Text Size: small medium large
 
 
Economics of Computer Security in the Internet Age

These notes are a brief introduction to the economics of computer security, with particular attention to the internet's effect on benefits and costs of securing computer resources.

A presentation, based on these notes, was given by SIWEBDEV president Scott Gilbert on Wednesday February 16th 2005, at the Carbondale to Cyberdale meeting held at the Dunn-Richmond Economic Development Center at Southern Illinois University - Carbondale.

For a very basic introduction to computer security in the internet age, SIWEBDEV recommends the book: Network Security for Dummies, by Chey Cobb, published in 2003, $29.99, ISBN: 0-7645-1679-5, 380 pages.

Overview: Computers as a business tool have skyrocketed in value, particularly in our current Internet Age. At the same time, internet connectivity has exposed computers to new threats, both pranks and profit-motivated criminal attacks. Understanding the economics of computer security is vital to all enterprises who strive for a successful presence on the World Wide Web.

If you can answer these questions, you're on your way toward best practices in computer security.

 

Security - Protecting your Computer Operations from Harm

I. Understand the range of potential benefits of web-enabled computers.

a. Desktop Computer

    internet communication
    on-line purchasing
    business applications

b. Local Area Network

    efficient multi-computer setup
    improved local communications
    file sharing

c. Website

    online brochure
    catalog
    store front
    customer services

II. Identify your specific goals in computer usage.

a. Improved business productivity

    lower labor expense
    better use of business data

b. Communications

    lower phone expense
    more reliable communication

c. Marketing

    mass market
    lower marketing expense

d. Customer service

    lower labor, rent, transportation expenses
    improve speed and quality of information-driven services

III Who can thwart your computer goals?

a. Employees and social engineering

    unauthorized computer access, passwords, file sharing
   

b. Contractors and consultants

    intellectual property

c. Unauthorized visitors

    perimeter breach

d. Internet service providers

    packet sniffing

e. Web hosting providers

    contract breach, service failure

f. Web visitors

    SQL injection attacks, distributed Denial Of Service, port scan

g. Computer hardware providers

    hidden software

h. Electricians and computer installation personnel

    power and configuration errors, perimeter breach

i. Computer software providers

    security vulnerabilities

j. Anonymous hackers

k. Spies

l. Imposters

m. Web thieves

    stealing "cycles" and data

n. Web extortionists

    distributed Denial of Service attacks

IV. What are the cost-effective ways to minimize threats?

a. Read a basic book on network security

b. Principle of least privilege

c. Proper use of passwords

d. Physical access: lock your data

e. Privacy policies and agreements

f. Remove unnecessary software and applications

g. Understand the nature of your internet connections

h. Subscribe to security newsletters and magazines

    Sans Institute news
    Computer Security Institute news
    TechNet magazine
    Sys Admin magazine

i. Judiciously update computer software, hardware, accessories

j. Selectively monitor computer access

j. Anti-virus Software

    Norton, Mcafee, Panda

k. Firewalls

    software firewalls: Norton, Windows XP, Mcafee, Panda
    hardware firewalls

l. Intrusion detection systems

    Snort

m. Test your defenses

    Scan your ports: dslreports.com
    Check your website host: whois.sc, North American IPs

V. What are the cost-effective ways to recover from an attack?

a. An ounce of prevention - backup routines

b. Confine and destroy the invading process

c. Install backups and replacements

d. Get the right outside help

    local consultants
    FBI
    internet chatter