kÜrt computer rt. computer and automation research institute (mta sztaki) university of veszprÉm
DESCRIPTION
KÜRT COMPUTER RT. COMPUTER AND AUTOMATION RESEARCH INSTITUTE (MTA SZTAKI) UNIVERSITY OF VESZPRÉM MATHEMATICS AND COMPUTING DEPARTMENT. Information Technology Security Technology and Data Insurance. KÜRT Computer. National Research and Development Program. Project leader Sándor KÜRTI dr. - PowerPoint PPT PresentationTRANSCRIPT
KÜRT COMPUTER RT.
COMPUTER AND AUTOMATION RESEARCH INSTITUTE (MTA SZTAKI)
UNIVERSITY OF VESZPRÉM MATHEMATICS AND COMPUTING DEPARTMENT
KÜRT COMPUTER RT.
COMPUTER AND AUTOMATION RESEARCH INSTITUTE (MTA SZTAKI)
UNIVERSITY OF VESZPRÉM MATHEMATICS AND COMPUTING DEPARTMENT
Information Technology Security Technology and Data Insurance
Project leader
Sándor KÜRTI dr. KÜRT Computer Rt.
National Research and Development Program
Veszprémi Egyetem
MTA SZTAKI
KÜRT Computer
Information Security Technology and Data Insurance (ISYS)
System
Risk analysis
Risk ManagementInsurance
Regulation
Traditional risk management
Security Expenditure
Level of security
Security Expenditure
Level of security
Security gap
Information Security Technology and Data Insurance (ISYS)
Risk Management in IT
IT system
Risk analysis
Risk managementInsurance
Regulation
Security Expenditure
Level of Security
Security Expenditure
Level of Security
Security Gap
Information Security Technology and Data Insurance (ISYS)
Research Targets
• Determination of value of information• Development of an up-to-date IT security
technology • Development of a comprehensive e-Risk
management program– Network security applications
– Computer-based e-Insurance methodology
Information Security Technology and Data Insurance (ISYS)
Strengths of the project
1. Technological backgrounds.
2. High level project management practice.
3. Database of information technology catastrophes and the reasons of data loss.
4. High level mathematical background.
1. Technological backgrounds.
2. High level project management practice.
3. Database of information technology catastrophes and the reasons of data loss.
4. High level mathematical background.
Information Security Technology and Data Insurance (ISYS)
• Processing of multi-valued statistical data
• Examination of internal relationships, determination of background variables
• Determination of quantitative dependencies
• Visualization of connections with introduction of new variables
• Determination of the value of the risk
• Processing of multi-valued statistical data
• Examination of internal relationships, determination of background variables
• Determination of quantitative dependencies
• Visualization of connections with introduction of new variables
• Determination of the value of the risk
2. Mathematical researches in the Risk analysis area
Information Security Technology and Data Insurance (ISYS)
First Phase: Information Collection (data security issues)
• Scientific processing of data recovery data set
• Planning of the database structure
• Analysis of the causes of data losses and data crimes
• Starting of the statistical analysis
Information Security Technology and Data Insurance (ISYS)
Scientific processing of data recovery database
• Analysis of possible damages of data storing media
• Analysis of the possible data backup and recovery methodologies
• Collecting of paper-based and electronic data recovery information
Information Security Technology and Data Insurance (ISYS)
Planning of the Database Structure
• Development of uniform data format from the backup and recovery information
• Coding of paper-based information• Harmonization and converting of electronic data• Testing of user interface of database system• Database creation
Information Security Technology and Data Insurance (ISYS)
Analysis of the causes of data losses and data crimes
• Analysis of international trends
• Analysis of the Hungarian trends
• Data loss hardware causes (appr. 70%)
• Data crimes internal workers (appr. 77%)
Information Security Technology and Data Insurance (ISYS)
Statistical analysis
• The main target – More exact determination of the value of
information from the data recovery cases
• Involving the users into the IT value estimation– Size of company, size of data storage media,
ordering value
Information Security Technology and Data Insurance (ISYS)
Assessment of the first phase
• Project tasks were done
• The data recovery database is operable
• Scientifically valuable results (publications)
• Initialization of statistical analyses for assisting the definition of value of information and risks
Information Security Technology and Data Insurance (ISYS)
Phase 2: Production of knowledge base
• Converting recovery database into the initial knowledge base
• Cryptographic protocol errors, case studies
• Assessment of market needs and possibilities
• Continuation of statistical analysis
Information Security Technology and Data Insurance (ISYS)
Converting recovery database into the initial knowledge base
• Observation matrix – Knowledge base format
• Identifiers
• Company data (industrial sector, size)
• Operating system information
• Causes of data losses
• Recoverable/Non-recoverable
• Ordered/ Not-ordered
• Price of data recovery action
Information Security Technology and Data Insurance (ISYS)
Cryptographic protocol errors, case studies
• Contingencies of cryptographic systems– Assessment for the risk management
• Case studies
• Assessments, statistical analysis
• Legal issues– Hungarian and international (EU) regulations
• Assessment of data insurance possibilities
Information Security Technology and Data Insurance (ISYS)
Assessment of market needs and possibilities
• Data insurance possibilities (Hungary, international)– Needs– Concurrent products– Client preferences– User groups
• Market possibilities – Methodology for the insurance companies– Methodology for IT companies (risk analysis)
Information Security Technology and Data Insurance (ISYS)
Continuation of statistical analysis
• Development a statistical model
• Simulation on the data recovery data set– The observatory matrix gives a solid base for
the statistical analysis
• The simulation tool proofs the goodness of the statistical analysis
Information Security Technology and Data Insurance (ISYS)
Results of the 2nd phase
• Project tasks were done• Scientifically valuable results (publications)• High level analysis of the weak points of the
cryptographic systems• Market analysis — good base for product
development and analysis• The next step in ISYS development is the
development of Business Continuity Plan and Disaster Recovery Plan and an insurance module
Information Security Technology and Data Insurance (ISYS)
3rd Project Phase: Statistical Analysis, Summary of Methodologies
• Collection and examination of multi-valued statistical methods
• Assessments
• Development of algorithms
Information Security Technology and Data Insurance (ISYS)
Collection and examination of multi-valued statistical methods
• Method selection– Single-valued– Multivalued
• Strategy for assessments– Statistical analysis on the stored data recovery
data (10,000 cases)
Information Security Technology and Data Insurance (ISYS)
Assessments
• Time functions of data losses
• Recoverable/ordered recovery cases
• Analysis of data recovery cases– Business strategy analysis– Analysis of data insurance possibilities
Information Security Technology and Data Insurance (ISYS)
Development of algorithms
• Extension of examination methods based on censored sample
• Examination of the goodness of the other analysis and solutions
• Single- and multi-valued analysis
Information Security Technology and Data Insurance (ISYS)
Evaluation of the 3rd phase
• Scientifically relevant results (publications)
• Business decisions were made based on the statistical results (in the project and in KÜRT)
• Solid base for the further developments in value estimations and insurance strategies
Information Security Technology and Data Insurance (ISYS)
4th Phase: Quality Management
• IT quality management – IT system parts
– IT business processes
– Cryptographic processes and solutions
• New developments in quality management, further improvements in our system
Information Security Technology and Data Insurance (ISYS)
IT Quality Management
• IT system parts, technological processes and organizational processes
• Uniform – Processes– Utilities– Measurement tools– Feedbacks– Reporting system
• ISO 9001:2000 based quality management system in KÜRT and in MTA SZTAKI (TÜV Rheinland)
Information Security Technology and Data Insurance (ISYS)
New developments in quality management, further improvements in our system
• Quality management trends– Software Process Improvement (SPI)– ESSI Scope measurement tools– Target: Capability Maturity Model
• IT Security trends– ISACA COBIT– BS 7799-ISO 17799
Information Security Technology and Data Insurance (ISYS)
Evaluation of 4th phase results
• ISO 9001:2000 systems in KÜRT and MTA SZTAKI
• Possible trends in improvement of quality systems (international trends) — EU trends
Information Security Technology and Data Insurance (ISYS)
Next Project Phases
• Tasks of 5th Phase– Disaster Recovery Module for IBiT (DRP module, in progress)
• Methodology for IBiT• Determination of value of damages • Risk analysis methodology• Business Continuity Processes
• Tasks of 6th Phase– Data insurance system (service pack, in progress)
• Probability of damage cases • Damage value models• Business value determinations • Insurance value determinations
Information Security Technology and Data Insurance (ISYS)
Cooperation in the consortium
• Task areas — as planned
• Workflow system — project management (Prince) (electronic tools)
• Acceptance of ready material
• Stable project staff
Information Security Technology and Data Insurance (ISYS)
Dissemination of Results
• Lectures:– Ministry of Education (2002)– Hungarian IT-Business Conference (2002)– Centennial Conference of the John von Neumann Computer
Society (invited lecture 2003)
• Scientific seminar (MTA SZTAKI)http://csillag.ilab.sztaki.hu/dms/eszigno/szeminarium.htm
• Educational courses– University of Budapest, Informatics Ph.D. programme (2002-)– University of Debrecen, Informatics Ph.D. programme (2002-)– University of Veszprém, Informatics Ph.D. programme (2001-)
Information Security Technology and Data Insurance (ISYS)
Dissemination of Results (2)
• 2 Ph.D. candidates in the project area• TV programs :
– CNN (2001)– Hungarian TV1 DELTA (2002)– Duna TV (2002)
• Awards– Innovation Award (Ministry of Informatics)
(2003)
Information Security Technology and Data Insurance (ISYS)
Thank you for your attention!
Veszprémi Egyetem
MTA SZTAKI
KÜRT Computer