Beruflich Dokumente
Kultur Dokumente
Bob Tarzey,
Service Director
Quocirca Ltd
Security seminar –
Nov 11th 2008
Agenda
Finance
Utility
Telecomms and Media
Public Sector
Retail
Industrial
Healthcare
Contractors Partners Suppliers Customers
Number of employees
Percentage of laptops
Number of employees
1980s
Print and fax
FTP
Corporate IT Firewall
Email
Web
IM
Social networks/
virtual worlds
2008
Data, information or content
Content generators
Create data
and
information
Direct Indirect
Theft Reputation
Fines Customer loss
Disclosure Share price
External – Malware –
Internal
spyware, phishing,
Employee carelessness/stupidity
Pharming etc.
Broken business processes
Poor policy
External –
Hackers
Internal – Employee malice
© 2008 Quocirca Ltd 13
Causes of leaks – mostly internal
Employee oversight
Manager approved
Malicious
Other
Definitely
Probably
Possibly
No
Don't know
Heavily
Moderately
Sparingly
Not at all
Yes
Working on creating
them
No
Money
Coercion
Ideology
Oct 2005
© 2008 Quocirca Ltd 18
Ignoring the internal threat
Desire
to trust
Provide
access Weak
policy
Deny
Avoid bad
press
Policy should:
1. Aim to prevent breaches
2. Detail how breaches are handled
3. Be reviewed date in light off
• New technology
• New legislation
• New business processes
Handle content
ISO 27001
Security
People
Content
Network
Time
© 2008 Quocirca Ltd 27
The encryption conundrum
Print Blogs
USB SMTP
Policy
FTP Web 2.0
Thank you
Bob Tarzey
Quocirca
www.quocirca.com