Infomation Security and ItsImpact on Business.ppt

Information Security and Its Impact on Business Prof. Chi-Chun Lo National Chiao-Tung University Oct. 5, 2006 INTRODUCTION What if someone asks your CEO “How Secure is Your Corporation? One foot in ice water and one foot in boiling water does not mean that on average you are at room temperature. Corporations are not monolithic, and all parts of the business don’t have (or necessarily need) the same level of security Security is not an end state, nor can it be judged by measuring any single variable at any single point in time Selling Security is Still a Challenge Is the glass half empty, or is it half full? Security is like the brakes on your car. Their function is to slow you down But their purpose is to allow you to go fast. Bill Malick, Gartner Scope of Security System Security - Mostly Technical Issues - Hardware Software Solutions, e.g.; Cryptography, Protocol, Security System etc. Information Security - Mostly Managerial Issues - Business Solutions, e.g.; Organization, Culture (Behavior), Policy, Risk Management, Standards, Legal Rights etc. Causes of Information Damage Information Security High dependence on information as a contributing factor of success or failure, created the need for information security and control Information security definition: “preservation of confidentiality, integrity and availability of information and information systems” The objective of information security is to ensure the continuity of business management and to reduce interruptions of business by preventing and minimizing the consequences of security incidents. Information security relates to all controls aimed at protecting the availability, integrity and confidentiality of information Information Security Components Business Model for Information Security Security Systems Development Life Cycle(SSDLC) Policy and Procedure A policy is typically a document that outlines specific requirements