1 / 18

Cyber Security Key Challenges & Way Forward

Cyber Security Key Challenges & Way Forward. Presented By: Yogesh Hinduja Associate Practice Partner Wipro Consulting Services www. Wipro.com . Global Risk Trends. Cyber Attack is considered as one of the top five in the most likely Risk in 2012 as per Global Risks Report .

jui
Télécharger la présentation

Cyber Security Key Challenges & Way Forward

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security Key Challenges & Way Forward Presented By: Yogesh Hinduja Associate Practice Partner Wipro Consulting Services www. Wipro.com

  2. Global Risk Trends • Cyber Attack is considered as one of the top five in the most likely Risk in 2012 as per Global Risks Report.

  3. Cyber Attack Trends

  4. Number of Web Sites Defaced Aug 12 Jun 12 Sep 12 Jan 12 Feb 12 Mar 12 Apr 12 May 12 Jul 12 Sources: Indian Computer Emergency Response Team

  5. Exposure to Cyber Security Social Media Security Computer Forensics Physical Access Logical Access Organization Data Cyber Security Incident Response Mobile Security

  6. Cyber Security Cell Security Operation Center Cyber Security Components Evolving Threat Research Threat Intelligence Feed Contextualized Intelligence Anomaly Detection Security Analytics Malware Detection Well Defined Structure Roles & Responsibility Skilled Resources R&D Lab & Testing Lab Standards & Best Practices Cyber Security Command Centre Interface & Interlock Law Enforcement Agency Risk Intelligence Service Providers CERT-SA Other Countries CERT & Intelligence Agencies

  7. Cyber Security Service Portfolio Cyber Security Services Strategic Advisory Service Operational / Post-Event Services BCP / DR Preparedness against Cyber attacks Cyber Security Training and Awareness Computer Forensics DDOS Test Enterprise Security Architecture Threat Modeling Social Media Security Mobile Security Simulation Exercises Regulatory Readiness(FISMA, TRA, Indian Act etc.) Cloud Security Incident Response (Virus/Malware/Botnets) Penetration Testing Vulnerability Assessment Effectiveness Measurement of Policies/Procedures/Infra Design of Security Intelligence Centre Interface & Interlock Risk Intelligence Service Provider Law Enforcement Agency CERT Enterprise Risk Management

  8. Computer Forensic Services • Computer Forensic provides a post-intrusion / incident analysis in order to identify, preserve, analyse meaningful evidence and provide a detailed forensic report and recommendation on the security incident. Computer Forensics Services Coverage

  9. Initial Study • Situation awareness, identify the potential source of data 4. Analysis Data Interpretation, Event Correlation, Chain of Custody, Pattern Matching 3. 3. Investigation Examination, Decryption, Intelligent search on information on interest 2. Data Collection Data duplication, Cloning, Extractions using specialized S/W and H/W 5. Reporting Logical Conclusion, Management and Technical Presentation • Approach for Computer Forensics The following are the broad steps involved in this assessment Media Evidence Data Information

  10. Rise in the use of Social Networking sites such as Twitter, LinkedIn, Facebook by corporate to communicate and build their brand names as well as by individual to share information increase the risk of data security • Social Media Security Social Media Security Services

  11. Approach for Social Media Security A comprehensive and structured approach for Social Media Security Assessment, Sensitive Customer Information from different sources like social engineering sites, forums, community sites, blogs and hacking sites will be gathered along with the automated tools and search engines like Google, AltaVista, Baidu etc. The following are the broad steps involved in this assessment

  12. DDOS Attack simulation on designated Server in client premises to: • Measure the performance of devices responsible for detecting and denying DDoS • traffic network access • Determine the resilience of data center, network and application • Improve the IT infrastructure security posture by recommending measures to mitigate • the risk due to the identified vulnerabilities. • DDOS Attack Simulation Objective

  13. DDOS Attack Simulation Approach 3 1 2 4 5

  14. Incident Response Service • Incident Response Service provides on field or remote analysis by experts to identify, contaminate, recover and eradicate different variety of cyber attacks to the organisation.

  15. Incident Response Service Approach • A structured and proven approach for handling and responding to any kind of Cyber Security Attacks. In line with the industry best practices and experts armored with specialized tools help customer to react effectively and immediately. • Live Data Acquisition • Log/Network Data Acquisition • OS and Database Acquisition • Analyze acquired evidences • Identify the level of impact • Identify the source of intrusion & vulnerability • Reassess the fix • Develop learning and Lessons • Training and Awareness • Secure Guidelines • Situation Awareness • Sources of information • Chain of custody • Suspected behavior • Management report on extent of Damage • Report on nature of the incident and compromise • Eradication and recovery measures • Mobilize Resources • Tools & Kits • Authorization and Approvals • Legal considerations

  16. Approach for Mobile Security At a macro level Mobile Security Assessment involves four stages viz. Information collection, Threat Profiling, Technical Security Assessment and finally documenting the observation and recommendations.

  17. Questions ?

  18. Thank You Yogesh Hinduja, Yogesh.Hinduja@Wipro.com Associate Practice Partner Wipro Consulting Services

More Related