Abstract: . . .  OpenSSL) & Debian servers cracked by kernal flaw in 2.4 ? Unix(all): – XDR (External Data Representation) Library—Kerbos, SunRPC, DMI, et. al. ? SQLServer: – SQLSnake worm, Slammer worm ? Apache Web Server (56% of all Websites) ? DNS servers – Denial-of-Service attack ? PHP scripting language ? OpenSSH – contained a Trojan horse ? SSL (SSH, https): – man-in-the-middle spoofing ? Microsoft Passport ? Cisco – flaw in the Windows version of Secure Access Control Server software, plus LEAP dictionary attacks © 2004 Marc-André Léger marcandre@leger.ca Page 12 No technology is safe ? Oracle – issued patches for E-Business Suite, Database Server, and 9i Release 2 ? LASEC (Swiss group): – Cracks Windows passwords in 5-30 seconds (on-line demo), requires only . . .
. . .  15.1.2 Intellectual property rights (IPR) – Control 15.1.3 Safeguarding of organizational records – Control 15.1.4 Data protection and privacy of personal information – Control 15.1.5 Prevention of misuse of information processing facilities – Control 15.1.6 Regulation of cryptographic controls ? COMPLIANCE WITH SECURITY POLICIES AND STANDARDS – Control 15.2.1 Compliance with security policy and standards – Control 15.2.2 Technical compliance checking ? INFORMATION SYSTEMS AUDIT CONSIDERATIONS – Control 15.3.1 Information systems audit controls – Control 15.3.2 Protection of information systems audit tools marcandre@leger.ca © 2004 Marc-André Léger  . . .
. . .  13.2.1 Responsibilities and procedures – Control 13.2.2 Learning from information security incidents – Control 13.2.3 Collection of evidence. © 2004 Marc-André Léger marcandre@leger.ca Page 46 Section 14 BUSINESS CONTINUITY MANAGEMENT ? INFORMATION SECURITY ASPECTS OF BUSINESS CONTINUITY MANAGEMENT – Control 14.1.1 Including information security in the business continuity management process – Control 14.1.2 Business continuity and risk assessment – Control 14.1.3 Developing and implementing continuity plans including information security – Control 14.1.4 Business continuity planning framework – Control 14.1.5 Testing, maintaining and re-assessing business continuity plans © 2004 Marc-André Léger marcandre@leger.ca Page 47 Section 15 COMPLIANCE . . .
. . .  Banks – Government – Consulting Firms – Schools and Universities – Insurance Companies – Hospitals Everybody! © 2004 Marc-André Léger marcandre@leger.ca Page 29 Security Management in Healthcare Using ISO /IEC 17799 © 2004 Marc-André Léger marcandre@leger.ca Page 30 Security Management in Health Using ISO /IEC 17799 Developped by TC215 – WG4 to provide detailed guidance to healthcare organisations implementing ISO /IEC 17799 :2000 © 2004 Marc-André Léger marcandre@leger.ca Page 31 ISO /IEC 17799 © 2004 Marc-André Léger marcandre@leger.ca Page 32 Revised text of ISO /IEC 17799 (FCD Ballot) as of October 2004 ? In FCD Ballot ? Expected international standard early 2005 ? Canadian standard aprouval process to follow © 2004 Marc-André Léger marcandre@leger.ca . . .
--3000,4,375,3231,18104