Calculating Your Security Risk VIDEO by WatchIT

CALCULATING YOUR SECURITY RISK
Video on DVD or VHS
by WatchIT, featuring Peter S. Tippett
New 2005 Edition

- What are the top 10 tips for strengthening security?
- How can an organization determine its risk equation?
- What really goes wrong when security is compromised?
- Is there a list of these wrongs, such as maintenance problems, viruses, and
malicious intruders?
- How can an organization be secured, including essential security practices, timely
risk information and verification and support processes?
- Does the program demonstrate how to make good computer security decisions
through the risk equation?
- Is there practical advice for securing an enterprise?

- - - - - - -

Peter Tippett, Chief Technology Officer of TruSecure Corp., presents a comprehensive look
at security in the enterprise and explains how to determine your company’s security risk.
Tippett reveals the top 10 tips for strengthening security, shows how to determine your
organization’s risk equation, and looks at what really goes wrong when security is
compromised. The list of what goes wrong includes maintenance problems, viruses, and
malicious intruders. Finally, he looks at approaches to secure your organization, including
essential security practices, timely risk information and verification and support processes.
This program will show IT managers how to make good computer security decisions through
the risk equation, and provides practical advice for securing an enterprise.

This revised version has been updated with new multimedia resources, such as Web links
and white papers.

By watching this program, you will:
- Understand the three components of computer security risk: threat, vulnerability,
and cost;
- Learn several approaches to computer security that are simpler, more targeted,
and less infringing than those most companies tend to employ; and
- Be able to make good computer security decisions through the risk equation.

The CD version of the program includes easy access to Web links that include: ‘Assessing
Internet Security Risk, Part One: What is Risk Assessment?’; ‘Calculating the Risk
Equation’;
‘Detecting and Removing Malicious Code’; ‘Easy Does It’; ‘Managing IT Security Risk in a
Dangerous World’; ‘Security Risk Assessment’ and ‘The Myths of Security.’ White papers
include: ‘Cyberdefense: A Matter of Scale and Budget’; ‘Information Security in Today's
Business World’; ‘Keep It Simple: Making Your Enterprise More Secure With Less Effort’
and
the ‘TruSecure Anti-Virus Policy Guide.’

- - - - - - -

PROGRAM TOPICS:

INTRODUCTION
- AGENDA
BRIEF OVERVIEW OF TRUSECURE
- How TruSecure Measures Risk
- Most Organizations Worry About the Wrong Things in Computer Security
THE RISK EQUATION
- Risk Has Three Components: Threat, Vulnerability, and Cost
- Threat Is a Component of Risk
- The Measure of Threat Is the Rate of Frequency
- Vulnerability Is a Component of Risk
- Correct and Incorrect Ways to Approach Organizational Vulnerability
- Examples of Vulnerability Prevalence
- Firewalls Do Not Cancel Vulnerability
- Cost Is a Component of Risk
- Risk Equals Threat Times Vulnerability Times Cost
- Focus on the Top Ten
- Better Encryption Does Not Necessarily Help
- It Is Very Hard to Sniff the Internet
- What Is the Loss If a Credit Card Is Lost?
- Risk Conclusion: Learn to Worry Correctly
WHAT REALLY GOES WRONG
- Some Issues Are Easily Solved: Misconfiguration and Spoofing
- Some Issues Are Easily Solved: Upgrades Protect Against Old Vulnerabilities
- Easy Things Go Wrong in Many Places
- High-Cost Problems: Viruses, Trojan Horses, and Worms
RISK ANALYSIS: APPROACHES THAT WORK
- Six Categories of Risk: Electronic Risk
- Six Categories of Risk: Malicious Code Risk
- Six Categories of Risk: Privacy
- Six Categories of Risk: Downtime
- Six Categories of Risk: Physical Risk
- Six Categories of Risk: Human Factors Risk
- Summary: Six Categories of Risk
- The Need for Low-Cost, Low-Infringement Security
- Balancing Low Cost With Low Infringement
- Airline Safety Example
- Holistic, Dynamic Risk Reduction
- Determining Essential Security Practices
- Timely Risk Information
- Vulnerability Information Is Less Useful
- Targeted Risk Information Is The Most Useful
- Mistakes Must Be Caught and Corrected
- Summary: The TruSecure Approach to Risk Analysis
- Utilizing Synergistic Controls
- Different Types of Risk Alerts
- Different Types of Risk Alerts: Important
- Different Types of Risk Alerts: Hot Items
- Different Types of Risk Alerts: Red-Hot Items
- CONCLUSION

- - - - - - -

ABOUT THE PRESENTER

Dr. Peter S. Tippett is vice chairman and chief technologist of TruSecure Corporation, a
leader in managed security solutions. He is also chief scientist at ICSA Labs, and the
executive publisher of Information Security magazine. He specializes in utilizing large-scale
risk models and research to create pragmatic, corporate-wide security programs. Dr. Tippett
is a sought-after speaker, and has been interviewed for national and international print,
online
and broadcast media and has briefed and consulted with Congress, the Senate, the Joint
Chiefs of Staff, and numerous organizations and governments on practical approaches to
computer security.

Prior to joining TruSecure, Dr. Tippett was director of security and enterprise products at the
Peter Norton Group of Symantec Corporation. He is credited with creating one of the first
commercial antivirus products, which became Symantec's Norton AntiVirus. He was
president and founder of Certus International Corporation, a publisher and developer of
leading PC antivirus, security and enterprise management software. Dr. Tippett is the
recipient of the 1998 Entrepreneur of the Year Award presented by Ernst & Young. He is a
trained scientist with a Ph.D. and MD from Case Western Reserve University, and studied at
the Rockefeller University under Drs. R.B. Merrifield (Nobel Prize, 1980) and S. Moore
(Nobel Prize, 1973).

- - - - - - -
February, 2005, Video (DVD or VHS - Specify), 44 minutes.
Order #DR686
- `- - - - - -