1 / 17

Total BS Security: Business-based Systems Security

Total BS Security: Business-based Systems Security. Jim Litchko jlitchko@erols.com (703) 528-0334 ext. 310. Presentation. An Approach Business and Holistic Attitudes Ours and Theirs Solutions Case Studies Opinions Mine Questions Anytime. Internet or other. Clients.

alaqua
Download Presentation

Total BS Security: Business-based Systems Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Total BS Security: Business-based Systems Security Jim Litchko jlitchko@erols.com (703) 528-0334 ext. 310

  2. Presentation • An Approach • Business and Holistic • Attitudes • Ours and Theirs • Solutions • Case Studies • Opinions • Mine • Questions • Anytime

  3. Internet or other Clients Partners Typical Evolving Network Corporate System

  4. “Secure Brick” Theory Operations Security Manager Profit Loss Demand Supply

  5. Approach . . . talk about their business • What is your business? • Services and products • How do you operate? • Processes for selling and providing • Who does what? • Responsibilities and information flow • How do you measure success? • Customer satisfaction, profit, market share, etc. • What is your system’s architecture? • Components, connections, capabilities, and cultures

  6. Internet or other Clients Partners Business/ Security Requirements Transaction System Promotional Web Server Availability Confidentiality Integrity Authentication Integrity 82% required no additional security products Availability Browser Impatient Service System ? Productivity Confidentiality Visibility

  7. Attitudes and Perceptions: • Sailor-on-liberty Philosophy • I want it fast, free and friendly • Security only costs money • True, but . . . . • The most secure solution has • best GUI • largest market share • relationship and trust • Transparent to the user • Accept when . . .

  8. Attitudes and Perceptions: • Sailor-Proof • If it is to hard they will find away around it • KISS Principle • Education is the best bang for the buck • Increases ownership for solving security problems • SNMP is the standard • Not a smoking gun . . . . a bleeding wound is needed. • What is the aspirin for security: • firewalls, VPN, PKI, IDS, . . . . . .? • Technology will solve all of our problems! • Email monitoring problem solution was policy.

  9. Which Authentication is best? • Password? • Time-based? • Challenge and Response? • Event-based? • Biometrics? • Public Key? • VPN? • IDS?

  10. Problem • Subscription Information Service Provider • Web site distribution • Computer illiterate users • Sharing passwords • $40,000 loss per month • What is the solution?

  11. Security and Business Math Profit: Loss: Net: Before $ 50B $ 4.5B $ 46.5B After $ 50B $ 1.0B $ 49.0B Better Idea? $ $ $

  12. Promotional Web Server Firewall Firewall Internet or WAN Read Only Clients Firms Transaction System Support Operations

  13. Promotional Web Server Firewall Internet or WAN Read Only IP Encryption Clients Firms Transaction System IP Encryption Support Operations

  14. Promotional Web Server IP Encryption Firewall Internet or WAN Read Only IP Encryption Clients Firms Transaction System SSL Encryption Support Operations

  15. Promotional Web Server IP Encryption Firewall Internet or WAN Read Only IP Encryption Clients “In God we trust. Everyone else we monitor.” SSL Encryption Intrusion Detection Systems and Assurance Testing

  16. Promotional Web Server IP Encryption Firewall Internet or WAN Read Only IP Encryption Clients Firms What business is this? Transaction System Surf Backups SSL Encryption Backups Web Filter Backups Support Operations

  17. Summary • Based security on business first • Practical solutions, not just technical • Security is a business risk

More Related