1 / 32

ITU Regional Workshop on Bridging the Standardization Gap

ITU Regional Workshop on Bridging the Standardization Gap. Information and Network Security. Presentation by Philip Victor & Shahbaz Khan. Nadi , Fiji. 4 th – 6 th July 2011. About ITU-IMPACT. Global Coalition. ITU-IMPACT.

diep
Télécharger la présentation

ITU Regional Workshop on Bridging the Standardization Gap

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ITU Regional Workshop on Bridging the Standardization Gap Information and Network Security Presentation by Philip Victor & Shahbaz Khan Nadi, Fiji 4th – 6th July 2011

  2. About ITU-IMPACT

  3. Global Coalition ITU-IMPACT The International Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurity executing arm of the United Nations’ (UN) specialised agency - the International Telecommunication Union (ITU) - bringing together governments, academia and industry experts to enhance the global community’s capabilities in dealing with cyber threats.

  4. Framework for International Cooperation ITU’s Global Cybersecurity Agenda (GCA) ITU’s Global Cybersecurity Agenda (GCA) – UN backed framework to enhance confidence and security in the information society. Global Cybersecurity Agenda

  5. Operationalising the Global Cybersecurity Agenda

  6. Global Coalition Industry Experts Academia International Bodies Think Tank IMPACT’s Global Alliances Expertise Technology Skills Resources Experience Cybersecurity services 192 Partner Countries UN System

  7. 134 countries have joined the ITU-IMPACT coalition Cybersecurity Services Deployed

  8. 2009 - 2011 ITU-IMPACT Milestones Global Response Centre • Deployed cybersecurity services across 100 over countries globally • Incident remediation coordination by the Global Response Centre for various governments globally • Conducted cybersecurity assessments/workshops for 24 countries globally Centre for Training & Skills Development • Trained over 200 cybersecurity professionals and practitioners in 2010 • Deployed 180 scholarships to 31 partner countries globally (SANS & EC-Council) • Trained 50 law enforcement officers globally on Network Investigation Centre for Policy & International Cooperation • Conducted 7 high level briefings with industry partners for over 300 participants from partner countries • ITU-IMPACT Partner Forum – participation from 7 global industry partners • IMPACT collaborated with the US Department of Defense to sponsor the international category winners for the DC3 Forensics challenge in 2009 and 2010 Centre for Research and Security Assurance • Successfully implemented IMPACT Government Security Scorecard (IGSS) for Malaysian Administration and Modernisation Planning Unit (MAMPU), Prime Minister’s Department, Malaysia

  9. Information & Network Security

  10. Technology Trend Introduction - Information Security Stone Iron Industry Information Age! The world has now moved from NATURAL RESOURCES to INFORMATION ECONOMY Today, information is a key asset of almost every organization and individual!

  11. Information Security Space Intro. - Information Security Basic IdeaCIA

  12. Security Scenarios (Confidentiality) Information Security – Key Areas • Once spying was person against person, country against country. • Today, cyber criminals sit on fiber-optic cables and our Wi-Fi networks. • They steal data and information without breaking any glass. • Keeping data confidential is one core mission of information security

  13. Incorrect Information (Integrity) Information Security – Key Areas • Wrong information is worse than no information. • When users of information lose confidence that the information is accurate, they’ll never rely on it. • Maintaining data integrity is also a core mission of information security.

  14. Inaccessible Information (Availability) Information Security – Key Areas • Information security doesn’t mean locking everything down. • If people don’t have the information they need, they can’t do their jobs. • Information security professionals must be able to balance access to information and the risk of damage. • A third core mission of Information Security is making information available when needed.

  15. How to start? Information Security

  16. Things to do

  17. Your Infrastructure Mobile Phones Laptops Desktops Tablets

  18. Even Your Servers

  19. Can have known/unknown Vulnerabilities.

  20. Security tasks

  21. Internet Vulnerability Assessment Vulnerability Scanning for all devices in the network

  22. Internet Vulnerability Assessment External Scanner Internal Scanner

  23. Internet Penetration Testing Identify critical infrastructure vulnerabilities within organizations

  24. Internet Penetration Testing External Hacker External Pen-testing Identify critical vulnerabilities that exist on all internet accessible services.

  25. Internet Penetration Testing Internal Attacker Internal Pen-testing Identify security vulnerabilities that can be exploited by internal users.

  26. Web Application Assessment Attacker (Browser) HTTP/HTTPS (Transport Layer) IIS, APACHE, etc. (Middle Tier) MSSQL. MYSQL, etc. (Database Tier) Identify security vulnerabilities and exploitable elements residing within the web applications.

  27. Reactive Services Incident Response & Handling Alerts & Warning Disseminating information related to computer security Responding to Request and analyzing incidents

  28. Internet Proactive Services Log Retention & Management Aggregation and storing of network and application logs for archival process and analysis.

  29. Internet Data Leakage Prevention Technology focused at stemming the loss of sensitive information in your organization.

  30. Human Capacity Building Provide quality and current information security trainings

  31. Things to do - Summary Internal Pen Testing External Pen Testing Compliance Management and Monitoring Data Leakage Protection Incident Handling Systems Web Application Assessment Proactive Services Reactive Services ITU – IMPACT Human Capacity Building Vulnerability Management CIRT Log Retention Management Alerts & Warnings IDS Honey Net CSIMS

  32. Thank you www.facebook.com/impactalliance

More Related