logging in or signing up Laptop Security WoodRock Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 964 Category: News & Reports.. License: All Rights Reserved Like it (1) Dislike it (1) Added: August 28, 2007 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... By: neo420840 (14 month(s) ago) hi Saving..... Post Reply Close Saving..... Edit Comment Close By: tmcmullen (41 month(s) ago) I would like to use some portions of your "Who Moved My Laptop? ppt for training purposes. Can you send it to me or allow me to download it? Regards, Tammy McMullen Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Who Moved My Laptop?Securing Confidential School Data: Who Moved My Laptop? Securing Confidential School Data Dennis Fazio Director, Technical Services © 2006 TIES December 2006 Slide2: The Numbers The Sobering Stats: The Sobering Stats More than 600,000 laptop thefts in 2003 totaling $720 million in losses (Safeware Insurance) Chances 1 in 10 that a laptop will be stolen (Gartner Group) 97% of computers never recovered (FBI) 3/4 of companies do not have specific security policies for their laptop computers (Gartner) Approximately 80% of laptop thefts are internal or lost on company property (Gartner) The Sobering Stats: The Sobering Stats 4 in 5 US firms have lost one or more laptops containing sensitive data in the last year (2006 Ponemon Institute study) 57% of computer crimes were linked to stolen computers that were then used to break into computer servers later on (FBI 1999) A laptop theft results in an average loss of $89,000 (FBI and CSI 2002) 2,900 laptops, 1,300 PDA's and over 62,000 mobile phones have been left in London's licensed taxi cabs (2001) Loss Analysis: Loss Analysis Horror Stories: Horror Stories Sep 2000 Irwin Jacobs, Qualcomm CEO, personal laptop. Speakers podium. Nov 2003/Jun 2004 UCLA. 145,000 blood donors. Locked van. Password-protected, not encrypted. Jun 2004 UCLA. 62,000 patients. Financial office/Health Care division. More Horror Stories: Mar 2005 UC Berkeley. 98,369 alumni andamp; grad students. College office. Mar 2006 Ernst andamp; Young. Hotels.com personal info from 243,000 Sun, Cisco, IBM, BP, Nokia employees. More Horror Stories Apr 2006 San Francisco cafe 1 stabbing injury, 1 PowerBook gone Even More Horror Stories: Even More Horror Stories May 2006 US Dept Veterans Affairs. 26.5 million veterans. Residence. Later recovered. Policy violation. Jul 2006 US Navy. 31,000 Naval personnel. 2 laptops from NJ recruitment office. Aug 2006 US Dept Transportation. 133,000 Florida residents. Parked Govt vehicle theft. The Last Horror Stories: The Last Horror Stories Nov 2006 LogicaCMG payroll firm. 15,000 London police. Office theft. Nov 2006 Kaiser Permanente Colorado. 38,000 members health information. Employee car. Dec 2005 Marc Anthony, latin crooner. Thief demanding $1 million ransom. Jennifer Lopez Another Traveler's Alert: Another Traveler's Alert Under U.S. law, government agents may, without warrants, seize and search a person's laptop computer, computer discs, and other electronic media when that person arrives in the U.S. from abroad or departs from the U.S for a foreign country. Customs or border officials can confiscate laptops for days, weeks or indefinitely. Slide11: Policies Data Diaspora: Data Diaspora Why would sensitive data ever need to be on portable computers? Keep sensitive data only on secure centralized servers. Ubiquitous broadband connections and secure web-based software make it unnecessary in most cases. But it's often much faster to download data and do the reports offline. There are powerful forces working against data centralization. That data is already out there. Policy Heirarchy: Policy Heirarchy No sensitive data to be stored on any computer or PDA outside the building All logins must have strong passwords Boot function must be password protected Any data on portable devices must be encrypted at all times Slide14: Physical Security Danger Areas: Danger Areas Airports Hotels Conference Centers Rental cars Automobiles Colleges Libraries Hospitals or, on the street where you live… Improvised Security: Improvised Security More Professional Security: More Professional Security Alternatives: Alternatives Slide19: Boot Protection BIOS Password - Windows: BIOS Password - Windows Prevents system boot Can be bypassed various ways Open Firmware Password - Mac OSX: Open Firmware Password - Mac OSX Prevents boot from any device Can be disabled with internal physical access Slide22: Encryption Full Disk Encryption: Full Disk Encryption Hardware-based AES encryption Trusted read/write commands Secure partitions to store keys or biometric data DriveTrust Microsoft EFS: Microsoft EFS Encrypting File System (EFS) Microsoft EFS: Microsoft EFS Encrypting File System (EFS) with Default Recovery Agent (DRA) Microsoft Private Folder: Microsoft Private Folder Private Folder 1.0 Mac OS X File Vault: Mac OS X File Vault Security Preferences Panel Mac OS X Encrypted Disk Images: Mac OS X Encrypted Disk Images Slide29: Recovery (ET phone home) Tagging: Tagging Anodized aluminum plate with cyanoacrylate adhesive Chemically etched tatoo Stealth Tracking: Stealth Tracking Embedded into firmware Windows and Mac OS X $50 annual fee Process: 1. File police report and notify Recovery Team 2. When computer contacts monitoring center, Recovery Team works with ISP and local police 3. Location inferred from IP address. Remote shutdown and file delete with other advanced corporate products Slide32: 'Identity Theft' Identity Theft as an Oxymoron: Identity Theft as an Oxymoron Identity is not a possession that can be acquired or lost. An identity is not stolen; the real crime is fraud Identity information is being misused to commit fraudulent transactions Cost now borne by the victim, not the financial institution There is no incentive for the industry to seriously address this fraud Slide34: 651-999-6201 Dennis.Fazio@ties.k12.mn.us Dennis Fazio Per altro informazione: A Telemillenium Production In association with Cyberevolutionary Studios All Rights Reserved MMVI You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Laptop Security WoodRock Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 964 Category: News & Reports.. License: All Rights Reserved Like it (1) Dislike it (1) Added: August 28, 2007 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... By: neo420840 (14 month(s) ago) hi Saving..... Post Reply Close Saving..... Edit Comment Close By: tmcmullen (41 month(s) ago) I would like to use some portions of your "Who Moved My Laptop? ppt for training purposes. Can you send it to me or allow me to download it? Regards, Tammy McMullen Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Who Moved My Laptop?Securing Confidential School Data: Who Moved My Laptop? Securing Confidential School Data Dennis Fazio Director, Technical Services © 2006 TIES December 2006 Slide2: The Numbers The Sobering Stats: The Sobering Stats More than 600,000 laptop thefts in 2003 totaling $720 million in losses (Safeware Insurance) Chances 1 in 10 that a laptop will be stolen (Gartner Group) 97% of computers never recovered (FBI) 3/4 of companies do not have specific security policies for their laptop computers (Gartner) Approximately 80% of laptop thefts are internal or lost on company property (Gartner) The Sobering Stats: The Sobering Stats 4 in 5 US firms have lost one or more laptops containing sensitive data in the last year (2006 Ponemon Institute study) 57% of computer crimes were linked to stolen computers that were then used to break into computer servers later on (FBI 1999) A laptop theft results in an average loss of $89,000 (FBI and CSI 2002) 2,900 laptops, 1,300 PDA's and over 62,000 mobile phones have been left in London's licensed taxi cabs (2001) Loss Analysis: Loss Analysis Horror Stories: Horror Stories Sep 2000 Irwin Jacobs, Qualcomm CEO, personal laptop. Speakers podium. Nov 2003/Jun 2004 UCLA. 145,000 blood donors. Locked van. Password-protected, not encrypted. Jun 2004 UCLA. 62,000 patients. Financial office/Health Care division. More Horror Stories: Mar 2005 UC Berkeley. 98,369 alumni andamp; grad students. College office. Mar 2006 Ernst andamp; Young. Hotels.com personal info from 243,000 Sun, Cisco, IBM, BP, Nokia employees. More Horror Stories Apr 2006 San Francisco cafe 1 stabbing injury, 1 PowerBook gone Even More Horror Stories: Even More Horror Stories May 2006 US Dept Veterans Affairs. 26.5 million veterans. Residence. Later recovered. Policy violation. Jul 2006 US Navy. 31,000 Naval personnel. 2 laptops from NJ recruitment office. Aug 2006 US Dept Transportation. 133,000 Florida residents. Parked Govt vehicle theft. The Last Horror Stories: The Last Horror Stories Nov 2006 LogicaCMG payroll firm. 15,000 London police. Office theft. Nov 2006 Kaiser Permanente Colorado. 38,000 members health information. Employee car. Dec 2005 Marc Anthony, latin crooner. Thief demanding $1 million ransom. Jennifer Lopez Another Traveler's Alert: Another Traveler's Alert Under U.S. law, government agents may, without warrants, seize and search a person's laptop computer, computer discs, and other electronic media when that person arrives in the U.S. from abroad or departs from the U.S for a foreign country. Customs or border officials can confiscate laptops for days, weeks or indefinitely. Slide11: Policies Data Diaspora: Data Diaspora Why would sensitive data ever need to be on portable computers? Keep sensitive data only on secure centralized servers. Ubiquitous broadband connections and secure web-based software make it unnecessary in most cases. But it's often much faster to download data and do the reports offline. There are powerful forces working against data centralization. That data is already out there. Policy Heirarchy: Policy Heirarchy No sensitive data to be stored on any computer or PDA outside the building All logins must have strong passwords Boot function must be password protected Any data on portable devices must be encrypted at all times Slide14: Physical Security Danger Areas: Danger Areas Airports Hotels Conference Centers Rental cars Automobiles Colleges Libraries Hospitals or, on the street where you live… Improvised Security: Improvised Security More Professional Security: More Professional Security Alternatives: Alternatives Slide19: Boot Protection BIOS Password - Windows: BIOS Password - Windows Prevents system boot Can be bypassed various ways Open Firmware Password - Mac OSX: Open Firmware Password - Mac OSX Prevents boot from any device Can be disabled with internal physical access Slide22: Encryption Full Disk Encryption: Full Disk Encryption Hardware-based AES encryption Trusted read/write commands Secure partitions to store keys or biometric data DriveTrust Microsoft EFS: Microsoft EFS Encrypting File System (EFS) Microsoft EFS: Microsoft EFS Encrypting File System (EFS) with Default Recovery Agent (DRA) Microsoft Private Folder: Microsoft Private Folder Private Folder 1.0 Mac OS X File Vault: Mac OS X File Vault Security Preferences Panel Mac OS X Encrypted Disk Images: Mac OS X Encrypted Disk Images Slide29: Recovery (ET phone home) Tagging: Tagging Anodized aluminum plate with cyanoacrylate adhesive Chemically etched tatoo Stealth Tracking: Stealth Tracking Embedded into firmware Windows and Mac OS X $50 annual fee Process: 1. File police report and notify Recovery Team 2. When computer contacts monitoring center, Recovery Team works with ISP and local police 3. Location inferred from IP address. Remote shutdown and file delete with other advanced corporate products Slide32: 'Identity Theft' Identity Theft as an Oxymoron: Identity Theft as an Oxymoron Identity is not a possession that can be acquired or lost. An identity is not stolen; the real crime is fraud Identity information is being misused to commit fraudulent transactions Cost now borne by the victim, not the financial institution There is no incentive for the industry to seriously address this fraud Slide34: 651-999-6201 Dennis.Fazio@ties.k12.mn.us Dennis Fazio Per altro informazione: A Telemillenium Production In association with Cyberevolutionary Studios All Rights Reserved MMVI