Download Information Security in Real Business

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts

Information security wikipedia , lookup

Theoretical computer science wikipedia , lookup

Trusted Computing wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
Information Security in Real
Business
Yuri & The Cheeseheads
Review of the problem statement and
existing work

Assessing and managing third party vendor
security requirements and practices for
outsourced services

Existing solution




Established Vendor Review Process
Technical Infrastructure Evaluation
Scheduled Reviews & Onsite Visits
Contractual Obligations
Review of the problem statement and
existing work
Source: Forrester Research, and Infosys Analysis
Real World Problem – VCNA

E-Commerce Portal





Technical Literature
Integration with Production Lines – VINs
Help System
Payment Processing
VIDA Software Downloads and Configurations
Real World Problem – VCNA Cont…

Security Concerns





Personally Identifiable Information
Complete VIN List
Credit Card Processing
Trade Secrets – Software Configurations
Governing Bodies



EPA/CARB
PCI
Ford Motor Company
Technical Solution
Personally Identifiable Information





Entire site is encrypted using SSL
Passwords are encrypted in database
Customer is segregated on individual VLAN
Backups are encrypted and shipped off-site
Complete VIN List



Encrypted
Secure Transmission to Locksmiths
Credit Card Processing


Industry Standard Encryption
Technical Solution Cont…
Trade Secrets – Software Configurations

Software Subscriptions

Secure Login from Public Internet



All information is passed via https
Passwords are encrypted in database
Configured in Sweden per Order




Software is placed in shopping cart
Order is passed to Volvo (Sweden) over a VPN
connection
Configured Software Request is Sent Back via VPN
Technical Solution Cont…
Trade Secrets – Software Configurations

Sold Via E-Commerce Application

Software is Purchased using Credit Card



Transmitted to Ford Network

Software Request is sent to Ford





SSL Encryption
Verisign Integration
Uses VPN connection with Limited IP and Port Number
Request is Dropped into Message Queue
Configured Software is Downloaded from Ford
Installed on Cars for Diagnostic Testing
Network Diagram
Business, Risk, and Cost Considerations

Benefits of outsourcing services/data

Cost savings



Consistency of quality
Expansion of business line


Economies of scale
E-Commerce site
Risks

Data security

Costs of a data breach – Survey conducted by Ponemon Inst.



$197 per company record
Average total $6.3 million per breach
Ranged from $225K to $35M
Feasibility

The outsourcing vendor has the same incentive to
secure the data

Breach of their customers’ data will be just as damaging to
them as to the customer



Loss of revenue
Loss of reputation
Costs of securing data is low compared to the cost
of breach

1 year of SSL Validity – VeriSign.com

$400 - $1600 per server


Varies based on trust level, security level, encryption strength
Increase in competition will require vendors to
provide adequate security levels
Legal Considerations

Legal Compliance



SOX
EPA/CARB
PCI
Conclusion

As long as we need to outsource data, we
need to continue to balance security with
usability and ensure that our vendors have
the proper level of security in place for the
data they have
Q&A
Related documents
Name : Ahmed AL_Balawi ID: 200600112
Name : Ahmed AL_Balawi ID: 200600112
Abstract - Compassion Software Solutions
Abstract - Compassion Software Solutions
The Internet, the Web, and E
The Internet, the Web, and E
Mullvad Barnprogram
Mullvad Barnprogram
MCS 022 Term-End Examination June, 2014
MCS 022 Term-End Examination June, 2014
Marketing Is All Around Us - Becky White Lehi High School
Marketing Is All Around Us - Becky White Lehi High School
Chapter 1.1 Marketing is All Around Us
Chapter 1.1 Marketing is All Around Us
E-Commerce: Technology and Business Development
E-Commerce: Technology and Business Development
Mikrotik VPN Technology
Mikrotik VPN Technology
BUS 352 Week 4 Discussion 2 (Security components)
BUS 352 Week 4 Discussion 2 (Security components)
Quiz 2 Study Guide 1. Which of the following is not a basic building
Quiz 2 Study Guide 1. Which of the following is not a basic building
File
File