0607 Lec 21 Enterprise Security
-
Upload
faisal-samana -
Category
Documents
-
view
219 -
download
0
Transcript of 0607 Lec 21 Enterprise Security
-
8/6/2019 0607 Lec 21 Enterprise Security
1/21
Lecture 21
Enterprise Security
-
8/6/2019 0607 Lec 21 Enterprise Security
2/21
Enterprise securityPutting Security on the Strategy
Agenda
John Hartwright
-
8/6/2019 0607 Lec 21 Enterprise Security
3/21
Introduction
jWhat is your idea of security?
Traditional view
Its all about
access control
-
8/6/2019 0607 Lec 21 Enterprise Security
4/21
Introduction
jWhat is your idea of security?
New technology
view
Its the job of
the IT People
-
8/6/2019 0607 Lec 21 Enterprise Security
5/21
Does this have anything to do
with strategy?jStrategy concerns
objectives at a high level
large numbers of variables tend to be long term
be applicable across an organisation
tend towards generality
-
8/6/2019 0607 Lec 21 Enterprise Security
6/21
Computer security
jOften summed up by the acronym CIA
Confidentiality
Integrity
Availability
jBalance needed between all three
aspects
-
8/6/2019 0607 Lec 21 Enterprise Security
7/21
Technical fixes
jAnti virus software
jEncryption
jPasswords and biometricsjFirewalls
-
8/6/2019 0607 Lec 21 Enterprise Security
8/21
Weakness of technical fixes
jHoax viruses
jSocial engineering
jUsersj Black box fixes
-
8/6/2019 0607 Lec 21 Enterprise Security
9/21
Human fixes
jHard to define what you are securing
jChanges in location of data
jChanges in nature of viruses andmalware
j Increasing use of email
j Increasing need to use e-commerce
-
8/6/2019 0607 Lec 21 Enterprise Security
10/21
Physical security
jAlarm systems
jCCTV
jSecurity taggingjPanic alarms/screens
jGuards
-
8/6/2019 0607 Lec 21 Enterprise Security
11/21
What do you need to secure?
Details of
planned
takeover
Crucial Trivial
Order forpaperclips?
-
8/6/2019 0607 Lec 21 Enterprise Security
12/21
Disaster planning
jWhat will we do if we cant use the
computer?
jBackup systems e.g. hot sites, cold sites, mobile solutions
jBackup data
e.g. tape drives need secure accessible storage
-
8/6/2019 0607 Lec 21 Enterprise Security
13/21
Business Continuity Planning
jWhat destroys the computer may
destroy the office
jNeed to consider IT
Personnel
Office space
Communications links
Public relations
-
8/6/2019 0607 Lec 21 Enterprise Security
14/21
Business Continuity Planning
j Its about business survival
j It wont mean the business is unaffected
j It does need testingjCannot predict all eventualities but the
plan is improved by testing
-
8/6/2019 0607 Lec 21 Enterprise Security
15/21
Employee security
j IT may check for viruses on email but
who checks the post for anthrax?
who knows what to do when they take aphone call and its a bomb threat?
who checks that the windows are designed
to cope with a car bomb?
who knows if the Chairmans chauffeurunderstands how to avoid a hijack?
-
8/6/2019 0607 Lec 21 Enterprise Security
16/21
Forgotten dimensions
jPublic relations
turning adversity into positive news
who is talking to the media?jStress
what support is available to staff?
-
8/6/2019 0607 Lec 21 Enterprise Security
17/21
Structured security
jThe security department is the
protector or guardian of the companys
property, product or merchandise,
assets, equipment, reputation and
employees (Sennewald, 1998)
jMay also need to consider non-
employees such as visitors andcustomers
-
8/6/2019 0607 Lec 21 Enterprise Security
18/21
Bringing it together
j Increasing recognition that
organisations need a coherent and
cohesive strategy
It will be expensive
It will affect the whole organisation
It will change the way we organise and do
business
-
8/6/2019 0607 Lec 21 Enterprise Security
19/21
Key issues
j Mail handling
j Travel
j Employee protection
j Risk assessmentj Infrastructure protection
j Office and plant protection
j Employee morale
NoneNone of these are traditional issues for aof these are traditional issues for a
security departmentsecurity department
-
8/6/2019 0607 Lec 21 Enterprise Security
20/21
Final thought
j There is no end to the imagination of
the terrorist so we should not be
surprised when what they do surprises
us. Yonah Alexander, Potomac Institute for Policy Studies
-
8/6/2019 0607 Lec 21 Enterprise Security
21/21
Enterprise securityPutting Security on the Strategy
Agenda
John Hartwright