DOS Web defacement Scanning Sniffing

12 Present: Attackers and their Motives Attacker Well educated individuals Organized crime Motivation Money Power

13 Present: Common Attacks Viruses, Worms, Trojans –Root Kits –Bot Nets –Key loggers DDOS Phishing

14 Future: Attackers and their Motives Attacker Well educated criminals Ideologies and Businesses Motives Money Politics

15 Future: Common attacks Viruses, Worms, Trojans –Bot Nets –Blended threats Encryption –Holding data hostage

16 NETWORK

17 Past: Network

18 Present: Network

19 HOST Anti-VirusHIDSPolicy SERVER Anti-VirusLoggingPolicy Network NetflowIDSIPSACLs Present: Network Defense in Depth

20 Future: Network

21 ERAU SECURITY RESPONSE

22 Past: Security Response Moving away from Laissez Faire (B.I.) Early safeguards mostly afterthoughts Focused on virus protection and basic network security (perimeter protection) Equipment misuse > info protection SPAM threat not yet fully appreciated Y2K = Resource hog

23 Past: Security Response Higher Ed = Prime hacker target (why?) “Selling” security to upper management Growing appreciation of “Insider” threat Virus concerns = “Trio of Trouble” Plus Stronger efforts re: Regulatory compliance

24 Present: Security Response Formalization of security responsibilities Creation of formal polices and procedures Creation/expansion of education and awareness programs IT leadership in incident response First formal Risk Assessment study

25 Future: Security Response Continue to view security holistically Expand policies and procedures (ISO) Address new “compliance hammers” Formalize incident response – Not just IT Repeat Risk Analysis regularly Implement security measures which don’t just target specific vulnerabilities (adaptive, heuristic)

26 Five Steps to an Effective Information Security Program 1.Get Upper Management Support 2.Start Small 3.Adopt a Multilayered Approach 4.Keep Security Flexible 5.Improve Continuously

27 Thank You! Q & A

Download ppt "Information Security Zero to 60 in 10 Years Howard Muffler, Information Security Officer Joseph Progar, Information Security Analyst Embry-Riddle Aeronautical."

Similar presentations

Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
From Local to Regional to Global Player:

From Local to Regional to Global Player:
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
THE RIGHT TECHNOLOGY IN INVESTOR RELATIONS: WHAT TO DO ONLINE? THOMSON REUTERS Alex Ménage Head of Business Development Corporate Services Rapidly Developing.

THE RIGHT TECHNOLOGY IN INVESTOR RELATIONS: WHAT TO DO ONLINE? THOMSON REUTERS Alex Ménage Head of Business Development Corporate Services Rapidly Developing.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
E-mail Protection Through Software and Services James Hamilton General Manager Microsoft Corporation.

Protection Through Software and Services James Hamilton General Manager Microsoft Corporation.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Similar presentations

Ads by Google