06-02-2012, 02:55 PM
INTERNET SECURITY
[attachment=17192]
Internet Security as Part of the Overall Security Plan:
Computer security attacks cost as much as $10 billion a year. An attack can damage data integrity, confidentiality or availability. Organizations must understand the potential costs: How would incorrect data affect decision making? What will happen if confidential information is made public? What is the cost (in lost time and credibility) of interrupted service? To understand threats, organizations should ask themselves: Does the information have a dollar value? While more security equals more cost, the cost is slight compared to a single breakdown of services.
Risk Assessment: The Foundation for Security Planning
Internet risk assessment must address a myriad of specific Internet threats. By running a "risk assessment workshop" an organization can determine security needs and develop a security strategy that covers both personnel and technology issues.
The risks of the Internet reflect its size: 50 million users, 30 thousand networks, 10+ million computers, 137 countries. As capacity, connectivity and mobility increase, so does risk. Prominent sites are probed daily. Banks may get 50 or more probes a day. Successful attacks are automated and posted to electronic bulletin boards; attack methodologies quickly spread.
Securing the Server and LAN
Based on an understanding of Internet risks, an organization can implement any of a number of security architectures. These can incorporate router controls, firewalls, authentication and encryption, and a number of other technologies. An organization should secure both its LAN and its Internet server.
Computer security threats continue to increase. CERT reports a 77% increase in break-ins between 1995 and 1996. Electronic crimes are particularly costly, with a price tag of $650,000 (compared to $9,000 for the average bank robbery). Part of the problem is that break-ins often go undetected. One study used common hacker tools to break into Department of Defense systems. 88% of break-ins succeeded. Only 4% were detected.
[attachment=17192]
Internet Security as Part of the Overall Security Plan:
Computer security attacks cost as much as $10 billion a year. An attack can damage data integrity, confidentiality or availability. Organizations must understand the potential costs: How would incorrect data affect decision making? What will happen if confidential information is made public? What is the cost (in lost time and credibility) of interrupted service? To understand threats, organizations should ask themselves: Does the information have a dollar value? While more security equals more cost, the cost is slight compared to a single breakdown of services.
Risk Assessment: The Foundation for Security Planning
Internet risk assessment must address a myriad of specific Internet threats. By running a "risk assessment workshop" an organization can determine security needs and develop a security strategy that covers both personnel and technology issues.
The risks of the Internet reflect its size: 50 million users, 30 thousand networks, 10+ million computers, 137 countries. As capacity, connectivity and mobility increase, so does risk. Prominent sites are probed daily. Banks may get 50 or more probes a day. Successful attacks are automated and posted to electronic bulletin boards; attack methodologies quickly spread.
Securing the Server and LAN
Based on an understanding of Internet risks, an organization can implement any of a number of security architectures. These can incorporate router controls, firewalls, authentication and encryption, and a number of other technologies. An organization should secure both its LAN and its Internet server.
Computer security threats continue to increase. CERT reports a 77% increase in break-ins between 1995 and 1996. Electronic crimes are particularly costly, with a price tag of $650,000 (compared to $9,000 for the average bank robbery). Part of the problem is that break-ins often go undetected. One study used common hacker tools to break into Department of Defense systems. 88% of break-ins succeeded. Only 4% were detected.
