1 pertemuan 4 information at risk matakuliah:a0334/pengendalian lingkungan online tahun: 2005 versi:...
TRANSCRIPT
1
Pertemuan 4Information at Risk
Matakuliah :A0334/Pengendalian Lingkungan Online
Tahun : 2005
Versi : 1/1
2
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Mahasiswa dapat menyatakan Resiko Informasi
3
Outline Materi
• The Marketing Dimension– What ‘Marketing Aspects’?– These Marketing Aspects!– The Expectation: Experience Equation– But What Can Happen?
• The ‘Mistake’ (or “I didn’t Mean to destroy Your Livelihood’)• The ‘Game’ (‘I Wanted to Prove That I Could “Take Someone Out”’)• The ‘Idiot’ (or someone Who Thinks that They are ‘Above All of
This’)• The ‘Good Idea’ (or ‘Let’s Do This Using “e”’ – Without Thinking)• The ‘Unhappy Employee’ (either as A Cause or as A Victim)
– Summary
• Stamping Out The Bugs
4
The Marketing Dimension
• What ‘Marketing Aspects’?
• These Marketing Aspects!
• The Expectation: Experience Equation
5
• But What Can Happen?– The ‘Mistake’ (or “I didn’t Mean to destroy Your
Livelihood’)– The ‘Game’ (‘I Wanted to Prove That I Could “Take
Someone Out”’)– The ‘Idiot’ (or someone Who Thinks that They are
‘Above All of This’)– The ‘Good Idea’ (or ‘Let’s Do This Using “e”’ –
Without Thinking)– The ‘Unhappy Employee’ (either as A Cause or as A
Victim)
• Summary
6
What ‘Marketing Aspects’?
• Marketing surrounding the ‘e-world’ should be simple – everyone will utilise ‘e’, there fore turn your communications to directing prospects and clients to the appropriate website and to your email address and carry on.
• Most of us have computers.• Suddenly the marketing manager is looking rather
vulnerable, because his/her organisation is vulnerable, and the fallout will be lack of trust and reputation. Which leads to brand problems. We all know that good brand reputation is difficult to create, easy to damage and problems. And today, damage is far easier to create.
7
• You were pretty clear about whether or not your organisation was a ‘target’.
• It is never the other way round: you have to take the information risk management decisions at board level and then inform the IT department of the criteria against which to work. It is madness to expect the IT people to understand the relative value of each type of information within your organisation and its relative importance in terms of confidentiality, integrity and availability.
8
These Marketing Aspects!
• You are responsible for the protection and enhancement of your brand.
• Pre-‘e’ your brand was similarly affected by your reputation.
• What is worse, they often do not realise what they are doing to you – they do not understand the consequences of their actions.
9
• It is too easy to do damage electronically and it is made too easy by the very fact that we rely on communicating by a system that was never designed to be secure. The internet was originally built to allow communication amongst academic groups, now for their preference for sharing information. It was not supposed to be the world’s ‘trusted business backbone’.
10
• The other reason why it is too easy to create ‘electronic damage’ is that too many organisations and individuals do not understand why they must take steps to protect their ‘e’-base. They think (if they think about it at all) that ti is ‘someone else’s responsibility’. It is seen as a technological issue – even by managers who should know better.
11
• Trust and confidence affect brands and marketing has responsibility for the brand. Therefore marketing has direct responsibility for ensuring that your organisation promotes and ensures ‘e-trust’ and ‘e-confidence’. Furthermore, marketing must also take responsibility for all internal and external communications on this issue, otherwise they will occur in a piecemeal fashion, undertaken by people who are not trained in communications skills.
12
The Expectation: Experience Equation
• Whatever we do, we cannot claim to have ‘e-trust’ and ‘e-confidence’ unless we have genuinely got it. Remember that many so-called ‘hackers’ carry out attacks just to be able to say that they have got through a specific organisation’s defences. You may claim to be secure – they may well try you out.
13
But What Can Happen?
• Viruses, worms, trojans, deliberate attacks (external hackers, internal hackers, recent leaver-hackers, hactivists), random attacks from the same communities and errors (as all the above can be ‘let in’ by mistake) an, in addition, simple human error can, in a poorly protected system, wreak havoc.
14
The ‘Mistake’ (or “I didn’t Mean to destroy Your Livelihood’)
• Recently a ‘hactivist’ (someone who believes that their hacking is ‘ethical’ because they only break into sites and systems that are owned or run by organisations that they don’t agree with) destroyed a company that was totally innocent, even of the so-called ‘crime’ that the hactivist was so worked-up about.
15
The ‘Game’ (‘I Wanted to Prove That I Could “Take Someone Out”’)
• Even more recently an Internet service Provider (ISP) – not exactly on organisation without ‘e’-technical nous – suffered a total ‘distributed denial of service’ attack. This meant that none of their customers could use their services for over a week – they went out of business as a direct result.
16
The ‘Idiot’ (or someone Who Thinks that They are ‘Above All of This’)
• A large IT company has a very costly virus attack; despite the fact that it prides itself on assisting many areas of ‘UK plc’ to solve technology challenges.
17
The ‘Good Idea’ (or ‘Let’s Do This Using “e”’ – Without Thinking)
• A company offered free internet advertising to clients of another service. Someone ‘hacked in’ and changed the prices shown. Apart from the nightmare of sorting it all out, the reputation of the company was badly shaken when the object of the exercise was the complete opposite!
18
The ‘Unhappy Employee’ (either as A Cause or as A Victim)
• Consider two scenarios.
• The first involved a person who saw a pornographic scene on another employee’s PC screen.
19
• The second involved someone who was, appropriately, fired from their job. Their employer was excellent in providing new employees with passwords etc – but not at all good at removing them when people left even in bad circumstances. The ex-employee decided to ‘get even’ and logged into the company system using their passwords, and altered many detailed items in areas such as personnel records, payroll and costing and pricing.
20
Summary
• It is marketing’s job to control communication about information security, inside and outside the organisation. A company’s approach to security will directly affect its marketing positioning and organisational differentiation. Security failure can destroy a company’s reputation – or even the company itself.
• Information security is not a cost, it is a marketing investment.
• E-business and e-government demand the electronic exchange of ever-more important information.
21
• Marketing should identify and promote the internal and external advantages of having appropriate information security.
• Marketing should create two communications plans: one internal, one external. Finally, marketing must ensure that al communications are written in suitable language for each target audience – internal and external – otherwise the messages will not be understood.
22
Stamping Out The Bugs
• Tony Neate has spent a total of 27 years as a detective, 13 years of this working in commercial fraud and eight years in computer crime, so he knows all about crime – cybercrime and other forms.
23
The EndThe End