SlideShare une entreprise Scribd logo

Cybersecurity 3 cybersecurity costs and causes

Télécharger en tant que PPTX, PDF
S
sommerville-videos

Discusses the costs to society of cybersecurity issues and why there are technical, human and organisational causes of cybersecurity vulnerabilities

Technologie
1  sur  28
Introduction to cybersecurity, 2013 Slide 1 Cybersecurity: costs and causes
Introduction to cybersecurity, 2013 Slide 2 The cybersecurity problem • How big a problem is cybersecurity for individuals, businesses and nations? • Why is it difficult to make networked systems secure?
Introduction to cybersecurity, 2013 Slide 3 The scale of the problem • It’s a big problem • How big ? We really do not know • Many surveys on cyber-security related losses but very wide variations and different methodologies
Introduction to cybersecurity, 2013 Slide 4 Individuals • Cyber fraud • Identity theft • Cyber bullying and cyber stalking
Introduction to cybersecurity, 2013 Slide 5 © The Guardian 2013
Introduction to cybersecurity, 2013 Slide 6
Introduction to cybersecurity, 2013 Slide 7 Businesses • Differing estimates: – The extent of losses depends on how these losses are measured and what data is collected • Industry reluctant to release figures but when they do, they tend to overvalue assets
Introduction to cybersecurity, 2013 Slide 8 © The Scotsman 2013 © deadline.co.uk 2012
Introduction to cybersecurity, 2013 Slide 9 © The IET 2013
Introduction to cybersecurity, 2013 Slide 10 Nations • Cyberattacks on critical infrastructures are seen as a critical economic risk by all countries • Significant resources now being devoted to cyberdefence
Introduction to cybersecurity, 2013 Slide 11 © Wall Street Journal, 2013
Introduction to cybersecurity, 2013 Slide 12© World Affairs Journal 2013
Introduction to cybersecurity, 2013 Slide 13 • Why has cybersecurity become such a major problem – Scale and ubiquity of the internet – Lower level of physical risk to criminals – Fundamental business and technical reasons for insecurity
Introduction to cybersecurity, 2013 Slide 14 Business reasons • Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security
Introduction to cybersecurity, 2013 Slide 15 • Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. • Accepting the cost of losses through cyber fraud may be a cost-effective strategy
Introduction to cybersecurity, 2013 Slide 16 Internet vulnerabilities • The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other • The information maintained on their computers was non-commercial and not thought to be of interest to others
Introduction to cybersecurity, 2013 Slide 17 • Consequently, security was not a factor in the design of internet protocols, practices and equipment. • Security slows things down so efficiency was prioritized
Introduction to cybersecurity, 2013 Slide 18 • These protocols made it easy for the Internet to be universally adopted in the 1990s • However, the problems can only be properly addressed by a complete redesign of Internet protocols, which is probably commercially impractical.
Introduction to cybersecurity, 2013 Slide 19 Internet vulnerabilities • Unencypted traffic by default • Packets can be intercepted and the contents read by anyone who intercepts these packets
Introduction to cybersecurity, 2013 Slide 20 Internet vulnerabilities • DNS system – Possible to divert traffic from legitimate to malicious addresses – Easy to hide where traffic has come from • Domain name servers vulnerable to DoS attacks
Introduction to cybersecurity, 2013 Slide 21 Internet vulnerabilities • Mail protocol – No charging mechanism for mail – Hence spam is possible
Introduction to cybersecurity, 2013 Slide 22 Technology is not the only problem • Internet vulnerabilities make possible some kinds of cyber-attack but it is important to remember that cybersecurity is a socio-technical systems problem • Problems almost always stem from a mix of technical, human and
Introduction to cybersecurity, 2013 Slide 23 Risk classification • Risks due to actions of people • Risks due to hardware or software • Risks due to organisational processes
Introduction to cybersecurity, 2013 Slide 24 Actions of people • Deliberate or accidental exposure of legitimate credentials to attackers • Failure to maintain secure personal computers and devices
Introduction to cybersecurity, 2013 Slide 25 • Insider corruption or theft of data • Preference for convenience and usability over security – Weak passwords set because they are easy to remember and quick to type
Introduction to cybersecurity, 2013 Slide 26 Hardware and software • Misconfigured firewalls and mail filters • Programming errors and omissions in software lead to malicious penetration – Buffer overflow attacks – SQL poisoning attacks
Introduction to cybersecurity, 2013 Slide 27 Organisational processes • No established process and checks for updating and patching software • Lack of security auditing • Lack of systematic backup processes
Introduction to cybersecurity, 2013 Slide 28 Summary • Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult. – The Internet was not designed as a secure network and making it secure is practically impossible – To make systems useable, people take actions that introduce vulnerabilities into sociotechnical systems.

Recommandé

System safety
System safetySystem safety
System safetysommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resiliencesommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems introsommerville-videos
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology securityLegal Services National Technology Assistance Project (LSNTAP)
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 

Recommandé

System safety
System safetySystem safety
System safetysommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resiliencesommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems introsommerville-videos
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology securityLegal Services National Technology Assistance Project (LSNTAP)
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber securityavinashkumar1912
 
Security and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariSecurity and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariArber Hoxhallari
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015ObserveIT
 
SGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecuritySGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecurityAndy Bochman
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information SystemDaryl Conson
 
Im 111 lecture 1
Im 111 lecture 1Im 111 lecture 1
Im 111 lecture 1ITNet
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
CYBER SECURITY audit course report
CYBER SECURITY audit course reportCYBER SECURITY audit course report
CYBER SECURITY audit course reportPDEA's college of engineering, Pune
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technologyparamalways
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small BusinessesWilkins Consulting, LLC
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Ch02 mis-ctrl-appl
Ch02 mis-ctrl-applCh02 mis-ctrl-appl
Ch02 mis-ctrl-applSR NAIDU
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasSundas Kayani
 
Flaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid ThemFlaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid ThemNetIQ
 
PACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and TrainingPACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and TrainingPace IT at Edmonds Community College
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationJoe Hessmiller
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breachsommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 

Contenu connexe

Tendances

information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber securityavinashkumar1912
 
Security and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariSecurity and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariArber Hoxhallari
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015ObserveIT
 
SGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecuritySGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecurityAndy Bochman
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information SystemDaryl Conson
 
Im 111 lecture 1
Im 111 lecture 1Im 111 lecture 1
Im 111 lecture 1ITNet
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technologyparamalways
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small BusinessesWilkins Consulting, LLC
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Ch02 mis-ctrl-appl
Ch02 mis-ctrl-applCh02 mis-ctrl-appl
Ch02 mis-ctrl-applSR NAIDU
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasSundas Kayani
 
Flaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid ThemFlaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid ThemNetIQ
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationJoe Hessmiller
 

Tendances (18)

information security technology
information security technologyinformation security technology
information security technology
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
 
Security and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariSecurity and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber Hoxhallari
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015
 
SGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecuritySGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems Security
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information System
 
Im 111 lecture 1
Im 111 lecture 1Im 111 lecture 1
Im 111 lecture 1
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
 
CYBER SECURITY audit course report
CYBER SECURITY audit course reportCYBER SECURITY audit course report
CYBER SECURITY audit course report
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technology
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Ch02 mis-ctrl-appl
Ch02 mis-ctrl-applCh02 mis-ctrl-appl
Ch02 mis-ctrl-appl
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
 
Flaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid ThemFlaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid Them
 
PACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and TrainingPACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and Training
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organization
 

En vedette

Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systemssommerville-videos
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructuresommerville-videos
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecuritysommerville-videos
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classificationsommerville-videos
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processessommerville-videos
 

En vedette (20)

Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breach
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependability
 
Infrastructure control
Infrastructure controlInfrastructure control
Infrastructure control
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructure
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
System success and failure
System success and failureSystem success and failure
System success and failure
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Scada security
Scada securityScada security
Scada security
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
System dependability
System dependabilitySystem dependability
System dependability
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
 

Similaire à Cybersecurity 3 cybersecurity costs and causes

CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
Keeping security relevant amid digital transformation
Keeping security relevant amid digital transformationKeeping security relevant amid digital transformation
Keeping security relevant amid digital transformationSymptai Consulting Limited
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big dataPeter Wood
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksThis account is closed
 
Pros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current WorldPros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current WorldJetking Chandigarh
 
Overcoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart citiesOvercoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart citiesSaeed Al Dhaheri
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxMalu704065
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 PresentationAmy McMullin
 
Preventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero TrustPreventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero TrustSara Goodison
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionDale Butler
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computingijtsrd
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Ontario Cloud SIG
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar PresentationCertrec
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksIRJET Journal
 

Similaire à Cybersecurity 3 cybersecurity costs and causes (20)

CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
Keeping security relevant amid digital transformation
Keeping security relevant amid digital transformationKeeping security relevant amid digital transformation
Keeping security relevant amid digital transformation
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Pros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current WorldPros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current World
 
Overcoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart citiesOvercoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart cities
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
 
Preventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero TrustPreventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero Trust
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibition
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computing
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar Presentation
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
 

Plus de sommerville-videos

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systemssommerville-videos
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems scriptsommerville-videos
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systemssommerville-videos
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processessommerville-videos
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activitiessommerville-videos
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineeringsommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernssommerville-videos
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challengessommerville-videos
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 

Plus de sommerville-videos (16)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
 
System security
System securitySystem security
System security
 

Dernier

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 

Dernier (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 

Cybersecurity 3 cybersecurity costs and causes

  • 1. Introduction to cybersecurity, 2013 Slide 1 Cybersecurity: costs and causes
  • 2. Introduction to cybersecurity, 2013 Slide 2 The cybersecurity problem • How big a problem is cybersecurity for individuals, businesses and nations? • Why is it difficult to make networked systems secure?
  • 3. Introduction to cybersecurity, 2013 Slide 3 The scale of the problem • It’s a big problem • How big ? We really do not know • Many surveys on cyber-security related losses but very wide variations and different methodologies
  • 4. Introduction to cybersecurity, 2013 Slide 4 Individuals • Cyber fraud • Identity theft • Cyber bullying and cyber stalking
  • 5. Introduction to cybersecurity, 2013 Slide 5 © The Guardian 2013
  • 7. Introduction to cybersecurity, 2013 Slide 7 Businesses • Differing estimates: – The extent of losses depends on how these losses are measured and what data is collected • Industry reluctant to release figures but when they do, they tend to overvalue assets
  • 8. Introduction to cybersecurity, 2013 Slide 8 © The Scotsman 2013 © deadline.co.uk 2012
  • 9. Introduction to cybersecurity, 2013 Slide 9 © The IET 2013
  • 10. Introduction to cybersecurity, 2013 Slide 10 Nations • Cyberattacks on critical infrastructures are seen as a critical economic risk by all countries • Significant resources now being devoted to cyberdefence
  • 11. Introduction to cybersecurity, 2013 Slide 11 © Wall Street Journal, 2013
  • 12. Introduction to cybersecurity, 2013 Slide 12© World Affairs Journal 2013
  • 13. Introduction to cybersecurity, 2013 Slide 13 • Why has cybersecurity become such a major problem – Scale and ubiquity of the internet – Lower level of physical risk to criminals – Fundamental business and technical reasons for insecurity
  • 14. Introduction to cybersecurity, 2013 Slide 14 Business reasons • Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security
  • 15. Introduction to cybersecurity, 2013 Slide 15 • Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. • Accepting the cost of losses through cyber fraud may be a cost-effective strategy
  • 16. Introduction to cybersecurity, 2013 Slide 16 Internet vulnerabilities • The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other • The information maintained on their computers was non-commercial and not thought to be of interest to others
  • 17. Introduction to cybersecurity, 2013 Slide 17 • Consequently, security was not a factor in the design of internet protocols, practices and equipment. • Security slows things down so efficiency was prioritized
  • 18. Introduction to cybersecurity, 2013 Slide 18 • These protocols made it easy for the Internet to be universally adopted in the 1990s • However, the problems can only be properly addressed by a complete redesign of Internet protocols, which is probably commercially impractical.
  • 19. Introduction to cybersecurity, 2013 Slide 19 Internet vulnerabilities • Unencypted traffic by default • Packets can be intercepted and the contents read by anyone who intercepts these packets
  • 20. Introduction to cybersecurity, 2013 Slide 20 Internet vulnerabilities • DNS system – Possible to divert traffic from legitimate to malicious addresses – Easy to hide where traffic has come from • Domain name servers vulnerable to DoS attacks
  • 21. Introduction to cybersecurity, 2013 Slide 21 Internet vulnerabilities • Mail protocol – No charging mechanism for mail – Hence spam is possible
  • 22. Introduction to cybersecurity, 2013 Slide 22 Technology is not the only problem • Internet vulnerabilities make possible some kinds of cyber-attack but it is important to remember that cybersecurity is a socio-technical systems problem • Problems almost always stem from a mix of technical, human and
  • 23. Introduction to cybersecurity, 2013 Slide 23 Risk classification • Risks due to actions of people • Risks due to hardware or software • Risks due to organisational processes
  • 24. Introduction to cybersecurity, 2013 Slide 24 Actions of people • Deliberate or accidental exposure of legitimate credentials to attackers • Failure to maintain secure personal computers and devices
  • 25. Introduction to cybersecurity, 2013 Slide 25 • Insider corruption or theft of data • Preference for convenience and usability over security – Weak passwords set because they are easy to remember and quick to type
  • 26. Introduction to cybersecurity, 2013 Slide 26 Hardware and software • Misconfigured firewalls and mail filters • Programming errors and omissions in software lead to malicious penetration – Buffer overflow attacks – SQL poisoning attacks
  • 27. Introduction to cybersecurity, 2013 Slide 27 Organisational processes • No established process and checks for updating and patching software • Lack of security auditing • Lack of systematic backup processes
  • 28. Introduction to cybersecurity, 2013 Slide 28 Summary • Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult. – The Internet was not designed as a secure network and making it secure is practically impossible – To make systems useable, people take actions that introduce vulnerabilities into sociotechnical systems.