©Wm. List & Co 2005

William List CA FBCS

©Wm. List & Co 2005

Where we were

©Wm. List & Co 2005

Security - Then

©Wm. List & Co 2005

Computers arrive

Automate processes

Present results - familiar format

Create programs - with bugs

©Wm. List & Co 2005

Consequences

Users do not understand ITFailure to communicatePoor specifications of requirementsIT (junior) staff decide everythingFamiliar words have new meanings (confusion)

Traditional controls abolishedNot required?

Errors occur people fix (and fix and fix)

©Wm. List & Co 2005

And the IT security was

©Wm. List & Co 2005

Then came communications

©Wm. List & Co 2005

Who are you?

©Wm. List & Co 2005

What are the systems?

©Wm. List & Co 2005

Meanwhile the software

©Wm. List & Co 2005

A secure network?

©Wm. List & Co 2005

Manager’s view of IT Security

©Wm. List & Co 2005

And we have regulators

©Wm. List & Co 2005

Where we are

©Wm. List & Co 2005

Now

Every computer connects to all othersNo idea what is really going on in systemsAbuse of required functionalityBugs still abound in softwareAll worldwide: better market for scams!Two systems

IT systemUsers system - ?based on IT output

©Wm. List & Co 2005

Objectives for future

Help managers manageHelp home users be secure

©Wm. List & Co 2005

Information security today

©Wm. List & Co 2005

A new paradigm

Assume that all is OKMake controls to find if assumption untrueBuild preventive controls to keep volumes

of failures to manageable levelsPriority given to clearing identified issues

Repair the dataDecide if fix to system neededIf so fix

©Wm. List & Co 2005

Objective

©Wm. List & Co 2005

Thank You TC11

for this award

William List CA FBCSWhere we wereSecurity - ThenComputers arriveConsequencesAnd the IT security wasThen came communicationsWho are you?What are the systems?Meanwhile the softwareA secure network?Manager’s view of IT SecurityAnd we have regulatorsWhere we areNowObjectives for futureInformation security todayA new paradigmObjective