Isys20261 lecture 04

Computer Security Management(ISYS20261)Lecture 4 - Facts and figures

Module Leader: Dr Xiaoqi Ma

School of Science and Technology

Computer Security Management

Previously on the show …

• Attacker: malicious entity that tries to compromise information security requirements (CIA)

• Attackers differ in– Motivation

– Ability

– Resources

– Readiness to assume risk

• Types of attackers:– Opportunist

– Emotional attacker

– Cold intellectual attacker

– Terrorist

– Insider


Today:

• CSI Computer Security Survey

• Overview

• Most common attacks

• Technologies used to combat attacks

• Actions taken

• Training issues


Computer Security Institute

• The Computer Security Institute (CSI) is a professional membership organization serving practitioners of information, network, and computer-enabled physical security, from the level of system administrator to the chief information security officer.

• It was founded in 1974.

• CSI is perhaps best known for the annual CSI/FBI Computer Crime and Security Survey, conducted by CSI with the collaboration of the San Francisco Federal Bureau of Investigation's Computer Intrusion Squad and researchers from the University of Maryland.


CSI Computer Security Survey

• Once a year CSI compiles a statistics about computer crime and security

• It runs for 15 years now

• CSI has asked its community how they were affected by network and computer crime in the prior year and what steps they’ve taken to secure their organizations

• In 2010/2011 survey, 351 high level security professionals responded

• The survey contains a number of questions about the costs of computer crime and the budgeting and financial management of information security risk


Respondents 2010/2011

• 10.6% financial sector

• 21.5% consulting

• 10.9% information technology

• 7.4% federal government of US

• 8.9% education

• 6.6% health services

• 3.2% local government

• 6.0% manufacturing

• 3.2% retail

• 21.8% others


Budgeting issues


Key findings (1)

• The most expensive computer security incidents were those involving financial fraud with an average reported cost of close to $500,000

• The second-most expensive, on average, was dealing with “bot” computers within the organization’s network, reported to cost an average of nearly $350,000

• Virus incidents occurred most frequently occurring at almost half (49 percent) of the respondents’ organizations

• Insider abuse of networks was second-most frequently occurring, at 44 percent, followed by theft of laptops and other mobile devices (42 percent)


Key findings (2)

• Almost one in ten organizations reported they’d had a Domain Name System incident

• Twenty-seven percent of those responding to a question regarding “targeted attacks said they had detected at least one such attack”

• The vast majority of respondents said their organizations either had (68 percent) or were developing (18 percent) a formal information security policy

• Only 1 percent said they had no security policy


Percentage of key types of incidents


Key incidences over the last six years


Technologies used for security


Techniques used to evaluate security


Awareness training metrics


Actions taken after an incident


Reasons for not reporting*

*Average response on a scale from 1 (no importance) to 7 (great importance)


Average loss per respondent


Summary

• The CSI survey is a good source of information

• It can be used to identify trends

• It is published annually

• However, its findings are only as good as the responses from the community!

Isys20261 lecture 04

Documents

Transcript of Isys20261 lecture 04