1 / 15

ICT Vulnerabilities

ICT Vulnerabilities. Vulnerabilities. Whatever its cause , critical service disruption shall only occur infrequently impact only a small area have a short duration have only limited impact be a continuously managed & controlled process. Vulnerabilities.

lucie
Télécharger la présentation

ICT Vulnerabilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ICT Vulnerabilities

  2. Vulnerabilities • Whatever its cause,critical service disruption shall • only occur infrequently • impact only a small area • have a short duration • have only limited impact • be a continuously managed & controlled process Prof. Dr. Bernhard M. Hämmerli

  3. Vulnerabilities • Something is vulnerable, ifit can be exploited by a threat • A vulnerability is a “place” that is especially prone to threats • where damage can easily occur / has serious consequences • easily “accessed” / difficult to protect • from where damage can spread • understand threats, and that threats can hook in vulnerabilities only • understand vulnerabilities, and not well mitigated threats • understand human intent, and its deliberated risk Prof. Dr. Bernhard M. Hämmerli

  4. Vulnerabilities an Risks Risk = Probability x Damage [$] I for each vulnerability Prof. Dr. Bernhard M. Hämmerli

  5. ICT is a Local and a Global Issue Prof. Dr. Bernhard M. Hämmerli

  6. Betondecke Fiberkabelca. 250 Verbindungen Example 1: 150 Fiber connections are cut! Angle Grinder, August 2005, Switzerland Prof. Dr. Bernhard M. Hämmerli

  7. 89‘000 POS-Terminals bei Kaufhäusern, Supermärkten, Tankstellen, etc. Bancomat kontoführende Banken POS Tankautomat 5400 Geldausgabe-Geräte bei Finanzinstituten Dependency and Vulnerability Prof. Dr. Bernhard M. Hämmerli

  8. Day before Christmas 2000300 Billion SFr. per diem Prof. Dr. Bernhard M. Hämmerli

  9. Kennzahlen 2005- 321 Teilnehmer - 800‘000 Tx / Tag - 300 Mia. CHF / Spitzentag Schweizerische Nationalbank SNB Service Büro Banken remoteGate CLS Interbank- Produkte Börse Schweiz SWX SIS Sega Intersettle Banken Postfinance Continuous Linked Settlement Impact of ICT Vulnerabilities on Banks Prof. Dr. Bernhard M. Hämmerli

  10. European CIIP R&D by Sector Prof. Dr. Bernhard M. Hämmerli

  11. Expenses for Countermeasures Expenses for IT Security III: Dollar Amount of Losses by Type Prof. Dr. Bernhard M. Hämmerli

  12. Reported Incidents Vulnerability Types vs. Year • Intranet incidents are as well a topic of InfoSec • Viruses and malware are on place 2 • Mobile incidents grow rapidly • Generally all incidents are decreasing. Cause is unclear. Might be it is good prevention. Prof. Dr. Bernhard M. Hämmerli

  13. Some Facts about dealing with ICT Vulnerability • Computer Zeitung (D): In 2010 will 90% of US corporation have IT security outsourced. • The incidents decrease, the complexity and the damage increase. • The complexity of IT security is far beyond the capabilities of SME’s. The tendency for future will enlarge this gap. From DoD US study: The complexity of attacks will relevantly increase. • Modern malware distributes itself within few minutes over the whole world. Which enterprise can build a service with an adequate reaction time ever day day and night? (Alternative scenario: Business Continuity Planning BCP) • Actual Trend: More and more intranet user are involved in attacks. Intranet monitoring must absolutely be an additional topic to the existing perimeter security. • With outstanding IT security corporations do not have Information security. Trend: holistic security. Common security management for all threats. • The facts can be downloaded from: http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2004.pdf Prof. Dr. Bernhard M. Hämmerli

  14. Preparing for Incidents Prof. Dr. Bernhard M. Hämmerli

  15. Questions Prof. Dr. Bernhard M. Hämmerli

More Related