Community

Hi Gadget girl

not sure how many members in you presentation group but to do 2.5 hours is over the top...

so a few suggestions

passwords with the histroy of encryption

the security of HCFD's (hand carried floppy disc's) conpaired with the internet.

methods of 'stealing' screen emmisions wire tap and induction loops

methods of stopping theft - never turn the pc on...etc

how much data can be stolen in 2.5 hours! -

data corruption intentional and accidental

GG, It sounds like your management is taking intra- and inter- departmental communication seriously, which has got to be a "Good Thing".

I see your point that 2.5 hours is a long time. With no disrespect to your presentation skills, it will seem a long time for your listeners as well as for you. So here is an idea: why not prepare a presentation lasting about an hour or so, then throw in a few contentious or provokative discussion points near the end. Points that you believe need to be resolved, but which you cannot do entirely within your own remit. Then sit back and watch the ensuing discussion.

Security is often a matter of finding the correct balance between security and convenience. It is sometimes difficult to pin down management to where this balance should be struck. The discussion should give you some valuable indicators.

If your management is really as open and communicative as they seem to be, then they will welcome such an aproach. Judge for yourself.

Good luck!

They will already know loads, but there are loads of good stories of guys with ther pants down never women! and you have the added advantage you could send them out to see how many sites they could pick up in the area, to kill 2 hours perhaps? or get them trying to hack into each others computers, to show how easy it can be, they would love that. You could then sit back "supervising" with a nice coffee. While they test themselves and preen about their results.
Christine

PLEASE READ AND RESPONE: THIS IS WHAT WE HAVE ALL NEEDED....

PROTEXX INC. A BRIEF BACKGROUND


Today's technology started development in 1996. Its mission then, as now, was to develop and market encryption software to provide for the safe transmission of sensitive data and to protect the identity of both the sender and the receiver.
During the last five years, the patent pending technology was refined and tested, and Protexx? marketed its first 2048 bit encryption software package, said to be impenetrable by currently available hacker technology. It is designed to be used by organizations and individuals in a wide variety of sensitive fields, including, but not limited to medicine, law, corporate information, government and finance.
Protexx? 2048 bit encryption technology has been reviewed by NSA, Hewlett-Packard, and IBM and is now in use in several high security installations. The software package may be downloaded from the company?s Web site at www.protexxinc.com , and can include a biometric positive identification component which once installed by both sender and receiver, assures complete security for transmission of data over the Internet. The company maintains its own network-operating center [NOC] for use only by authorized subscribers. Each user receives a certificate of authorization, admitting his computer and only his identity to the Protexx? secure transmission system.

~~~~~~~~~~

THE PROBLEM: NAKED IN MACY?S WINDOW

WiFi and the Internet pose a growing threat to personal, medical, legal and corporate information ? just what can be done about it?

Consider the following:

 A Company CEO was instant messaging with the director of personnel about potential layoffs. The IT department ?sniffed? it and information was transmitted throughout the entire corporation before any decisions were made. As a result of the network security intrusion behind the firewall key people were lost.

 Unencrypted diagrams were emailed between a company?s research and development center and its production facility, were intercepted, and as a result, the competition got the product into production first.

 Two soap opera writers were instant messaging each other over WiFi, a tabloid reporter sniffed it, published it, and the show lost audience share.

These are not theoretical possibilities; they actually happened, and they point out the vulnerability of any Internet communication, particularly those that travel over wireless links, to be intercepted.
?Anyone can sit in Panera Bread, or any place with a public WiFi connection, with a sniffer (a software tool) and intercept people?s personal information ? such as credit card numbers ? at will,? says Bill Tabor, Protexx, Inc. Chief Technical Officer. ?With an appropriate antenna, the range of a sniffer can be several miles.? And it gets worse.


Tabor says, ?Even if you are running some sort of encryption ? such as when you connect to the web page for your credit card information or place an order on line ? the most prevalent form of Internet encryption, 128-bit SSL, can be readily cracked with freeware that can be downloaded from a public Web site. Many 256-bit encryption techniques can be cracked as well.?
He adds, ?The bottom line is that most people, and most organizations, don?t realize how incredibly vulnerable their data is when it?s moving over the Internet. Even if you are using commonly available encryption technology, you?re sitting naked in Macy?s window, and you don?t even know it.?
~~~~~~~~~~

THE GOOD NEWS

Recognizing the growing need to protect medical, legal, financial, insurance, corporate, and personal data as it travels the Internet, Protexx Inc. has created a fully portable encryption system for ensuring the integrity and protection of data.
Here is how it works. Suppose you want to check your credit card account from a public WiFi connection, but want to do so securely. Assuming you have already downloaded the Protexx encryption software from www.protexxinc.com and installed the authentication certificate, simply double-click on the two red Protexx? VPN icons in the taskbar icon tray. This establishes a connection with the Protexx? server at its Tier One protected facility. The Protexx software on the server does a handshake with the software that is on your computer. Your computer and the Protexx server exchange public encryption keys, and this starts a 2048-bit encryption system that has a rotating key.
From the point of the first handshake, all communication between your computer and the Protexx server is essentially invisible to prying eyes. From there, you can sign into any Internet location, knowing that the wireless portion of your communication is now intrusion proof.
HP Storage Security Executive Summary Document #5982-5975EN, 05/2004, Page 14: "A very long key, for example, 1000 bits, has far too many possibilities to try in a million years using all the computers in existence"
For two people to establish secure Internet communication between them ? for example if a research and development center wanted to email plans to a production facility ? all that?s required is for both parties to authenticate by signing into the Protexx? server and then email normally between them. The information will be automatically encrypted at the sender?s computer, travel securely over the Internet, and will be automatically decrypted at the recipient?s machine.
Protexx encryption technology, which is built around open source, has been under development for five years, has been extensively tested for the past two years, and now is available to users throughout the United States. The cost for an individual user is $4.95 per month subscription, and corporate clients can pay much less per user, based on the number of monthly subscribers.
Protexx? provides mission critical systems with much needed bulletproof security layer from hacking software.
Protexx is real-time security technology that secures your all of your data in motion.

~~~~~~~~~~

THE SOLUTION

For further information about Protexx or its 2048 bit encryption software package, call, write or e-mail company president Peter Letizia, Protexx, Inc., 10784 Crescendo Circle, Boca Raton, Florida 33498-4871. PLetizia@ProtexxInc.com

Protexx, Inc. also has offices at, 35 Evergreen Parkway, Westport Connecticut 06880. Contact Mark L Myers, Chairman, 203 682 6436. MMyers@ProtexxInc.com

To keep an audience's attention for 2.5 hours (I suggest you try to shorten it to 1 hour) it might help to make use of real life examples to illustrate a security concept. A real case history is more likely to keep people's attention than some theoretical presentation (especially during a lunch or shortly after). There must be many examples in the news to choose from. Have up to 10 examples (perhaps you can pick something that happened in your institution?) of what went wrong, present them, and perhaps ask the audience for ideas on what could have been done from a seecurity standpoint. You probably won't need to go over all the examples and topics based upon how your audience responds. Best wishes for your presentation.

GG - Good luck with your presentation whichever way you choose, but it could be a golden opportunity for you rather than a millstone.

Have you considered going down a different route. They are getting communicated to about technical advances which they would rather
(a) Not know
or
(b) Find out themeselves in their own time and manner.
Your initial remit was to improve departmental communications, therefore what about highlighting communication skills.
Show information flow, and causes of blocks (Personalities, politics, different communication skills and approaches).
You could present this, then go into communication "skill" games between departments, or better still, with mixed members - Techies love these challenges.
You could finalise with a discussion on how people felt about the succcesses and challenges and the importance of ongoing communications.

It gets them thinking about, and understanding the root cause of communications problems - US !!

ISO 17799 is as dull as ditchwater and extremely important..... So find some important people who aren't dull and subcontract the thing to them....

Suggestion 1:
Get a psychologist to present on Maslow and then get the team to relate it to IT Infrastructure and IT Security

Suggestion 2:
Get a locksmith to come in with a Safe containing an Easter egg (timing should just about work, I think). Get the team to try and crack the safe... then crack their heads with the confidential information that you have managed to scavenge from their desks, their bins, their phone conversations overheard even from their blogs and websites. Show them that security doesn't necessarily require technology, rather dedication - a way of life.

Suggestion 3:
You are bound to have a contact in the security community who could come in and talk cyber-crime to them for you.... again rewards are good - IT teams and chocolate really are made for eachother. Depending on which end of the UK you are, I may have someone you could try for this..... mail me if needed.

I know I'm probably teaching you to suck eggs.... however it is normally the simple stuff that catches us out....... for example some police forces are concerned that a radio with encryption may fall into the hands of undesirables.... yet they have the audio blaring out of vehicle radios, portable radios and over speaker systems in Police Stations...... Their systems are designed to be high availability, maintain integrity and yet are not confidential......

Fourth and final - how about identifying the real risks to security and potential compromise - more information is probably at risk due to people becoming vulnerable to pressure because of debt, embarrassing personal information, or secrets than is due to hacking and high-tech crime (again, ask some police buddies about the background checks that they have to do for contractors, etc). Get people thinking about CIA in their lives rather than in their work.......

So a slightly different and not very technical approach to security; but I know that this can work - I've had to present on Information Security to a room full of seasoned security professionals - strangely, I have used at least one of the techniques above - now decrypt which one it is......

Speaking of which - why not get a kid's book of codemaking/breaking and get them to send messages to and fro.......... get them thinking about all the different layers in a network and the encryption and compression that is used and get them to risk assess an installation that they know well - perhaps even CRAMM them....

Enough, I'm going into meltdown...... hope you find a useful answer to your quest - between all of us there should be at least one good nugget out there.....

cheers

Steve

I would like to suggest, as a topic, how people with handicaps work hard, graduate from college with good to excellent grades only to find out that there is a term, "you lack proper experience". This term is the way companies and their HR people get rid of handicapped people as prospective employees.
I am legally blind, have a spinal cord injury so while I walk with braces and crutches I am looked at by HR people like some sort of freak. I graduated in 1982 from a top college in New Jersey with a cumulative average of 3.79. I put in 90 hours a week between classes, homework, and required work (25 hours minimum)in the computer center, and that was not good enough as experience? I worked part time in a corporate computer center under work/study but that too meant nothing. I finally caught on. The Americans With Disabilities Act means nothing to businesses. They never got the message beyond how to make sure handicapped people like me never got into their companies since we were not "beautiful people".