Embed Size (px)
Citation preview
Security and Control
Soetam Rizky
Why Systems Are Vulnerable ?
Vulnerability• Citigroup: Customer losses from hack attack reaches $2.7M – 2011• Hacked in April to June 2011, Sony reportedly lost almost $171 million• Money stolen from the hacked business accounts was used by a group
related to Al Qaeda to fund terrorist attacks in Asia. According to reports, refunding costumers cost AT&T almost $2 million.
• $1 million was stolen from stock brokerages Fidelity Investments, Scottrade, E*Trade, and Charles Schwab. The rest of the money was taken from fraudulent tax refunds, with the stolen identities of more than 300 people.
• News Corporation made a loss of $1.6bn (£1.2bn) in the last quarter as it absorbed $2.8bn in charges related to a plan to spin off its ailing publishing businesses.
Vulnerability
By People ?
By Accident ?
Before we continue…..• Suppose you’re a CEO which policy
would you choose :–Very strict–Moderate–Full of freedom
That’s why We Need Security & Control
Inadequate security and control may create serious legal liability.
Businesses must protect not only their own information assets but also those of customers, employees, and business partners. Failure to do so can lead to costly litigation for data exposure or theft.
A sound security and control framework that protects business information assets can thus produce a high return on investment.
Security Aspects for Management
Electronic Records Management• Policies, procedures
and tools for managing the retention, destruction, and storage of electronic records
Electronic Evidence• Computer data stored
on disks and drives, e-mail, instant messages, and e-commerce transactions
Computer Forensics• Scientific collection,
examination, authentication, preservation, and analysis of computer data for use as evidence in a court of law
Security Aspects for Management
Risk Assessment• Determines the
level of risk to the firm if a specific activity or process is not properly controlled
Acceptable Use Policy (AUP)
Authorization policies
Identifying acceptable
security goals
Quick Summary
Security aspects for
management
Security is important
Security Authorization
Assess the risk control
Before we continue……
Suppose that your company involve in serious fraud, and you got the electronic evidence, what would you do ?
Security Ensuring Business Continuity
Downtime: Period of time in which a system is not operational
Fault-tolerant computer systems: Redundant hardware, software, and power supply components to provide continuous, uninterrupted service
High-availability computing: Designing to maximize application and system availability
Security Ensuring Business Continuity
Load balancing: Distributes access requests across multiple servers
Mirroring: Backup server that duplicates processes on primary server
Recovery-oriented computing: Designing computing systems to recover more rapidly from mishaps
Security Ensuring Business Continuity
Disaster recovery planning: Plans for restoration of computing and communications disrupted by an event such as an earthquake, flood, or terrorist attack
Business continuity planning: Plans for handling mission-critical functions if systems go down
Quick Summary
Ensuring Business
Continuity
Fault tolerant high availability,
downtime
Recovery oriented Load
balancing, mirroring
Disaster Recovery Planning
Before we continue……
As customer, can you mention which company is really care about ensuring business continuity ?
Before we continue……
What is the real disaster for digital firm ?
Opportunities & ChallengesCreation of secure, reliable Web sites and
systems that can support e-commerce and e-business strategies
Designing systems that are neither overcontrolled nor undercontrolled
Implementing an effective security policy
Questions /Comments ?
