logging in or signing up WARPin Switz Connor Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 36 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 17, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Slide1: WARPs in Switzerland: Arguments and Prospects CENTER FOR SECURITY STUDIES Swiss Federal Institute of Technology (ETH Zurich) Manuel Suter 3rd Annual WARP Forum 13 March 2007 Leeds Town HallContents of the presentation : Contents of the presentation The need for WARPs in Switzerland: findings from our survey on Information Security in Swiss Companies. Different threats – different risk management – different needs Joint action between companies possible forms the question of funding Different threats: risk of attacks by number of employees: Different threats: risk of attacks by number of employeesDifferent risk management: financial resources: Different risk management: financial resourcesDifferent risk management: the use of security measures: Different risk management: the use of security measures Practically all enterprises have taken the most basic technical security measures (like anti-virus software, firewalls etc.). However, more complex technologies such as Intrusion Detection Systems, Biometrics, or Encryption are almost exclusively used by large firms. Organisational security measures are also clearly more often used in large companies (see figure).The differences between companies: summary: The differences between companies: summary Threats to information security can affect different companies to very different extents. The level and form of risk management varies among different types of companies. The findings of the survey show that the size of the company plays an important role. Other factors may also influence the risk of incidents and the level of risk management: business activity, the reputation of a company, the level of technical innovation etc. Because different companies face different threats and are at different levels of risk management, they have different needs. The different needs: arguments for WARPs: The different needs: arguments for WARPs One solution doesn‘t fit all: due to the disparities among companies, tailored services are needed. the filter function of WARPs is particularly important SMEs face smaller risks than large companies. But because of their limited resources, they are often not prepared at all. As many SMEs also depend on a functioning IT infrastructure, they would gain much from information sharing and mutual support. WARPs can provide an extension and a complement to the CERT model with regard to the needs of SMEs. Joint action: the need for external help: Joint action: the need for external help Only 32% of the firms have a qualified IT specialist responsible for information security. Outsourcing is particularly popular among medium-sized enterprises (10-249 employees). More than one in three medium-sized enterprises outsource at least 40% of their information security budget. 63% of companies that have experienced an information security incident have sought external help. Joint action: where companies look for help: Joint action: where companies look for helpPossible forms of joint action: Possible forms of joint actionFunding joint action: Funding joint action The question as to how any joint action should be funded was formulated in a very general manner: „Would your company be prepared to participate financially in an organisation that provides advice and coordinates joint action in information security?“ Hardly surprising, the majority rejected a financial contribution. Nevertheless, more than a half of the large firms and one third of the medium-sized firms would be prepared to participate. Funding joint action is difficult but not impossible to obtain.Joint action: summary: Joint action: summary Informal forms of joint action between companies already exist. There is a substantial interest among companies for joint action in the form of sharing experiences and mutual support. Personalized trust seems to be a crucial. State support in promoting and setting up joint action would appear to be necessary, given that firms tend to participate in organisations for joint action only when they have proven their use. Conclusion: Conclusion The model of WARPs would satisfy the needs of Swiss companies in many respects: Mutual support and sharing of experience and knowledge Tailored services Cost-efficient Personalized trust ‘Watch out for WARPs in the Alps!’ (WARP Newsletter, November 2006) ? Contact : Contact Manuel Suter Center for Security Studies ETH Zürich WEC Weinbergstrasse 11 8092 Zurich Switzerland +41 (0)44 632 63 49 suter@sipo.gess.ethz.ch The survey „Information Security in Swiss Companies“ is available for free download at: http://www.crn.ethz.ch/publications/crn_team/ You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
WARPin Switz Connor Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 36 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 17, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Slide1: WARPs in Switzerland: Arguments and Prospects CENTER FOR SECURITY STUDIES Swiss Federal Institute of Technology (ETH Zurich) Manuel Suter 3rd Annual WARP Forum 13 March 2007 Leeds Town HallContents of the presentation : Contents of the presentation The need for WARPs in Switzerland: findings from our survey on Information Security in Swiss Companies. Different threats – different risk management – different needs Joint action between companies possible forms the question of funding Different threats: risk of attacks by number of employees: Different threats: risk of attacks by number of employeesDifferent risk management: financial resources: Different risk management: financial resourcesDifferent risk management: the use of security measures: Different risk management: the use of security measures Practically all enterprises have taken the most basic technical security measures (like anti-virus software, firewalls etc.). However, more complex technologies such as Intrusion Detection Systems, Biometrics, or Encryption are almost exclusively used by large firms. Organisational security measures are also clearly more often used in large companies (see figure).The differences between companies: summary: The differences between companies: summary Threats to information security can affect different companies to very different extents. The level and form of risk management varies among different types of companies. The findings of the survey show that the size of the company plays an important role. Other factors may also influence the risk of incidents and the level of risk management: business activity, the reputation of a company, the level of technical innovation etc. Because different companies face different threats and are at different levels of risk management, they have different needs. The different needs: arguments for WARPs: The different needs: arguments for WARPs One solution doesn‘t fit all: due to the disparities among companies, tailored services are needed. the filter function of WARPs is particularly important SMEs face smaller risks than large companies. But because of their limited resources, they are often not prepared at all. As many SMEs also depend on a functioning IT infrastructure, they would gain much from information sharing and mutual support. WARPs can provide an extension and a complement to the CERT model with regard to the needs of SMEs. Joint action: the need for external help: Joint action: the need for external help Only 32% of the firms have a qualified IT specialist responsible for information security. Outsourcing is particularly popular among medium-sized enterprises (10-249 employees). More than one in three medium-sized enterprises outsource at least 40% of their information security budget. 63% of companies that have experienced an information security incident have sought external help. Joint action: where companies look for help: Joint action: where companies look for helpPossible forms of joint action: Possible forms of joint actionFunding joint action: Funding joint action The question as to how any joint action should be funded was formulated in a very general manner: „Would your company be prepared to participate financially in an organisation that provides advice and coordinates joint action in information security?“ Hardly surprising, the majority rejected a financial contribution. Nevertheless, more than a half of the large firms and one third of the medium-sized firms would be prepared to participate. Funding joint action is difficult but not impossible to obtain.Joint action: summary: Joint action: summary Informal forms of joint action between companies already exist. There is a substantial interest among companies for joint action in the form of sharing experiences and mutual support. Personalized trust seems to be a crucial. State support in promoting and setting up joint action would appear to be necessary, given that firms tend to participate in organisations for joint action only when they have proven their use. Conclusion: Conclusion The model of WARPs would satisfy the needs of Swiss companies in many respects: Mutual support and sharing of experience and knowledge Tailored services Cost-efficient Personalized trust ‘Watch out for WARPs in the Alps!’ (WARP Newsletter, November 2006) ? Contact : Contact Manuel Suter Center for Security Studies ETH Zürich WEC Weinbergstrasse 11 8092 Zurich Switzerland +41 (0)44 632 63 49 suter@sipo.gess.ethz.ch The survey „Information Security in Swiss Companies“ is available for free download at: http://www.crn.ethz.ch/publications/crn_team/