Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.

Published byValentine Hodges Modified over 9 years ago

Similar presentations

Presentation on theme: "INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007."— Presentation transcript:

1 INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007

2 Boundaries between personal and business computing have become difficult to define because everyone and everything is becoming linked. In order to survive, enterprises must manage the new risks this environment creates.

3 SIGNIFICANT CHALLENGES SIGNIFICANT CHALLENGES The enormous quantity of information assets in most organisations. The enormous quantity of information assets in most organisations. Assets' inherent vulnerabilities and the potential threats to their confidentiality, integrity, and availability. Assets' inherent vulnerabilities and the potential threats to their confidentiality, integrity, and availability. Rapid adoption of new devices and methods of use inside and outside the enterprise Rapid adoption of new devices and methods of use inside and outside the enterprise

4 SIGNIFICANT CHALLENGES SIGNIFICANT CHALLENGES A variety of co-workers, with inconsistent attitudes to information security, working together and sharing information A variety of co-workers, with inconsistent attitudes to information security, working together and sharing information The many requirements for information security, including legal and regulatory, marketplace requirements from customers and partners, and corporate governance. The many requirements for information security, including legal and regulatory, marketplace requirements from customers and partners, and corporate governance.

5 COMMON THREATS COMMON THREATS Lost or stolen laptop computers (over 600,000 per year in the US, of which 97% are not recovered) Lost or stolen laptop computers (over 600,000 per year in the US, of which 97% are not recovered) Lost or stolen PDAs (current estimate is double the number of lost or stolen laptop computers) Lost or stolen PDAs (current estimate is double the number of lost or stolen laptop computers) Lost or stolen USB flash memory devices (millions lost with no protection of the stored data) Lost or stolen USB flash memory devices (millions lost with no protection of the stored data)

6 LACK OF SKILLS IS A SIGNIFICANT PROBLEM LACK OF SKILLS IS A SIGNIFICANT PROBLEM According to recent research, while 87 percent of organizations are confident that they can deal with viruses, spam and malware, only 35 percent feel they are able to deal with the prospect of lost data. Kace Research Study – May 2007

7 INFORMATION SECURITY – KEY MOTIVATORS Realization that corporate knowledge is a high value information asset that is worth protecting Realization that corporate knowledge is a high value information asset that is worth protecting Acceptance at boardroom level that protection of information assets is a corporate responsibility Acceptance at boardroom level that protection of information assets is a corporate responsibility Action at boardroom level to implement information security initiatives Action at boardroom level to implement information security initiatives

8 NON-TECHNICAL TREND IN 2007 Induction process for new employees that communicates policy in clear non-technical language that is understood Induction process for new employees that communicates policy in clear non-technical language that is understood Ongoing education programs to create and maintain a culture of respect for information and the need to protect it Ongoing education programs to create and maintain a culture of respect for information and the need to protect it

9 TECHNICAL TREND IN 2007 New and emerging technologies that protect data without choking productivity, inside and outside the enterprise New and emerging technologies that protect data without choking productivity, inside and outside the enterprise Security is becoming embedded in the infrastructure Security is becoming embedded in the infrastructure Convergence of disk encryption, removable media encryption, end point security, data loss protection, document content security and digital rights management into a suite of compatible modules Convergence of disk encryption, removable media encryption, end point security, data loss protection, document content security and digital rights management into a suite of compatible modules

10 SOME PRACTICAL CONSIDERATIONS “One size fits all” usually fails to meet the varying needs of enterprise employees “One size fits all” usually fails to meet the varying needs of enterprise employees Granular approach to policy enforcement allows flexibility Granular approach to policy enforcement allows flexibility Implementation must reflect levels of trust and encourage staff productivity Implementation must reflect levels of trust and encourage staff productivity Greater tracking and auditing of incoming data and outgoing data creates reports that are meaningful for fine tuning of security policies Greater tracking and auditing of incoming data and outgoing data creates reports that are meaningful for fine tuning of security policies

11 ENGAGING WITH VENDORS Select “mix and match” modules from one or more vendors, based on your priorities, to ensure you get what you want, when you want it, using your available technical resources

12 THE TASKS FOR ASSOCIATIONS THE TASKS FOR ASSOCIATIONS Establish security policies that can be enforced Establish security policies that can be enforced Guard information assets and protect data integrity Guard information assets and protect data integrity Audit and review all processes and procedures Audit and review all processes and procedures Educate staff with an ongoing program that reinforces the value of information security Educate staff with an ongoing program that reinforces the value of information security Maintain and develop a culture of security as a practical example to members and others who engage with or interact with the association Maintain and develop a culture of security as a practical example to members and others who engage with or interact with the association

13 FURTHER INFORMATION CHRISTOPHER JOSCELYNE chris@apro.com.au SafeKnowledge ® AUSTRALIAN PROJECTS

Download ppt "INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007."

Similar presentations

Innovation or Necessity? ISM 158 By: Sepehr Saeb.

Innovation or Necessity? ISM 158 By: Sepehr Saeb.
Working for Warwickshire – Competency Framework

Working for Warwickshire – Competency Framework
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Recognising the Risks of Cyber Threats Across the Organisation John Thornton Secretary to the Digital Government Security Forum.

Recognising the Risks of Cyber Threats Across the Organisation John Thornton Secretary to the Digital Government Security Forum.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
 DB&A, 2002-2012 Knowledge Management Within and Across Projects June 15, 2012 INNOVATION for a better world.

 DB&A, Knowledge Management Within and Across Projects June 15, 2012 INNOVATION for a better world.
The purpose of this Unit is to enable individuals to develop the key principles, values and attitude which are central to high quality care practice Key.

The purpose of this Unit is to enable individuals to develop the key principles, values and attitude which are central to high quality care practice Key.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Understanding Boards Building Connections: Community Leadership Program.

Understanding Boards Building Connections: Community Leadership Program.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.

Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.
Challenge Questions How good is our strategic leadership?

Challenge Questions How good is our strategic leadership?
Third Annual Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey Commissioned by ISACA (www.isaca.org) November 2010.

Third Annual Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey Commissioned by ISACA ( November 2010.
Introduction to Network Defense

Introduction to Network Defense
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.

Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Copyright Security-Assessment.com 2004 New Technology Enforcement Strategies by Peter Benson.

Copyright Security-Assessment.com 2004 New Technology Enforcement Strategies by Peter Benson.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google