Scribd Logo
Upload

Welcome to Scribd!

  • Group 3

    Uploaded by

    Philip Gommesen
    31 views14 pages
    Presentation on computer security incidents.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Presentation on computer security incidents.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views14 pages

    Group 3

    Uploaded by

    Philip Gommesen
    Presentation on computer security incidents.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Project 6:Information Security and Ethics Group 3

    Andrew Garlisch Nicholas French Philip Gommesen Giovanni Guida

    Summary
    Real Threat Figure 10: Computer Crime and Security Breaches
    Which workers have knowledge of them

    Figure 11: Experienced Security Incidents


    How many incidents did those that experienced breaches experience

    Figure 12: Percentage of Losses Due to Insiders


    How much damage is caused by those who work for the company

    Computer Crime and Security Breaches

    Computer Crime and Security Breaches Cont.


    Are there many incidents of security breaches through the company internet system? In 2007 the yes:no ratio was 46%:45% with 10% claiming not to know In 2008 the y:n ratio was 43%:44% with 13% claiming not to know

    Computer Crime and Security Breaches Cont.


    The most telling factor is the 2 percent increase in people saying they had no idea if there were or were not any security breaches This 2 percent increase may be due to more controlled channels and companies wish to keep them private.

    Experienced Security Incidents

    Experienced Security Incidents Cont.


    1-5 Incidents
    High of 48% in 2006, Low of 41% in 2007 Largest group with low variation

    6-10 Incidents
    High of 20% in 2004, Low of 12% in 2007 About 15% consistently had 6-10 security incidents

    Experienced Security Incidents Cont.


    >10 Incidents
    High of 26% in 2007, Low of 9% in 2005 and 2006 Spike in 2007 but typically low.

    Unknown Number of Incidents


    High of 26% in 2005 and 2006, Low of 22% in 2004 Consistently a quarter of respondents dont know how many incidents they experienced.

    Percentage of Losses Due to Insiders

    Percentage of Losses Due to Insiders Cont.


    43.4% of respondents stated that less then 1% of security budget was put towards awareness training. Non-malicious insiders are the greater threat. 16.1% of respondents estimated almost all losses were due to non-malicious insiders in 2009.

    Conclusion
    Figure 10
    Less workers seem to be aware of security breaches

    Figure 11
    General decreasing in the medium level of attacks, but an increase in attacks of >10

    Figure 12
    Non-malicious insiders, those who do not mean to cause any harm, are the ones that are being blamed for almost all of the losses 16.1% of the time

    Recommendations
    There is not adequate programs in place to educate workers
    Inform Employees when attacks have taken place, so that they may be aware of anything that may effect them
    i.e. Changing passwords, backing up files, limiting their exposure to the network, etc.

    Let employees know what they can do to help the company reduce losses

    Questions?

    Sources
    Richardson, R., (2008). 2008 CSI Computer Crime & Security Survey. Computer Security Institute. Retrieved on April 2, 2010 from http://www.cse.msstate.edu/~cse6243/readin gs/CSIsurvey2008.pdf Richardson, R., (2009). 14th Annual CSI Computer Crime & Security Survey Executive Summary. Computer Security Institute.

    You might also like