S e c u rity S o lu tio n s

Size: px

Start display at page:

Download "S e c u rity S o lu tio n s"

Melina Little
5 years ago
Views:

1 1 S e c u rity S o lu tio n s Introduction to security

2 2 Why Security Is Necessary? Following question may be familiar to some people Doing all that security is expensive and generates no money. Do we really need it? Security is problematic since it does not bring money and may prevent something that may or may not happen! And worse wrong type of security measures just waste money without giving any safety But still in the long run being without security is even more expensive Smart security is maximizing profit by minimizing problems

3 3 Business Problems Typical threats for just about any company Competitor having superior products Loss of equipment or cash reserves Stops in production Loss of reputation It might seem that these do not have too much to do with security or security problems But let's have a deeper look what might be possible causes for these threats

4 What This Has To Do With 4 Security? Competitor having superior products Industrial espionage, employees leaking information Loss of equipment or cash reserves Embezzlement and theft Stops in production Industrial accidents Disruptions in the system (f.ex Virus brings down network) Loss of reputation Serious security incident in some of the above Poor handling of media

5 What Needs To Be Protected? 5 Property Machines, buildings, money, art, investments, stores Information Business contacts, dealer pricing, source code Value depends on how many know the information Personnel Workforce, information storage Reputation Brand image, sets the value of goods produced Anything that is of value for a company

6 6 What is security? More than just firewalls and Anti-Virus Fire and building security Physical security Crime prevention Personnel security and personnel safety Financial security Information security Continuing operations IT security Transportation security

7 Security Is Recognizing A 7 Problem And doing something about it The key point in security is knowing you business How business processes work? What problems have you had in the past? What weak links in the system you know, what you don't? Start from the weakest link in the system No point in reinforcing the door if the window is open Security is planning and building things so that they are inherently secure without additional work Trying to add security later is possible but expensive

8 8 Basic Principles Of Security Security is minimizing risks to acceptable level Minimize probability of incident Minimize damage caused by incident Minimize recovery time and cost caused by the incident Security is not preventing every imaginable threat Security must not be too expensive in relation to things protected Good security thinking optimizes the price of protection by the value of things protected If security costs are significant part of total costs it may be time to rethink the business model

9 9 How Security Works Prevent Improve Learn Detect React Recover

10 10 Aspects Of Security Company security policy Targets and responsibilities Personnel training Skills and motivation Processes and technical solutions What and how

11 11 Security Terms Threat Something that may go wrong and probability of it doing so Vulnerability Weakness in system that makes threat possible, or increases probability Damage Loss caused by the threat realizing Risk Unit of evaluation for security threats Risk= Threat * Damage

12 12 Security Terms Incident Security threat that has realized Accident An incident that does not need active malicious attacker Attacker Common name for 'enemy' Someone who tries to damage the system in some way (direct attack or theft) Attacker can be either external factor (thief, hacker) or internal (own personnel), but always an active component

13 13 References Kurssi: Yritysturvallisuuden perusteet Teemu Pekka Virtanen

Information Security. Structure. Common sense security. Content. Corporate security. Security, why

Information Security. Structure. Common sense security. Content. Corporate security. Security, why Information Security Teemupekka Virtanen Helsinki University of Technology Telecommunication Software and Multimedia Laboratory teemupekka.virtanen@hut.fi Structure 1. Information security What, why, content