1 / 32

KÜRT COMPUTER RT. COMPUTER AND AUTOMATION RESEARCH INSTITUTE (MTA SZTAKI) UNIVERSITY OF VESZPRÉM

KÜRT COMPUTER RT. COMPUTER AND AUTOMATION RESEARCH INSTITUTE (MTA SZTAKI) UNIVERSITY OF VESZPRÉM MATHEMATICS AND COMPUTING DEPARTMENT. Information Technology Security Technology and Data Insurance. KÜRT Computer. National Research and Development Program. Project leader Sándor KÜRTI dr.

xerxes
Download Presentation

KÜRT COMPUTER RT. COMPUTER AND AUTOMATION RESEARCH INSTITUTE (MTA SZTAKI) UNIVERSITY OF VESZPRÉM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. KÜRT COMPUTER RT. COMPUTER AND AUTOMATION RESEARCH INSTITUTE (MTA SZTAKI) UNIVERSITY OF VESZPRÉM MATHEMATICS AND COMPUTING DEPARTMENT Information Technology Security Technology and Data Insurance KÜRT Computer National Research and Development Program Project leader Sándor KÜRTI dr. KÜRT Computer Rt. Veszprémi Egyetem MTA SZTAKI

  2. Level of security Security Expenditure Level of security Security gap Security Expenditure Traditional risk management System Risk analysis Regulation Risk Management Insurance

  3. IT system Level of Security Risk analysis Security Expenditure Level of Security Regulation Risk management Security Gap Insurance Security Expenditure Risk Management in IT

  4. Determination of value of information Development of an up-to-date IT security technology Development of a comprehensive e-Risk management program Network security applications Computer-based e-Insurance methodology Research Targets

  5. Strengths of the project • Technological backgrounds. • High level project management practice. • Database of information technology catastrophes and the reasons of data loss. • High level mathematical background.

  6. 2. Mathematical researches in the Risk analysis area • Processing of multi-valued statistical data • Examination of internal relationships, determination of background variables • Determination of quantitative dependencies • Visualization of connections with introduction of new variables • Determination of the value of the risk

  7. Scientific processing of data recovery data set Planning of the database structure Analysis of the causes of data losses and data crimes Starting of the statistical analysis First Phase: Information Collection (data security issues)

  8. Analysis of possible damages of data storing media Analysis of the possible data backup and recovery methodologies Collecting of paper-based and electronic data recovery information Scientific processing of data recovery database

  9. Development of uniform data format from the backup and recovery information Coding of paper-based information Harmonization and converting of electronic data Testing of user interface of database system Database creation Planning of the Database Structure

  10. Analysis of international trends Analysis of the Hungarian trends Data loss  hardware causes (appr. 70%) Data crimes  internal workers (appr. 77%) Analysis of the causes of data losses and data crimes

  11. The main target More exact determination of the value of information from the data recovery cases Involving the users into the IT value estimation Size of company, size of data storage media, ordering value Statistical analysis

  12. Project tasks were done The data recovery database is operable Scientifically valuable results (publications) Initialization of statistical analyses for assisting the definition of value of information and risks Assessment of the first phase

  13. Phase 2: Production of knowledge base • Converting recovery database into the initial knowledge base • Cryptographic protocol errors, case studies • Assessment of market needs and possibilities • Continuation of statistical analysis

  14. Observation matrix Knowledge base format Identifiers Company data (industrial sector, size) Operating system information Causes of data losses Recoverable/Non-recoverable Ordered/ Not-ordered Price of data recovery action Converting recovery database into the initial knowledge base

  15. Contingencies of cryptographic systems Assessment for the risk management Case studies Assessments, statistical analysis Legal issues Hungarian and international (EU) regulations Assessment of data insurance possibilities Cryptographic protocol errors, case studies

  16. Data insurance possibilities (Hungary, international) Needs Concurrent products Client preferences User groups Market possibilities Methodology for the insurance companies Methodology for IT companies (risk analysis) Assessment of market needs and possibilities

  17. Development a statistical model Simulation on the data recovery data set The observatory matrix gives a solid base for the statistical analysis The simulation tool proofs the goodness of the statistical analysis Continuation of statistical analysis

  18. Project tasks were done Scientifically valuable results (publications) High level analysis of the weak points of the cryptographic systems Market analysis — good base for product development and analysis The next step in ISYS development is the development of Business Continuity Plan and Disaster Recovery Plan and an insurance module Results of the 2nd phase

  19. 3rd Project Phase: Statistical Analysis, Summary of Methodologies • Collection and examination of multi-valued statistical methods • Assessments • Development of algorithms

  20. Method selection Single-valued Multivalued Strategy for assessments Statistical analysis on the stored data recovery data (10,000 cases) Collection and examination of multi-valued statistical methods

  21. Time functions of data losses Recoverable/ordered recovery cases Analysis of data recovery cases Business strategy analysis Analysis of data insurance possibilities Assessments

  22. Extension of examination methods based on censored sample Examination of the goodness of the other analysis and solutions Single- and multi-valued analysis Development of algorithms

  23. Scientifically relevant results (publications) Business decisions were made based on the statistical results (in the project and in KÜRT) Solid base for the further developments in value estimations and insurance strategies Evaluation of the 3rd phase

  24. 4th Phase: Quality Management • IT quality management • IT system parts • IT business processes • Cryptographic processes and solutions • New developments in quality management, further improvements in our system

  25. IT system parts, technological processes and organizational processes Uniform Processes Utilities Measurement tools Feedbacks Reporting system ISO 9001:2000 based quality management system in KÜRT and in MTA SZTAKI (TÜV Rheinland) IT Quality Management

  26. Quality management trends Software Process Improvement (SPI) ESSI Scope measurement tools Target: Capability Maturity Model IT Security trends ISACA COBIT BS 7799-ISO 17799 New developments in quality management, further improvements in our system

  27. ISO 9001:2000 systems in KÜRT and MTA SZTAKI Possible trends in improvement of quality systems (international trends) — EU trends Evaluation of 4th phase results

  28. Tasks of 5th Phase Disaster Recovery Module for IBiT (DRP module,in progress) Methodology for IBiT Determination of value of damages Risk analysis methodology Business Continuity Processes Tasks of 6th Phase Data insurance system (service pack, in progress) Probability of damage cases Damage value models Business value determinations Insurance value determinations Next Project Phases

  29. Task areas — as planned Workflow system — project management (Prince)(electronic tools) Acceptance of ready material Stable project staff Cooperation in the consortium

  30. Lectures: Ministry of Education (2002) Hungarian IT-Business Conference (2002) Centennial Conference of the John von Neumann Computer Society (invited lecture 2003) Scientific seminar (MTA SZTAKI) http://csillag.ilab.sztaki.hu/dms/eszigno/szeminarium.htm Educational courses University of Budapest, Informatics Ph.D. programme (2002-) University of Debrecen, Informatics Ph.D. programme (2002-) University of Veszprém, Informatics Ph.D. programme (2001-) Dissemination of Results

  31. 2 Ph.D. candidates in the project area TV programs : CNN (2001) Hungarian TV1 DELTA (2002) Duna TV (2002) Awards Innovation Award (Ministry of Informatics) (2003) Dissemination of Results (2)

  32. Veszprémi Egyetem KÜRT Computer MTA SZTAKI Thank you for your attention!

More Related