1 / 20

IT Security Cybercrime IT Communication Summit 2010 March 8, 2010

?Dr. Respickius Casmir. Outline. IntroductionA Conceptual IT SystemIT Security in a NutshellIT Security Risks, Threats and Vulnerabilities Why Worry about IT Security and CybercrimeConclusion and the Way Forward. ?Dr. Respickius Casmir. Introduction. Every progressive organization is governe

brygid
Download Presentation

IT Security Cybercrime IT Communication Summit 2010 March 8, 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. ©Dr. Respickius Casmir IT Security & Cybercrime IT & Communication Summit 2010 March 8, 2010 By Respickius Casmir, PhD. University of Dar es Salaam Computing Centre (UCC)

    2. ©Dr. Respickius Casmir Outline Introduction A Conceptual IT System IT Security in a Nutshell IT Security Risks, Threats and Vulnerabilities Why Worry about IT Security and Cybercrime Conclusion and the Way Forward

    3. ©Dr. Respickius Casmir Introduction Every progressive organization is governed by a Corporate Strategy. IT Governance is part and parcel of Corporate Strategy. IT Security is an integral part of IT Governance. Therefore, Corporate Strategy, IT Governance, and IT Security are inseparable elements. Cybercrime is a form of crime where the Internet or computers are used as a medium to commit crime.

    4. ©Dr. Respickius Casmir A Conceptual IT System

    5. ©Dr. Respickius Casmir A Conceptual IT System (2)

    6. ©Dr. Respickius Casmir A Conceptual IT System (3)

    7. ©Dr. Respickius Casmir A Conceptual IT System (4)

    8. ©Dr. Respickius Casmir A Conceptual IT System (5)

    9. ©Dr. Respickius Casmir A Conceptual IT System (5) People include: 1. Insiders (i.e. staff, temporary staff, consultants) 2. Outsiders with access to the inside (i.e. partners, suppliers, customers) 3. Outsiders with some knowledge about the inside (i.e. ex-staff, ex-consultants) 4. Outsiders with certain motivation to launch attacks against your organisation (competitors, hackers, industrial espionages, other attackers)

    10. ©Dr. Respickius Casmir IT Security in a Nutshell IT security is all about controlling access to information assets to ensure: Confidentiality – ensuring that information is accessible only to those authorized to have access to it. Integrity – safeguarding the accuracy and completeness of information and processing methods. Availability – ensuring that authorized users have access to information and associated assets when required.

    11. ©Dr. Respickius Casmir Security Goals

    12. ©Dr. Respickius Casmir Security Attacks

    13. ©Dr. Respickius Casmir Security Attacks Interruption: This is an attack on availability Interception: This is an attack on confidentiality Modification: This is an attack on integrity Fabrication: This is an attack on authenticity

    14. ©Dr. Respickius Casmir Security Risks, Threats & Vulnerability

    15. ©Dr. Respickius Casmir Budgeting for security precautions Remember the old saying, “Do not place all of your eggs in one basket”?. This wisdom definitely applies to budgeting for your IT security. Do not spend all of your budget on one mode of protection. For example, it does little good to invest $15,000 in fire-walling technology if someone can simply walk through the front door and walk away with your corporate server.

    16. ©Dr. Respickius Casmir Budgeting for security precautions (2) The bottom line is to be creative. The further you can stretch your security budget, the more precautions you can take. Security is a proactive expenditure, meaning that we invest money in security precautions to avoid spending additional money later playing for recovery from a network disaster. The more precautions that can be taken, the less likely disaster is to strike.

    17. ©Dr. Respickius Casmir IT Security Challenges IT security challenges include: Increased global exposure of Information Assets via the Internet. Ubiquitous security threats and vulnerabilities Increased dependence on IT Systems without proper strategies to deal with security issues Inadequacy of IT security awareness programs for end users Lack of National level/Institutional Strategy for handling IT Security and Cybercrime issues.

    18. ©Dr. Respickius Casmir Conclusion and the Way Forward We need to have a national/institutional strategy for handling IT security and cybercrime issues. Such a strategy should include security training and awareness programmes to ensure that all users of IT systems have the basics of security. Adopt International IT security Best Practices such as ISO/IEC 27000 family of standards, is an Information Security Management System (ISMS), and Adopt and customize BS 7799-3:2005 to come up with our own TZ 7799 standard for Information security management systems that is tailored to our own business context.

    19. ©Dr. Respickius Casmir Conclusion and the Way Forward It is imperative to note that a well-trained, well-informed workforce is one of the most powerful weapons in an information security manager’s arsenal.

    20. ©Dr. Respickius Casmir Thank You! Respickius Casmir, PhD. res@udsm.ac.tz

More Related