5 Dec 2006
People perceive information security to be a complicated and expensive process. Likewise, they believe that the evil doers are technological geniuses or trained intelligence operatives, who can get through even the most sophisticated security measures.
The reality is that security is much easier to achieve than other people believe. Despite the fact that we have many analogies from other disciplines that demonstrate that effective risk management is achievable, people want to treat computers and information like they are special.
Ira shows that by taking a simple philosophy with information protection, everyone can comprehend the threat, and learn how to adequately protect information.
Chapters: 00:00:00 introduction; 00:01:52 penetration tests; 00:14:02 presentation start; 00:22:02 security; 00:34:20 security attacks are preventable; 00:38:02 what is security?; 00:43:49 information resource management; 00:59:30 Q&A
Outline: Breaking into organisations: spies and operatives / blackbag. espionage simulations / penetration tests in commercial world. ‘People don’t even know what they don’t know about security’ / art vs science: talking to hackers who get a ‘feel’ for computers / morris worm / two ways to hack into a computer: (1) take advantage of configuration problems (2) take advantage of problems built into the software / passwords / managing risk. Risk = ( ( threat + vulnerability) / countermeasures ) + value. Optimisation of risk / ‘when you don’t understand your enemy, they seem like geniuses’. Q1: What should be done by software developers / government legislators / internet engineers? Q2: is a solution possible? Q3: creating security stategies is easier than making people follow boring security processes; Q4: maximising hacktivism; Q5: raising the barrier for entry-level hackers