Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

information security and privacy

advertisement 
INFORMATION
SECURITY AND
PRIVACY
Presented By:
Jason Rottler
Mengmeng Zhao
Vijak Pongtippun
Weiwei Huang
Ju Yang
Agenda
Introduction
IT Security Spending
IT Security Threats
Chief Information Security Officer (CISO)
Case Studies
Best Practices
2
What is IT Security
Information security means protecting information and information
system from unauthorized access, use, disclosure, disruption,
modification or destruction.
“In the case of information security, the goals of confidentiality,
integrity, and availability (CIA) must be balanced against
organizational priorities and the negative consequences of
security breaches.”
http://en.wikipedia.org/wiki/It_security
http://proquest.umi.com/pqdweb?index=2&did=901411&SrchMode=1&sid=1&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD
&TS=1257803955&clientId=45249
3
What is IT Security
NSTISSC Security Model ( McCumber Cube)
Three dimensions:
1. Confidentiality, integrity, and availability (CIA triangle)
2.Policy, education, and technology
3. Storage, processing, and transmission
Confidentiality
Integrity
Availability
Storage Processing Transmission
http://proquest.umi.com/pqdweb?index=0&did=1374511721&SrchMode=1&sid=1&Fmt=6&VInst=PROD&VType=PQD&RQT=3
09&VName=PQD&TS=1257259579&clientId=45249
http://en.wikipedia.org/wiki/McCumber_cube
4
Why is IT Security important
“Security is, I would say, our top priority because
for all the exciting things you will be able to do
with computers - organizing your lives, staying in
touch with people, being creative - if we don't
solve these security problems, then people will
hold back.”
----Bill gates
http://www.billgatesmicrosoft.com/
http://chinadigitaltimes.net/china/bill-gates/
5
Security Breach Example
Wireless Security and the TJX Data Breach
6
Why is IT Security important
IT Security breaches happen everyday
2009
NAME
NUMBER OF RECORDS
19-Jan-09
Forcht Bank
8,500
3-Feb-09
SRA International
Unknown
12-Mar-09
US Army
1,600
16-Apr-09
Myspace
Unknown
4-May-09
Virginia Health Data
Potentially
530,000
7-Jun-09
T-Mobile USA
Unknown
8-Jul-09
AT&T
2,100
14-Aug-09
American Express
Unknown
2-Sep-09
Naval Hospital Pensacola
38,000
2-Oct-09
U.S. Military Veterans
76 Million
http://www.privacyrights.org/ar/ChronDataBreaches.htm#2009
7
Why is IT Security important
IT security breaches may be from outsider’s and
Insider’s breaches.
“As the network expand, including online, it will
become harder to know whether market-moving
information originated improperly through an
insider’s breach or properly through gathering of
information in other ways”
http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article6861965.eceThe Times October 6, 2009
http://proquest.umi.com/pqdweb?index=0&did=1886259131&SrchMode=1&sid=5&Fmt=3&VInst=PROD&VType=PQD&
RQT=309&VName=PQD&TS=1257262182&clientId=45249
8
Why is IT Security important
Consequences of poor Security in Organization
 Unreliable Systems
 Unauthorized Access By Employee
 Reduced Employee Productivity
 Financial Embezzlement & Lost Revenue
 Theft of Customer Records
Reno, NV, “Academy of Information and Management Sciences” Vol.11 No.2 (October 2007) p.51-53
http://www.alliedacademies.org/Public/Proceedings/Proceedings21/AIMS%20Proceedings.pdf
9
Why is IT Security important
Losses from IT Security Breaches
In 2008 losses resulting from IT security breaches
averaged 289,000
2008 CSI Computer Crime & Security Survey, Robert Richardson, GoCSI.com
10
Agenda
Introduction
IT Security Spending
IT Security Threats
Chief Information Security Officer (CISO)
Case Studies
Best Practices
11
IT Security Spending
31%
31% of companies spend more than 5% of their
overall IT budget on information security in 2008.
2008 CSI Computer Crime & Security Survey, Robert Richardson, GoCSI.com
12
IT Security Spending
IT Budget Vs. Information Security Budget
The projected percentage cut in IT spending for
2009 is greater overall than the relative projected
percentage cut in security spending.
http://metrosite.files.wordpress.com/2008/06/information_security_spending_survey_2009.pdf
13
IT Security Spending
IT departments in U.S. enterprises spent US$61 billion
on security in 2006, representing 7.3% of total IT
spending in the U.S.
IT Security Spend in the U.S. 2006
10.8B
10.4B
9.9B
3.6B
Business
Financial
Government
services
services
sectors
Education
3.2B
Health Care
2.5B
Primary
Industries
http://proquest.umi.com/pqdweb?index=4&did=1162465461&SrchMode=1&sid=4&Fmt=3&VInst=PRO
D&VType=PQD&RQT=309&VName=PQD&TS=1257727916&clientId=45249#indexing
14
IT Security Spending
"IT security has become a higher priority over
the last few years, with a greater proportion of
the overall IT budget being spent on security
equipment and services."
------ Ed Daugavietis
http://proquest.umi.com/pqdweb?index=4&did=1162465461&SrchMode=1&sid=4&Fmt=3&VInst=PROD&V
Type=PQD&RQT=309&VName=PQD&TS=1257727916&clientId=45249#indexing
15
Agenda
Introduction
IT Security Spending
IT Security Threats
Chief Information Security Officer (CISO)
Case Studies
Best Practices
16
Top 9 Network Security Threats
CSOonline.com is the website that provides news, analysis and research on a broad range
of security and risk management topics. Areas of focus include information security, physical
security, business continuity, identity and access management, loss prevention and more.
1.
2.
3.
4.
5.
6.
7.
8.
9.
Malicious Insiders – Rising Threat
Malware – Steady Threat
Exploited Vulnerabilities – Weakening Threat
Social Engineering – Rising Threat
Careless Employees – Rising Threat
Reduced Budgets – Rising Threat
Remote workers – Steady Threat
Unstable Third Party Providers – Strong Rising Threat
Download Software Including Open Source & P2P Files – Steady
Threat
http://www.csoonline.com/article/print/472866
17
Top 9 Network Security Threats
Strong Rising Threat
Weakening Threat
Rising Threat
- Unstable Providers
Rising Threat
- Malicious Insiders
- Social Engineering
- Careless Employees
- Reduced Budgets
Steady Threat
- Malware
- Remote workers
- Download Software
Weakening Threat
- Exploited Vulnerabilities
18
Type of IT Security Threats
Malware
Malware (Malicious Software) is a genetic term for programs that try
to secretly install themselves on your computer.
Other
Thailand
Czech Republic
Turkey
UK
Ukraine
South Korea
Germany
Russia
China (inc HK)
US
14.30%
1.20%
1.30%
1.50%
1.70%
1.80%
2.10%
2.30%
9.10%
27.70%
37.00%
Top 10 malware hosting countries in 2008
http://www.msun.edu/its/security/threats.htm
http://www.sophos.com/sophos/.../sophos-security-threat-report-jan-2009-na.pdf
19
Type of IT Security Threats
Type of Malware
 Viruses
 Worms
 Trojan horses
 Spyware
 Adware
Damage
Some viruses delete files, reformat the hard disk. Worms consume
bandwidth and can cause degraded network performance.
Spyware can collect various types of personal information such as
credit card number, or username and password.
http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
http://proquest.umi.com/pqdweb?index=0&did=1783184381&SrchMode=1&sid=5&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName
=PQD&TS=1257726601&clientId=45249
20
Type of IT Security Threats
Social Engineering
Social engineering is a term is used to describe the art of persuading
people to divulge information, such as usernames, and passwords.
 Identity Theft steal and sell identity information.
 Phishing a fake web page.
Damage
Criminals can use a
person’s detail to make
transactions or create
fake accounts in
victim’s name.
http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
21
Type of IT Security Threats
SPAM
SPAM is electronic junk email. E-mail addresses are collected from
chat rooms, websites, newsgroups.
Damage
SPAM can clog a personal
mailbox, overload mail
servers and impact network
performance.
http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
22
Type of IT Security Threats
Denial of Service Attack (DoS Attack)
DoS Attack is an attempt to make a computer resource such as a
website or web service unavailable to use..
 Criminals frequently
use Bot to launch
DoS Attack
Damage
Dos attacks typically target large businesses or government
institutions. They can make a website or web service temporarily
unavailable (for minutes, hours, or days) with ramifications for sales
or customer service.
http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
23
Prevention of IT Threats
Malware
 Use antivirus and anti spyware software.
 Keep current with latest security updates or patches
 Be wary of opening unexpected e-mails
Social Engineering
 Never disclose any personal information
 Use Strong passwords.
 Never e-mail personal or financial information.
 Check your statements often.
http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
24
Prevention of IT Threats
SPAM
 Use spam filters
 Use a form of e-mail authentication.
 Using reasonable mailing and ensuring relevant e-mails.
 Make sure your e-mails look right in multiple e-mail clients.
DOS Attack
 Plan ahead
 Use Firewalls to allow or deny protocols, ports, or IP addresses.
 Utilize routers and switches
http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
http://proquest.umi.com/pqdweb?index=0&did=1876359931&SrchMode=1&sid=13&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VNam
e=PQD&TS=1257728149&clientId=45249&cfc=1
25
Agenda
Introduction
IT Security Spending
IT Security Threats
Chief Information Security Officer (CISO)
Case Studies
Best Practices
26
Chief Security Officer (CSO)


The executive responsible for the organization's
entire security posture, both physical and digital.
The title Chief Security Officer (CSO) was first
used principally inside the information technology
function to designate the person responsible for
IT security.
http://www.csoonline.com/article/221739/What_is_a_Chief_Security_Officer_?page=1,viewed October 10,2009
27
Chief Information Security
Officer (CISO)

A more accurate description of a job that
focuses on information security within an
organization , and today the CISO title is
becoming more prevalent for leaders with
an exclusive info security focus.
http://www.csoonline.com/article/221739/What_is_a_Chief_Security_Officer_?page=1,viewed October 10,2009
28
Roles & Responsibilities of a
CISO

Communications and Relationship

Risk and Control Assessment

Threat and Vulnerability Management

Identity and Access Management
http://en.wikipedia.org/wiki/Chief_information_security_officer, Viewed October 10,2009
29
CISO: Skills Required for Success

1.
Literature Review
CISO should first think of themselves as Business
professionals and secondly as security specialist.
2.
Partake in continuing security education
3.
Soft skills
4.
Management
5.
Problem solving
6.
Understand of the security threats and risks
Dwayne Whitten(2008),”The Chief Information Security Officer”: An analysis of the skills required for success”, Journal of Computer
Information Systems, Page 15-18
30
CISO: Skills Required for Success

1.
2.
Interviews with Eight Executives
The executives were basically in agreement that the
skills which emerged from the analysis were
important.
They suggested the addition of two items:
* disaster recovery planning
* security breach investigation
The interviews were conducted over a two month period
between December,2005 and January,2006
Dwayne Whitten(2008),”The Chief Information Security Officer”: An analysis of the skills required for success”, Journal of Computer
Information Systems, Page 15-18
31
CISO: Skills Required for Success
Frequency of Duties on Job Listings
Duties
% of listing
included
Oversee IT security policy
70%
Management
58%
IT security education
42%
Maintain currency
39%
Vendor relations
36%
Disaster recovery planning
27%
Security breach investigations
27%
A review of 33 recent CISO job listing posted at Chief Security Officer
magazine (http://www.CSOonline.com)
Dwayne Whitten(2008),”The Chief Information Security Officer”: An analysis of the skills required for success”, Journal of Computer
Information Systems, Page 15-18
32
CISO: Skills Required for Success
Frequency of Background Experience on Job Listing
Duties
% of listing
included
IT security skills
76%
Communication skills
61%
System experience
61%
Leadership skills
39%
Investigative experience
27%
A review of 33 recent CISO job listing posted at Chief Security Officer
magazine (http://www.CSOonline.com)
Dwayne Whitten(2008),”The Chief Information Security Officer”: An analysis of the skills required for success”, Journal of Computer
Information Systems, Page 15-18
33
CISO: Skills Required for Success
Lit. Review
CISO Interview
Job Listing
Management
Skills
Management (D)
Leadership skills (B/E)
Maintain Currency (D)
IT Security
Education
IT Security Education (D)
Maintain Currency (D)
Soft Skills
Communication skills (B/E)
IT Security
Oversee IT Security Policy (D)
IT Security Skills (B/E)
Problem Solving
No Match
Business
Strategy
No Match
Disaster Recovery
Planning
Disaster Recovery Planning (D)
Security Breach
Investigations
Security Breach Investigations
(D)
Investigation Experience (B/E)
System Experience (B/E)
No Match
Vendor Relations (D)
No Match
Dwayne Whitten(2008),”The Chief Information Security Officer”: An analysis of the skills required for success”, Journal of Computer
Information Systems, Page 15-18
34
CISO: Skills Required for Success

Conclusion
Business strategy was given the high level of importance
by the literature and executives, but it was not in the job
listing surveys.
Many of the organizations searching for new CISOs during
the research period didn’t fully understand the importance
of including in the business strategy formulation.
Organizations currently employing a CISO should consider
the duties and responsibilities included in these results as
perfunctory in their position requirement.
Dwayne Whitten(2008),”The Chief Information Security Officer”: An analysis of the skills required for success”, Journal of Computer
Information Systems, Page 15-18
35
Agenda
Introduction
IT Security Spending
IT Security Threats
Chief Information Security Officer (CISO)
Case Studies
Best Practices
36
Case Studies
IT & Security Compliance Manager
of:
Chief Information Security Officer (CISO)
of:
Mining Company
Compal Communication, Inc. (CCI)
37
Part 1 Overview
Mining Company in St. Louis
Compal Communication, Inc. (CCI)
38
Mining Company
Background:
•
2nd largest in their industry
Ships and provide product to 35 states
and 20+ countries worldwide
•
•
•
Size:
•
•
4,600 employees
Revenues:
•
•
$2.9 Billion
$350 Million in profits
IT Security and Compliance Manager of a Mining Company in St Louis, interviewed in person, by Jason Rottler, Oct, 14,2009
39
Compal Communication, Inc. (CCI)
•
Background:
Manufacturers and trades wireless
handsets and other
telecommunication equipment
•
•
Size:
•
4,000 employees
•
Revenues:
•
•
$3.25 Billion
$380 Million in Profit
Mr. Qin, CISO of Compal Communication, Inc. interviewed by phone, by Mengmeng Zhao, Oct, 29, 2009
http://www.compalcomm.com/
40
Part 2 Reporting Structures
Mining Company in St. Louis
Compal Communication, Inc. (CCI)
41
Mining Company
Sr. VP. Strategic
Development
VP & CIO
IS Support
Administrator
Mgr. IT Security
& Compliance
IT Security and Compliance Manager of a Mining Company in St Louis, interviewed in person, by Jason Rottler, Oct, 14,2009
42
Compal Communication, Inc. (CCI)
CEO
CIO
CISO
Mr. Qin, CISO of Compal Communication, Inc. interviewed by phone, by Mengmeng Zhao, Oct, 29, 2009
43
Part 3 The Role of CISO
Mining Company in St. Louis
Compal Communication, Inc. (CCI)
44
Manager IT Security and
Compliance
•
In current position for 4 years
•
•
In charge of security for past 2
Responsibilities
•
Overseeing IS departments of
Security, Change Management,
Business Continuity, and Compliance
IT Security and Compliance Manager of a Mining Company in St Louis, interviewed in person, by Jason Rottler, Oct, 14,2009
45
Chief Information Security
Officer
•
In current position for 2 years
•
•
In charge of security for past 4
Responsibilities
•
Develop and structure information
security policies, change
management, help with integrating
security skills
Mr. Qin, CISO of Compal Communication, Inc. interviewed by phone, by Mengmeng Zhao, Oct, 29, 2009
46
Part 4 Threats & Risks
Mining Company in St. Louis
Compal Communication, Inc. (CCI)
47
Threat Examples and
Mitigation
Risk
Mitigation Practice
Improper Access to Data
Automated Access form that is
routed to requestor’s supervisor
for approval. Quarterly review of
user access by Administrator.
Un-patched Software
Weekly scans for vulnerabilities are
performed on IS assets and
reported to the administrators.
Improper Physical Access
Data center access is limited to
only those needing access. Entry
and data centers have surveillance.
Use of social engineering
to gain access
End user security training
IT Security and Compliance Manager of a Mining Company in St Louis, interviewed in person, by Jason Rottler, Oct, 14,2009
48
Security Issues and Threats
Issues and/or Threats
System Reliability
SQL of Injection
Unauthorized Access by Employees
Mr. Qin, CISO of Compal Communication, Inc. interviewed by phone, by Mengmeng Zhao, Oct, 29, 2009
49
Part 5 IT Security Policies
Mining Company in St. Louis
Compal Communication, Inc. (CCI)
50
IT Security Policies
•
Samples of policies in place:
•
•
•
•
•
•
•
•
•
Information Security Policy
Risk Assessment
ID and Password Access Account
Third Party Access
Information Security Incident
Management
Data Access
Data Sharing
Mobile Device
Encryption
IT Security and Compliance Manager of a Mining Company in St Louis, interviewed in person, by Jason Rottler, Oct, 14,2009
51
IT Security Policies
•
Samples of policies in place:
•
•
•
•
•
No visitors allowed in Information
Security Department
Flash drives can only be readable,
not writable
Emergency services
Access Control System
Monitoring control from Security
Operation Center
Mr. Qin, CISO of Compal Communication, Inc. interviewed by phone, by Mengmeng Zhao, Oct, 29, 2009
52
Part 6 Lessons Learned
Mining Company in St. Louis
Compal Communication, Inc. (CCI)
53
Lessons Learned
•
“No silver bullets to security nirvana”
•
•
Security evolves as risk evolves
Use a layered approach
IT Security and Compliance Manager of a Mining Company in St Louis, interviewed in person, by Jason Rottler, Oct, 14,2009
54
Lessons Learned
•
Importance of security education for EACH
user
• Employees must understand risks
• Provide company-wide security training
• 50+ slides going through 3 tenants of
security
• CIA Model
IT Security and Compliance Manager of a Mining Company in St Louis, interviewed in person, by Jason Rottler, Oct, 14,2009
55
Lessons Learned
•
•
•
Keep in line with international information
security practice
Integrate security needs with business
objectives
Make appropriate adjustments according
to business strategy change
2008/ISO2701 Certificate
Mr. Qin, CISO of Compal Communication, Inc. interviewed by phone, by Mengmeng Zhao, Oct, 29, 2009
56
Part 7 Plans for the Future
Mining Company in St. Louis
Compal Communication, Inc. (CCI)
57
Plans for the Future
•
Integrate different “specialties” into
overall Governance, Risk, and
Compliance (GRC) Model
IT Security and Compliance Manager of a Mining Company in St Louis, interviewed in person, by Jason Rottler, Oct, 14,2009
58
Plans for the Future
•
•
Review security at
each location for
operational
equipment
Document
standards and
procedures related
to IT policies
•
Example: What to do if you need a user ID?
IT Security and Compliance Manager of a Mining Company in St Louis, interviewed in person, by Jason Rottler, Oct, 14,2009
59
Plans for the Future
•
Information security program for
business processes that is “tailormade” for the company
•
Employee internet management
Mr. Qin, CISO of Compal Communication, Inc. interviewed by phone, by Mengmeng Zhao, Oct, 29, 2009
60
Part 8 Summary Comparison
Mining Company in St. Louis
Compal Communication, Inc. (CCI)
61
Summary Comparison
Mining Company
CCI
$2.9 Billion
$3.25 Billion
Security Mgr Reports
to:
VP/CIO
CIO
Interviewee in charge
of Security for:
2 years
3 years
Policy examples
IS Incident Mgmt,
ID & Password,
Risk Assessment,
Data Access, etc.
Data Access,
Monitoring,
Emergency Services,
etc.
Top Threats
Improper access
to data
Unauthorized
access to data
Layered Approach
IS in-line
w/business
strategy
GRC Model
Info security
program for
business processes
Revenues
Lessons Learned
Future Plans
62
Agenda
Introduction
IT Security Spending
IT Security Threats
Chief Information Security Officer (CISO)
Case Studies
Best Practices
63
Best Practices from
Case Studies
•
•
•
•
•
•
Access
• Allow on a “least privilege” basis
Review security as systems are installed
Follow CIA
Depth of Security
• Layered approach
Integrate security
needs with business
objective
Adjust according to
business strategy
IT Security and Compliance Manager of a Mining Company in St Louis, interviewed in person, by Jason Rottler, Oct, 14,2009
Mr. Qin, CISO of Compal Communication, Inc. interviewed by phone, by Mengmeng Zhao, Oct, 29, 2009
64
The Verizon Business Risk Team:
Proper Security Measures
•
Align process with policy
•
Achieve “essential” then worry about “excellent”
•
Create a data retention plan
•
Control data with transaction zones
•
Monitor event logs
•
Incident Response Plan
•
Increase awareness and testing
Study of over 500 breaches from 2004 – 2007 found
87% could have been prevented
Swartz, N.. (2008). Study: Most Data Breaches Preventable. Information
Management Journal, 42(5), pg 7.
65
THANK YOU
Jason Rottler
Mengmeng Zhao
Vijak Pongtippun
Weiwei Huang
Ju Yang
References
1. http://en.wikipedia.org/wiki/It_security
2. Principles of Information Security By Michael E. Whitman, Herbert J. Mattord
http://books.google.com/books?id=gPonBssSm0kC&pg=PA13&lpg=PA13&dq=nstissc+securi
ty+model&source=bl&ots=cZ8bUHvAnV&sig=mLSw8gGbD6wrhoP2u9R4t2dLcmg&hl=en&ei=
6jnrSu3SCJW6Noj8rYQM&sa=X&oi=book_result&ct=result&resnum=6&ved=0CBcQ6AEwBQ#v
=onepage&q=nstissc%20security%20model&f=false
*3. Security as a contributor to knowledge management success By Murray E. Jennex & Suzanne
Zyngier Published online: 9 October 2007, # Springer Science + Business Media, LLC 2007
http://proquest.umi.com/pqdweb?index=0&did=1374511721&SrchMode=1&sid=1&Fmt=6&
VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257259579&clientId=45249
4. http://www.billgatesmicrosoft.com/
5. http://chinadigitaltimes.net/china/bill-gates/
6.http://www.youtube.com/watch?v=6tnnuGRT088&feature=PlayList&p=3D4EE8E264394E75&pla
ynext=1&playnext_from=PL&index=21
*7. Information Age: 'Outsider Trading' and Too Much Information By L. Gordon Crovitz. Wall Street
Journal. (Eastern edition). New York, N.Y.: Oct 26, 2009. pg. A.17
http://proquest.umi.com/pqdweb?index=0&did=1886259131&SrchMode=1&sid=5&Fmt=3&
VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257262182&clientId=45249
8. http://www.privacyrights.org/ar/ChronDataBreaches.htm#2009
*9. THE CHIEF INFORMATION SECURITY OFFICER: AN ANALYSIS OF THE SKILLS REQUIRED FOR
SUCCESS BY Dwayne Whitten. The Journal of Computer Information Systems. Stillwater: Spring
2008. Vol. 48, Iss. 3; pg. 15, 5 pgs
http://proquest.umi.com/pqdweb?index=0&did=1481115001&SrchMode=1&sid=2&Fmt=4&
VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257639426&clientId=45249
10. 2008 CSI Computer Crime & Security Survey, Robert Richardson, CoCSI.com
http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2008.pdf
67
References
11.Information security spending survey 2009 results By Dov Yoran, Partner, Metrosite Group
http://metrosite.files.wordpress.com/2008/06/information_security_spending_survey_2009.p
df
*12. IT Security Spending by U.S. Companies Will Hit US$61 Billion for 2006, Says Info-Tech
Research Group PR Newswire. New York: Nov 15, 2006.
http://proquest.umi.com/pqdweb?index=4&did=1162465461&SrchMode=1&sid=4&Fmt=3&
VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257727916&clientId=45249#indexi
ng
13. http://www.baselinemag.com/c/a/Security/Top-IT-Security-Spending-Priorities-for-2009/
14. Information Technology Services: Types of Net Threats, from
http://www.msun.edu/its/security/threats.htm
15. Sophos security threat report 2009, from
http://www.sophos.com/sophos/docs/eng/marketing_material/sophos-security-threatreport-jan-2009-na.pdf
16. The 11 most common computer security threats… And what you can do to protect yourself
from them.
http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
*17. Kevin Prince, “Top 9 Network Security Threats in 2009”, from
http://www.csoonline.com/article/print/472866
*18. Reno, NV, “Academy of Information and Management Sciences” Vol.11 No.2 (October 2007)
p.51-53
http://www.alliedacademies.org/Public/Proceedings/Proceedings21/AIMS%20Proceedings.pdf
19. McAfee logo, from
http://strategyhealth.com/computer_help/mcafee_logo_1.jpg
68
References
20. Symantec logo, from
http://www.cstoncall.com/images/upload/symantec-logo-300dpi.jpg
21. Ad-aware logo, from
http://www.weatherbug.com/aws/imagesHmPg0604/img_logo_adaware.gif
22. http://www.csoonline.com/article/221739/What_is_a_Chief_Security_Officer_?page=1,viewed
October 10,2009
23. http://en.wikipedia.org/wiki/Chief_information_security_officer, Viewed October 10,2009
24. Interview with IT Manager at Mining Company.
http://www.corporatecomplianceinsights.com/2009/grc-management-best-practicesframework-for-more-effective-governance-risk-and-compliance-management
*25. Group Test: Anti-malware Michael Lipinski. SC Magazine. New York: Jan 2009. Vol. 20, Iss. 1;
pg. 42, 2 pgs
http://proquest.umi.com/pqdweb?index=0&did=1783184381&SrchMode=1&sid=5&Fmt=3&
VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257726601&clientId=45249
*26. Five ways to make sure your e-mail isn't flagged as spam Phil Fernandez. B to B. Chicago: Sep
28, 2009. Vol. 94, Iss. 12; pg. 18, 1 pgs
http://proquest.umi.com/pqdweb?index=0&did=1876359931&SrchMode=1&sid=13&Fmt=3
&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257728149&clientId=45249&cfc=
1
*27. Information security - The CIA model by Le Roux, Yves. Director. London: Aug 1993. pg. 53, 4
pgs
http://proquest.umi.com/pqdweb?index=2&did=901411&SrchMode=1&sid=1&Fmt=3&VInst
=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257803955&clientId=45249
28. http://www.cert.org/cert/
29. http://www.compalcomm.com/
30. http://en.wikipedia.org/wiki/McCumber_cube
69
References
*31. Swartz, N.. (2008). Study: Most Data Breaches Preventable. Information Management
Journal, 42(5), pg 7.
32. CISO PICTURES, from “INFORMATION SECURITY - TOPIC AND SPEAKERS”
http://images.google.com/imgres?imgurl=http://www.isacasv.org/speaker_images/kenbaylo.jpg&
imgrefurl=http://www.isacasv.org/SpringConferenceSecTopic2007.html&usg=__8NPq9rC9j7B
_wFC9Pl36YIQMww=&h=385&w=350&sz=27&hl=zhCN&start=92&tbnid=6LVk3Bf6CFqSyM:&t
bnh=123&tbnw=112&prev=/images%3Fq%3DCISO%26gbv%3D2%26ndsp%3D20%26hl%3DzhCN%26sa%3DN%26start%3D80
* Represents the documents from referred journals
70
Related documents
Document View - ProQuest - Chun Wei Choo
Document View - ProQuest - Chun Wei Choo
Medical Device Safety
Medical Device Safety
FINANCIAL TAXONOMY
FINANCIAL TAXONOMY
Top Issues of CISOs
Top Issues of CISOs
sample - Anoka Ramsey Community College
sample - Anoka Ramsey Community College
Cyber Security Council
Cyber Security Council
THE COMPAL III: a regional programme for Latin American countries
THE COMPAL III: a regional programme for Latin American countries
Download
advertisement