Laptop Security

Information about Laptop Security

Published on August 28, 2007

Author: WoodRock

Source: authorstream.com

Content

Who Moved My Laptop?Securing Confidential School Data:  Who Moved My Laptop? Securing Confidential School Data Dennis Fazio Director, Technical Services © 2006 TIES December 2006 Slide2:  The Numbers The Sobering Stats:  The Sobering Stats More than 600,000 laptop thefts in 2003 totaling $720 million in losses (Safeware Insurance) Chances 1 in 10 that a laptop will be stolen (Gartner Group) 97% of computers never recovered (FBI) 3/4 of companies do not have specific security policies for their laptop computers (Gartner) Approximately 80% of laptop thefts are internal or lost on company property (Gartner) The Sobering Stats:  The Sobering Stats 4 in 5 US firms have lost one or more laptops containing sensitive data in the last year (2006 Ponemon Institute study) 57% of computer crimes were linked to stolen computers that were then used to break into computer servers later on (FBI 1999) A laptop theft results in an average loss of $89,000 (FBI and CSI 2002) 2,900 laptops, 1,300 PDA's and over 62,000 mobile phones have been left in London's licensed taxi cabs (2001) Loss Analysis:  Loss Analysis Horror Stories:  Horror Stories Sep 2000 Irwin Jacobs, Qualcomm CEO, personal laptop. Speakers podium. Nov 2003/Jun 2004 UCLA. 145,000 blood donors. Locked van. Password-protected, not encrypted. Jun 2004 UCLA. 62,000 patients. Financial office/Health Care division. More Horror Stories:  Mar 2005 UC Berkeley. 98,369 alumni andamp; grad students. College office. Mar 2006 Ernst andamp; Young. Hotels.com personal info from 243,000 Sun, Cisco, IBM, BP, Nokia employees. More Horror Stories Apr 2006 San Francisco cafe 1 stabbing injury, 1 PowerBook gone Even More Horror Stories:  Even More Horror Stories May 2006
 US Dept Veterans Affairs. 26.5 million veterans. Residence. Later recovered. Policy violation. Jul 2006 US Navy. 31,000 Naval personnel. 2 laptops from NJ recruitment office. Aug 2006
 US Dept Transportation. 133,000 Florida residents. Parked Govt vehicle theft. The Last Horror Stories:  The Last Horror Stories Nov 2006 LogicaCMG payroll firm. 15,000 London police. Office theft. Nov 2006 Kaiser Permanente Colorado. 38,000 members health information. Employee car. Dec 2005 Marc Anthony, latin crooner. Thief demanding $1 million ransom. Jennifer Lopez Another Traveler's Alert:  Another Traveler's Alert Under U.S. law, government agents may, without warrants, seize and search a person's laptop computer, computer discs, and other electronic media when that person arrives in the U.S. from abroad or departs from the U.S for a foreign country. Customs or border officials can confiscate laptops for days, weeks or indefinitely. Slide11:  Policies Data Diaspora:  Data Diaspora Why would sensitive data ever need to be on portable computers? Keep sensitive data only on secure centralized servers. Ubiquitous broadband connections and secure web-based software make it unnecessary in most cases. But it's often much faster to download data and do the reports offline. There are powerful forces working against data centralization. That data is already out there. Policy Heirarchy:  Policy Heirarchy No sensitive data to be stored on any computer or PDA outside the building All logins must have strong passwords Boot function must be password protected Any data on portable devices must be encrypted at all times Slide14:  Physical Security Danger Areas:  Danger Areas Airports Hotels Conference Centers Rental cars Automobiles Colleges Libraries Hospitals or, on the street where you live… Improvised Security:  Improvised Security More Professional Security:  More Professional Security Alternatives:  Alternatives Slide19:  Boot Protection BIOS Password - Windows:  BIOS Password - Windows Prevents system boot Can be bypassed various ways Open Firmware Password - Mac OSX:  Open Firmware Password - Mac OSX Prevents boot from any device Can be disabled with internal physical access Slide22:  Encryption Full Disk Encryption:  Full Disk Encryption Hardware-based AES encryption Trusted read/write commands Secure partitions to store keys or biometric data DriveTrust Microsoft EFS:  Microsoft EFS Encrypting File System (EFS) Microsoft EFS:  Microsoft EFS Encrypting File System (EFS) with Default Recovery Agent (DRA) Microsoft Private Folder:  Microsoft Private Folder Private Folder 1.0 Mac OS X File Vault:  Mac OS X File Vault Security Preferences Panel Mac OS X Encrypted Disk Images:  Mac OS X Encrypted Disk Images Slide29:  Recovery (ET phone home) Tagging:  Tagging Anodized aluminum plate with cyanoacrylate adhesive Chemically etched tatoo Stealth Tracking:  Stealth Tracking Embedded into firmware Windows and Mac OS X $50 annual fee Process: 1. File police report and notify Recovery Team 2. When computer contacts monitoring center, Recovery Team works with ISP and local police 3. Location inferred from IP address. Remote shutdown and file delete with other advanced corporate products Slide32:  'Identity Theft' Identity Theft as an Oxymoron:  Identity Theft as an Oxymoron Identity is not a possession that can be acquired or lost. An identity is not stolen; the real crime is fraud Identity information is being misused to commit fraudulent transactions Cost now borne by the victim, not the financial institution There is no incentive for the industry to seriously address this fraud Slide34:  651-999-6201 [email protected] Dennis Fazio Per altro informazione: A Telemillenium Production In association with Cyberevolutionary Studios All Rights Reserved MMVI

Related presentations


Other presentations created by WoodRock

VoIP endfassung
18. 06. 2007
0 views

VoIP endfassung

Lone Wolf Presentation
22. 04. 2008
0 views

Lone Wolf Presentation

Guersenfinal
17. 04. 2008
0 views

Guersenfinal

10 bridge
16. 04. 2008
0 views

10 bridge

Reveiwfinal spring
14. 04. 2008
0 views

Reveiwfinal spring

ch03 edit
13. 04. 2008
0 views

ch03 edit

Howcroft CME
10. 04. 2008
0 views

Howcroft CME

ARPA07distribute
09. 04. 2008
0 views

ARPA07distribute

PowerPoint Presentation 2007
07. 04. 2008
0 views

PowerPoint Presentation 2007

Central Asia short
30. 03. 2008
0 views

Central Asia short

APALSAGeneralMeeting
27. 03. 2008
0 views

APALSAGeneralMeeting

elements compounds mixtures
04. 01. 2008
0 views

elements compounds mixtures

Moodle for english teachers
27. 06. 2007
0 views

Moodle for english teachers

YagerDOE2005
17. 09. 2007
0 views

YagerDOE2005

JESSICA2 HKJU Dec 18 2002
17. 09. 2007
0 views

JESSICA2 HKJU Dec 18 2002

wipo smes del 07 www 76775
24. 09. 2007
0 views

wipo smes del 07 www 76775

LDAP Integration
24. 09. 2007
0 views

LDAP Integration

SAR presentation Final
24. 09. 2007
0 views

SAR presentation Final

Politics ml Z
02. 10. 2007
0 views

Politics ml Z

sparkles
04. 10. 2007
0 views

sparkles

Extreme Makeover
17. 09. 2007
0 views

Extreme Makeover

current status ebxml cppa tc
29. 10. 2007
0 views

current status ebxml cppa tc

ast201 2007 lect11
28. 11. 2007
0 views

ast201 2007 lect11

judicial
28. 08. 2007
0 views

judicial

hammer fatriv
28. 08. 2007
0 views

hammer fatriv

Air Monitoring
23. 10. 2007
0 views

Air Monitoring

CONFINED
07. 11. 2007
0 views

CONFINED

Kansas GRB 5
15. 11. 2007
0 views

Kansas GRB 5

ATS
16. 11. 2007
0 views

ATS

Lecture 4 Bioterrorism Dunne
17. 11. 2007
0 views

Lecture 4 Bioterrorism Dunne

wieser sybase
20. 11. 2007
0 views

wieser sybase

rushdie
21. 11. 2007
0 views

rushdie

Napoleon I
26. 11. 2007
0 views

Napoleon I

SonnetOL
11. 08. 2007
0 views

SonnetOL

Steve Lafferty optimized
11. 08. 2007
0 views

Steve Lafferty optimized

Tibetian test 2
11. 08. 2007
0 views

Tibetian test 2

Plumbing an Information Space
02. 01. 2008
0 views

Plumbing an Information Space

Tree of Life 3 11 03
11. 08. 2007
0 views

Tree of Life 3 11 03

savas dangerous offenders
11. 08. 2007
0 views

savas dangerous offenders

Memory Revisited
12. 10. 2007
0 views

Memory Revisited

Dermatology Revision
05. 01. 2008
0 views

Dermatology Revision

FROM THE DISCOVERY OF HELIX
16. 10. 2007
0 views

FROM THE DISCOVERY OF HELIX

504d AACR poster 2005 cfg
30. 10. 2007
0 views

504d AACR poster 2005 cfg

Zeeberg
17. 09. 2007
0 views

Zeeberg

sweep
11. 08. 2007
0 views

sweep

Industrialization Ideology
26. 10. 2007
0 views

Industrialization Ideology

CS438 08 Bridges
28. 12. 2007
0 views

CS438 08 Bridges

sa advocacy
24. 09. 2007
0 views

sa advocacy

CausalArguments
26. 11. 2007
0 views

CausalArguments

JostDeutschAwards
07. 01. 2008
0 views

JostDeutschAwards

Class24ImlicatureExp
19. 02. 2008
0 views

Class24ImlicatureExp

Lars Nord Presentation at HA2005
08. 10. 2007
0 views

Lars Nord Presentation at HA2005

ConEvals
27. 02. 2008
0 views

ConEvals

moodle themes
27. 06. 2007
0 views

moodle themes

Moodle lokalp
27. 06. 2007
0 views

Moodle lokalp

Moodle na UE final
27. 06. 2007
0 views

Moodle na UE final

SIRESENAC06
06. 03. 2008
0 views

SIRESENAC06

Seance 4 Alissa fr
24. 10. 2007
0 views

Seance 4 Alissa fr

SKita gesture
11. 08. 2007
0 views

SKita gesture

8 lessons learnt from nms
18. 03. 2008
0 views

8 lessons learnt from nms

WORKING IN THE EU INSTITUTIONS
20. 03. 2008
0 views

WORKING IN THE EU INSTITUTIONS

semantic web applications
25. 03. 2008
0 views

semantic web applications

FutureofNews
05. 10. 2007
0 views

FutureofNews

sxu 1 05 06
11. 08. 2007
0 views

sxu 1 05 06

canarias
23. 10. 2007
0 views

canarias

Reintegration ProgramFinal
28. 12. 2007
0 views

Reintegration ProgramFinal

G Abaee
22. 11. 2007
0 views

G Abaee

tromsoe
11. 08. 2007
0 views

tromsoe

glazerbusan
12. 10. 2007
0 views

glazerbusan

Stockholm Tutorial June 2001
12. 03. 2008
0 views

Stockholm Tutorial June 2001

TF Rschede
18. 06. 2007
0 views

TF Rschede

telwisa 5
18. 06. 2007
0 views

telwisa 5

Teitler Framework
18. 06. 2007
0 views

Teitler Framework

STRUMENTI tris DI ATTUAZIONE
18. 06. 2007
0 views

STRUMENTI tris DI ATTUAZIONE

strategic plan
18. 06. 2007
0 views

strategic plan

STEROIDS
18. 06. 2007
0 views

STEROIDS

Slide musso taranto
18. 06. 2007
0 views

Slide musso taranto

V 005 Gierke
18. 06. 2007
0 views

V 005 Gierke

Vorlesung BGB AT 1
18. 06. 2007
0 views

Vorlesung BGB AT 1

violenza
18. 06. 2007
0 views

violenza

Varma
18. 06. 2007
0 views

Varma

usenix
18. 06. 2007
0 views

usenix

unter Mitglieder wenn das geht
18. 06. 2007
0 views

unter Mitglieder wenn das geht

Unterrichtsbeobachtu ng
18. 06. 2007
0 views

Unterrichtsbeobachtu ng

Traechtigkeit
18. 06. 2007
0 views

Traechtigkeit

todoslossantosanual
02. 11. 2007
0 views

todoslossantosanual

vortrag we mu 220602
18. 06. 2007
0 views

vortrag we mu 220602

SOR Legal Updates 2006 141962 7
11. 08. 2007
0 views

SOR Legal Updates 2006 141962 7

Bigwood 1
13. 03. 2008
0 views

Bigwood 1

lrec metadata
14. 11. 2007
0 views

lrec metadata

termininfo D2D Konferenz2006
18. 06. 2007
0 views

termininfo D2D Konferenz2006

3320 l09
17. 09. 2007
0 views

3320 l09

typologie
18. 06. 2007
0 views

typologie

antalya
03. 09. 2007
0 views

antalya

sermonpp thy will be done
11. 08. 2007
0 views

sermonpp thy will be done

gabriel
24. 09. 2007
0 views

gabriel

tack2
24. 09. 2007
0 views

tack2

VORTRAG BW
18. 06. 2007
0 views

VORTRAG BW

The Perils of Childhood Obesity
11. 08. 2007
0 views

The Perils of Childhood Obesity

GT TurkeyCountryPresent ation
23. 10. 2007
0 views

GT TurkeyCountryPresent ation

Open Everything 3 9
01. 10. 2007
0 views

Open Everything 3 9

arnaud
28. 09. 2007
0 views

arnaud

file1180026507
22. 10. 2007
0 views

file1180026507

yasinsky
24. 09. 2007
0 views

yasinsky

healthy body esteem
03. 10. 2007
0 views

healthy body esteem

moodle presentation epfl final
27. 06. 2007
0 views

moodle presentation epfl final

37 Yale SA Program Overview 07
24. 09. 2007
0 views

37 Yale SA Program Overview 07

song slides
11. 08. 2007
0 views

song slides

Stuttgart
18. 06. 2007
0 views

Stuttgart

site wsa
29. 02. 2008
0 views

site wsa

pearson
24. 09. 2007
0 views

pearson

09 s4 fr
11. 03. 2008
0 views

09 s4 fr

EPS
17. 10. 2007
0 views

EPS

OARS CRJ 2006
24. 09. 2007
0 views

OARS CRJ 2006

7Paul Hopkin
11. 12. 2007
0 views

7Paul Hopkin

Sofia 29 09 30 02
23. 11. 2007
0 views

Sofia 29 09 30 02

CSI NetSec2004
29. 10. 2007
0 views

CSI NetSec2004

santTOPch11
11. 08. 2007
0 views

santTOPch11

HumanCapitalFINAL
24. 09. 2007
0 views

HumanCapitalFINAL

Carmelo Polino
22. 10. 2007
0 views

Carmelo Polino

Poeplau ECLOUD07
03. 01. 2008
0 views

Poeplau ECLOUD07

peytonap
17. 09. 2007
0 views

peytonap

BUTE 2005feb Milano COST291
16. 10. 2007
0 views

BUTE 2005feb Milano COST291