320 likes | 471 Views
ITU Regional Workshop on Bridging the Standardization Gap. Information and Network Security. Presentation by Philip Victor & Shahbaz Khan. Nadi , Fiji. 4 th – 6 th July 2011. About ITU-IMPACT. Global Coalition. ITU-IMPACT.
E N D
ITU Regional Workshop on Bridging the Standardization Gap Information and Network Security Presentation by Philip Victor & Shahbaz Khan Nadi, Fiji 4th – 6th July 2011
Global Coalition ITU-IMPACT The International Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurity executing arm of the United Nations’ (UN) specialised agency - the International Telecommunication Union (ITU) - bringing together governments, academia and industry experts to enhance the global community’s capabilities in dealing with cyber threats.
Framework for International Cooperation ITU’s Global Cybersecurity Agenda (GCA) ITU’s Global Cybersecurity Agenda (GCA) – UN backed framework to enhance confidence and security in the information society. Global Cybersecurity Agenda
Global Coalition Industry Experts Academia International Bodies Think Tank IMPACT’s Global Alliances Expertise Technology Skills Resources Experience Cybersecurity services 192 Partner Countries UN System
134 countries have joined the ITU-IMPACT coalition Cybersecurity Services Deployed
2009 - 2011 ITU-IMPACT Milestones Global Response Centre • Deployed cybersecurity services across 100 over countries globally • Incident remediation coordination by the Global Response Centre for various governments globally • Conducted cybersecurity assessments/workshops for 24 countries globally Centre for Training & Skills Development • Trained over 200 cybersecurity professionals and practitioners in 2010 • Deployed 180 scholarships to 31 partner countries globally (SANS & EC-Council) • Trained 50 law enforcement officers globally on Network Investigation Centre for Policy & International Cooperation • Conducted 7 high level briefings with industry partners for over 300 participants from partner countries • ITU-IMPACT Partner Forum – participation from 7 global industry partners • IMPACT collaborated with the US Department of Defense to sponsor the international category winners for the DC3 Forensics challenge in 2009 and 2010 Centre for Research and Security Assurance • Successfully implemented IMPACT Government Security Scorecard (IGSS) for Malaysian Administration and Modernisation Planning Unit (MAMPU), Prime Minister’s Department, Malaysia
Technology Trend Introduction - Information Security Stone Iron Industry Information Age! The world has now moved from NATURAL RESOURCES to INFORMATION ECONOMY Today, information is a key asset of almost every organization and individual!
Information Security Space Intro. - Information Security Basic IdeaCIA
Security Scenarios (Confidentiality) Information Security – Key Areas • Once spying was person against person, country against country. • Today, cyber criminals sit on fiber-optic cables and our Wi-Fi networks. • They steal data and information without breaking any glass. • Keeping data confidential is one core mission of information security
Incorrect Information (Integrity) Information Security – Key Areas • Wrong information is worse than no information. • When users of information lose confidence that the information is accurate, they’ll never rely on it. • Maintaining data integrity is also a core mission of information security.
Inaccessible Information (Availability) Information Security – Key Areas • Information security doesn’t mean locking everything down. • If people don’t have the information they need, they can’t do their jobs. • Information security professionals must be able to balance access to information and the risk of damage. • A third core mission of Information Security is making information available when needed.
How to start? Information Security
Your Infrastructure Mobile Phones Laptops Desktops Tablets
Can have known/unknown Vulnerabilities.
Internet Vulnerability Assessment Vulnerability Scanning for all devices in the network
Internet Vulnerability Assessment External Scanner Internal Scanner
Internet Penetration Testing Identify critical infrastructure vulnerabilities within organizations
Internet Penetration Testing External Hacker External Pen-testing Identify critical vulnerabilities that exist on all internet accessible services.
Internet Penetration Testing Internal Attacker Internal Pen-testing Identify security vulnerabilities that can be exploited by internal users.
Web Application Assessment Attacker (Browser) HTTP/HTTPS (Transport Layer) IIS, APACHE, etc. (Middle Tier) MSSQL. MYSQL, etc. (Database Tier) Identify security vulnerabilities and exploitable elements residing within the web applications.
Reactive Services Incident Response & Handling Alerts & Warning Disseminating information related to computer security Responding to Request and analyzing incidents
Internet Proactive Services Log Retention & Management Aggregation and storing of network and application logs for archival process and analysis.
Internet Data Leakage Prevention Technology focused at stemming the loss of sensitive information in your organization.
Human Capacity Building Provide quality and current information security trainings
Things to do - Summary Internal Pen Testing External Pen Testing Compliance Management and Monitoring Data Leakage Protection Incident Handling Systems Web Application Assessment Proactive Services Reactive Services ITU – IMPACT Human Capacity Building Vulnerability Management CIRT Log Retention Management Alerts & Warnings IDS Honey Net CSIMS
Thank you www.facebook.com/impactalliance