About  |  Contact Us  |  Register for Benefits  |  Login  |  View/Edit Your Profile  |  Consulting  |  Principal & Founder  |  Sponsorships  |  Legal & Privacy

  Home      Blog      Job Board      Community      Contribute      Vendor Listings      Search Site
  Employment  |  More With Less  |  Potpourri  |  Records  |  Reporting  |  Research  |  Revenue  |  Samples  | Systems  |  Web Sightings
 
  Security. Systems
Security Home | Problems and Risk Assessment | Sources of Attacks | Stopping Attacks | Summary
SecuritySources of Attacks

Most of this data comes from the most recent CSI/FBI Computer Crime and Security Survey which is available for free from the Computer Security Institute web site.

Over half of organizations surveyed typically have unauthorized use of their computer systems within the last year. There are some statistics that because of the environment they reside in, that university computing systems, are sometimes attacked within an hour of being installed.

Internet connections are increasingly cited as the principle source of attacks, although attacks from internal systems are also high.

What type of attacks and breaches are typical:
  • Independent hackers.
  • Disgruntled employees.
  • Foreign governments.
  • Foreign corporations.
  • U.S. competitors.
  • Laptop and other computer thefts.
  • Active wiretaps.
  • Telecom fraud.
  • Denial of service attacks.
  • Unauthorized access from inside employees.
  • Insider abuse of network access.
  • Financial fraud.
  • Virus attacks.
  • System penetration.
  • Telecom eavesdropping.
  • Sabotage.
  • Theft of proprietary information.
  • Attacks on web sites.
  • Mistakes such as inadvertently deleting data.
  • Outdated information being used for business processes such as mailings.
  • Very high percentages of breaches are caused by software being installed and configured incorrectly. The default installation parameters <> the default security requirements.

According to the FBI, the of sources of attacks are split fairly evenly between internal employees and independent hackers.

These attacks typically involve the theft of proprietary data and those that cause system downtimes such as virus and denial of service type attacks. Nationally, costs run into millions of dollars in downtime, lost information, loss of proprietary information, loss of competitive advantage and other costs.

It is also somewhat ironic, that most organization are typically not even aware that attacks or system intrusion have occurred. However, when they did know, they patched the holes. Most organizations do not report these intrusions or attacks to law enforcement or their legal counsel. They were concerned with negative publicity, felt that competitors might use the information to advantage, were unaware that they could report these incidents or felt that civil remedy would be the best.

Some key elements of security are related to privacy, reliability and business integrity and attacks can cause disruptions in any and all of these areas.

Security also needs to be done by design and by default when you deploy systems and also communicated to employees when new systems or business processes are introduced or updated.

Security, data, and information technology issues need to be an integral part of employee accountability and should be  incorporated into human resource management practices starting with new employee orientations, to defining jobs and job descriptions and included as an item in performance reviews.

Security:
   Supportingadvancement.com
Computer Security InstituteSecurity
 
Supportingadvancement.com FIRST - Forum of Incident Response and Security Teams
 
Supportingadvancement.com Industry Canada - Online Security and Privacy Guide
 
Supportingadvancement.com Microsoft - Baseline Security Analysis Tool, newsletters and other tools. Free seminars.
 
Supportingadvancement.com National Cyber Security Partnership - Public private partnership to make cyberspace more secure.
 
Supportingadvancement.com PC Magazine Utilities - A number of free tools such as spyware detectors.
 
Supportingadvancement.com Software Engineering Institute - Papers
 
Supportingadvancement.com Threats and Countermeasures - From Microsoft. A free 900+ page document on improving web security.

Sites with privacy legislation, policies and procedures:
   Supportingadvancement.com AFP Toronto ChapterSecurity
 
Supportingadvancement.com AFP Canadian Public Policy on Privacy
 
Supportingadvancement.com Australian Government Privacy Office
 
Supportingadvancement.com CASE - Foundation Independence and Donor Privacy
 
Supportingadvancement.com Canadian Department of Justice Policy on Access to Information and Privacy
  Supportingadvancement.com Direct Marketing Association. Privacy policy generator.
 
Supportingadvancement.com Information and Privacy Commissioner of Ontario (IPC) Web site
 
Supportingadvancement.com Ontario's Consultation on Privacy Protection
 
Supportingadvancement.com Privacy Commissioner of British Columbia
 
Supportingadvancement.com Privacy Commissioner of Canada
 
Supportingadvancement.com PrivacyInfo.ca
 
Supportingadvancement.com Privacy is Your Business from CIO
 
Supportingadvancement.com Privacy Rights Clearinghouse

On this site:
 
Data Backup and Recovery Strategies
 
Democracy and Responsibility. Additional security considerations given break-ins and compromises of higher ed data.
 
Employment Pages. Confidentiality agreements.
 
Privacy Architecture
 
Privacy Audit Questionnaire
 
Privacy Policy Statement
 
Privacy Principles
 
Privacy Recommendations
 
Releasing Alumni Information
 
Security Survey
 
Shadow Databases

 
  ↑  Top of Page  |  Samples Page  |  Sample Forms  |  Favorite Reports  |  Frequently Asked Questions  |  Glossary of Terms