InfoCommons

BLACK JUNE 2005

Posted in Information Security by coda on February 23, 2010

3 Student presentations on Information Security
3 examples – UBS, Motorola and Citibank
The 3 types of threats: Physical, Technical and Social
The first is particularly poignant – Haiti, 9-11
The second – infrastructure: Network/Systems
The third – social. [case examples]

What types of regulations?
Data Protection/Privacy
Common Law obligations – laws of trespass, tort of negligence, criminal damage
Q. How do you explain increased legislative activity?

Types of Approaches
Physical Security measures – CCTV, biometric, ID system
Technical – Network/Information Security
Social – Promoting Institutional Awareness

2nd Presentation
Phishing websites of RBS – illustrates the role of social engineering.
Important – how is fraud being perpetrated? Contrast this with the way “old” type fraud take place.
This is a useful example demonstrating the scale, reach and nature of threats.
Why online? What are the incentives/motives for committing online fraud?
We need to look at online security from the perspective of “data” (what we are trying to protect”) “systems” (the vehicle through which data is carried).
Online malicious attack/intrusion – theft, damage system/delete data
Learning point: how do we “draft” legislation/rules? Emphasis of laws: “unauthorised” and “access”
Where are the threats likely to come from? What types of threats?
A particular problem arises where employees access the Internet/engage in personal communications from work. By the same token, quite a lot of individuals work from home – problems may arise if the home network/computer is not secure or does not have updated appropriate security software.
What is the value of “data”? How much does it cost to upgrade systems/install systems?

Securing compliance is a corporate governance issue. How is this achieved?
Law – legal rules governing data processing
Data Breach Notification laws

Presentation 3
Takes a close examination of the “types” of threats
a. Virus (Melissa) – used email to infect computers
Charged in New Jersey

b. Worm (ILOVEYOU)
Downloads malicious software – and program continues to propagate.
Note – offenders from Philippines. There was no law covering what the accused was deemed to have done – this act of creating the malicious software was an offence in US.

c. Individual’s email was hacked – account was used. What are the challenges for enforcement and investigation?

Advertisements
Tagged with:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: