Total BS Security: Business-based Systems Security
description
Transcript of Total BS Security: Business-based Systems Security
![Page 1: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/1.jpg)
MID/jpl 04/21/23 1 © 1999 by James P. Litchko
Total BS Security:
Business-basedSystems
Security
Jim [email protected](703) 528-0334 ext. 310
![Page 2: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/2.jpg)
MID/jpl 04/21/23 2 © 1999 by James P. Litchko
Presentation
• An Approach– Business and Holistic
• Attitudes– Ours and Theirs
• Solutions– Case Studies
• Opinions– Mine
• Questions– Anytime
![Page 3: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/3.jpg)
MID/jpl 04/21/23 3 © 1999 by James P. Litchko
Typical Evolving Network
Internet or other
Clients
Partners
Corporate System
![Page 4: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/4.jpg)
MID/jpl 04/21/23 4 © 1999 by James P. Litchko
“Secure Brick” Theory
Operations Security
Manager
Profit Loss
Demand Supply
![Page 5: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/5.jpg)
MID/jpl 04/21/23 5 © 1999 by James P. Litchko
Approach . . . talk about their business
• What is your business?– Services and products
• How do you operate?– Processes for selling and providing
• Who does what?– Responsibilities and information flow
• How do you measure success?– Customer satisfaction, profit, market share, etc.
• What is your system’s architecture?– Components, connections, capabilities, and cultures
![Page 6: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/6.jpg)
MID/jpl 04/21/23 6 © 1999 by James P. Litchko
PromotionalWeb Server
TransactionSystem
ServiceSystem
Integrity
AvailabilityConfidentialityIntegrityAuthentication
Clients
PartnersConfidentialityVisibility
AvailabilityBrowserImpatient
Security Requirements
Internet or other
Business/
?Productivity
82% required no additional security products
![Page 7: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/7.jpg)
MID/jpl 04/21/23 7 © 1999 by James P. Litchko
Attitudes and Perceptions:
• Sailor-on-liberty Philosophy– I want it fast, free and friendly
• Security only costs money– True, but . . . .
• The most secure solution has– best GUI– largest market share– relationship and trust
• Transparent to the user– Accept when . . .
![Page 8: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/8.jpg)
MID/jpl 04/21/23 8 © 1999 by James P. Litchko
Attitudes and Perceptions:
• Sailor-Proof– If it is to hard they will find away around it
• KISS Principle– Education is the best bang for the buck– Increases ownership for solving security problems
• SNMP is the standard– Not a smoking gun . . . . a bleeding wound is needed.
• What is the aspirin for security:– firewalls, VPN, PKI, IDS, . . . . . .?– Technology will solve all of our problems!– Email monitoring problem solution was policy.
![Page 9: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/9.jpg)
MID/jpl 04/21/23 9 © 1999 by James P. Litchko
Which Authentication is best?• Password?• Time-based?• Challenge and Response?• Event-based?• Biometrics?• Public Key?• VPN?• IDS?
![Page 10: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/10.jpg)
MID/jpl 04/21/23 10 © 1999 by James P. Litchko
Problem• Subscription Information Service Provider• Web site distribution• Computer illiterate users• Sharing passwords• $40,000 loss per month• What is the solution?
![Page 11: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/11.jpg)
MID/jpl 04/21/23 11 © 1999 by James P. Litchko
Security and Business Math
Profit:
Loss:
Net:
Before
$ 50B
$ 4.5B
$ 46.5B
After
$ 50B
$ 1.0B
$ 49.0B
Better Idea?
$
$
$
![Page 12: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/12.jpg)
MID/jpl 04/21/23 12 © 1999 by James P. Litchko
Internetor WAN
PromotionalWeb Server
Read Only
Firewall
Firms
Clients
Firewall
SupportOperations
TransactionSystem
![Page 13: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/13.jpg)
MID/jpl 04/21/23 13 © 1999 by James P. Litchko
Internetor WAN
PromotionalWeb Server
Read OnlyFirewall
Firms
Clients
IP Encryption
IP Encryption
SupportOperations
TransactionSystem
![Page 14: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/14.jpg)
MID/jpl 04/21/23 14 © 1999 by James P. Litchko
Internetor WAN
PromotionalWeb Server
Read OnlyFirewall
Firms
Clients
IP Encryption
IP Encryption
SSL Encryption
SupportOperations
TransactionSystem
![Page 15: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/15.jpg)
MID/jpl 04/21/23 15 © 1999 by James P. Litchko
Internetor WAN
PromotionalWeb Server
Read OnlyFirewall
Clients
IP Encryption
IP Encryption
SSL Encryption
IntrusionDetection Systems and
Assurance Testing
“In God we trust.Everyone else we monitor.”
![Page 16: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/16.jpg)
MID/jpl 04/21/23 16 © 1999 by James P. Litchko
Internetor WAN
PromotionalWeb Server
Read OnlyFirewall
Firms
Clients
IP Encryption
IP Encryption
SSL Encryption BackupsBackups
Backups
SurfWeb Filter
SupportOperations
TransactionSystem
What business is this?
![Page 17: Total BS Security: Business-based Systems Security](https://reader036.fdocuments.net/reader036/viewer/2022062423/56814547550346895db2140b/html5/thumbnails/17.jpg)
MID/jpl 04/21/23 17 © 1999 by James P. Litchko
Summary
• Based security on business first
• Practical solutions, not just technical
• Security is a business risk