4. Real World Stats (module 4) IT professionals in countries other than the U.S. were slightly more cautious in their own vulnerability assessments. 13% in Europe 16% in China 24% in India say their organizations are more vulnerable to security dangers than a year ago.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14. Real World Scenario A hospital’s Web site was compromised because a Web developer made a programming error. Sensitive patient records were taken. When the criminals proved they had the data, the hospital had to choose between paying extortion or allowing their patients health records to be spread all over the Internet. What do you do? (module 4)
Before you begin : This course explains the new security features in Microsoft Office Word 2007, Microsoft Office Excel ® 2007, Microsoft Office PowerPoint ® 2007, Microsoft Office Access 2007, Microsoft Office Publisher 2007, Microsoft Office Visio ® 2007, and Microsoft Office InfoPath ® 2007. Also included are some tips for Microsoft Office Outlook ® 2007 and more general information about computer security. [ Note to trainer : For detailed help in customizing this template, see the very last slide. Also, look for additional lesson text in the notes pane of some slides.]
Slide customization recommendations : N/A. Slide objective : To emphasize that instituting security in your company is not discretionary; it is essential for sustaining your company, and ensuring the protection of all personnel. Use this slide to help your end-user audiences to understand the consequences associated with the vast number of security threats facing your organization. Instructor notes : The consequences While you will be addressing several of the prevalent threats in detail later in the presentation, it is recommended that you discuss the themes of threats that introduce risk to your organization. It is recommended you present themes in terms of the consequences associated with the threats. Provided below is information accompanying each theme that you may wish to communicate to your end-user audiences: Loss of competitive advantage Our company is successful due to the competitive advantage it has accumulated over time. Our competitive advantage is achieved through our people, our trade secrets (i.e., confidential information and procedures that we have developed to enable us to conduct business), and our intellectual property (i.e., confidential information that represents how we conduct business). There are many threats to the well-being of our competitive advantage. Should confidential information pertaining to our personnel, trade secrets, or intellectual property be compromised, it could have a severe impact on our competitive advantage. Therefore, our critical information and our personnel must be protected. Identity theft Identity theft involves the theft of information that may be used to identify an individual. Examples of such information – termed “personally identifiable information,” include social security numbers, birth dates, ethnicity, etc. As a further example, most of the information you would use to open a new credit card account is personally identifiable information (PII). Once this PII is stolen, criminals may use this information to purchase goods and services in your name, using your existing credit card accounts, or may create new credit card accounts in your name, using your PII. Equipment theft Unauthorized, non-<company> employees may enter our facilities. The risk associated with this unauthorized access is these criminals may steal equipment, such as laptop computers and servers. Service interruption If our network environment, our Web site, and our Web-based applications are not sufficiently protected, we will be susceptible to malicious attacks from criminals. Many of these attacks are designed to interrupt the operations of our information systems (e.g., our e-mail services and <mention one or two business applications with which all end-user audiences will be familiar>). Embarrassing media coverage You will see on the following slide several examples of media coverage that has compromised notable organizations’ reputations. It is likely that if <company> experiences a security incident that impacts our customers or business partners, such a security incident will become widely known and exploited in the media. This would severely impact <company>’s credibility, and many other aspects of our business we have exerted substantial time, money, and effort to build. Compromised customer confidence; loss of business Regardless if a security incident becomes widely known, <company>’s customers and business partners will likely be impacted. Our customers and business partners are becoming more sophisticated in their needs, and if they even suspect <company> is experiencing security issues, their confidence will be compromised. This compromised confidence will likely result in loss of business. Legal penalties Should <company> be found to be non-compliant with applicable regulations, legal fines / penalties could amount to the $millions. It is therefore important to ensure <company> is compliant with each of the regulations we previously discussed.