IT Security technologies, Cybercrime
In the recent years, the information and privacy risk landscape has changed dramatically. To cope with the increased risk exposure and to satisfy stakeholders’ growing demand for more secure operations, organizations have to apply proper risk management frameworks. Supporting this initiative, governments and regulatory bodies have increased their activities in creating baseline requirements on information security and privacy.
The presentation starts with a quick overview on information security and risk management. Afterwards standards and statutory requirement are explained in details, giving a thorough background on the basics of external compliance requirements. The presentation focuses on and puts in context the most popular and powerful regulation pieces such as ISO/IEC 27000 family of standards, COBIT, Data Protection and The Privacy and Electronic Communications Directives.
Subsequently the EU legislation hierarchy is explained and the most significant European regulations are introduced such as EuroSoX, Directives on Data Protection and Convention on Cybercrime.The presentation links the EU regulations with its national counterparts, showing how higher level requirements are mapped to local regulation pieces.
Finally the presenter gives his professional opinion on the way how EU regulations have been implemented and are enforced in Hungary.The practice of Information Security is a complicated issue. Regulating and taking action to provide protection for the most sensitive data needs balance. Over regulation puts too much pressure on operation while it makes extremely difficult to realize security effective in real life. Second part of the presentation tries to dive into the mist of information technology related security problems. Addresses present and upcoming threats that make impossible to build an impenetrable and 100% hacker proof system. Using historical examples and chronicles of recent incidents the presenters identifies key vulnerability problems of even the biggest IT systems. Categorizing different malwares, viruses, WLAN attacks and other cybercrime themes the presentation shows ongoing evolution of threats today while tries to find the best ways to understand how these attacks work.
Drawing a picture of how IT Secuirty works within the border of an organization helps us realize the most important factors of how security works. A table of typical confrontation areas between CIOs, CSOs and CDOs shows what to avoid. Scale of insourced IT Security divison's groth enlightens the path to find right balance between building up a huge IT security division and assigning security tasks to a "lone ranger" and making security a one man show from the responsibility point of view.
Next comes a complete list of IT Security technologies with explanations and the deeper technical and theoretical details of data protection in general.
Last slides provide information on how much money one should spend on IT Security technologies and procedures.