SecureIT 2014 - Data Security Protecting Businesses and National Assets - G S Naveen Kumar, Special Secretary, Information Technology & Electronics, Government of Uttar Pradesh...

  • 167 views
Uploaded on

SecureIT 2014 - Data Security Protecting Businesses and National Assets - G S Naveen Kumar, Special Secretary, Information Technology & Electronics, Government of Uttar Pradesh...

SecureIT 2014 - Data Security Protecting Businesses and National Assets - G S Naveen Kumar, Special Secretary, Information Technology & Electronics, Government of Uttar Pradesh...

More in: Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
167
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Information Security Uttar Pradesh Government’s Vision Mr. G. S Naveen Kumar IAS Special Secretary IT&E, GoUP.
  • 2. Cyber world – Current Scenario  Advances in information and communications technologies have revolutionized government scientific , educational and commercial infrastructures.  The IT infrastructure has become integral part of the critical infrastructure which supports national capabilities such as power grids, emergency communication systems, financial systems , defense systems and air traffic control networks. The operational stability and security of critical information infrastructure is vital for economic security of the country.  It also enables large scale processes through out the economy by facilitating complex interactions among individuals, organizations and systems across global networks for trade and economic requirements.
  • 3. ICT Trends, Indian Prospective  Having internet penetration of 120 Million which will grow to 370Million by 2015--Mckinsey  Having mobile penetration of 26% of the population which will reach to 72% by 2016--Gartner  Having Software Exports of more than $75 Billion Dollar  Government IT spending will reach to 6.4Billion Dollar by 2014--Gartner  Having e-Commerce market of $14 Billion Dollar {2012}
  • 4. Information Security Trends & Analysis
  • 5. “ ” Our bad neighbor makes us early stirrers, Which is both healthful and good husbandry. William Shakespeare (1564–1616), King Henry, in Henry V, act 4, sc. 1, l. 6-7.
  • 6. Information Security?  “Cyberspace is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information and communication technology (ICT) devices and networks.” – National Cyber Security Policy -2013, India (NCSP-2013)  Information security in today’s enterprise is a “well- informed sense of assurance that the information risks and controls are in balance.” –Jim Anderson, Inovant (2002)
  • 7. Types of Attacks Experienced
  • 8. Changes on the Technology Landscape Affecting Security 33% 39% 47% 47% 48% 49% 51% 52% 0% 10% 20% 30% 40% 50% 60% Consumerization of IT Volume of security threats Growing organization of hackers Sophistication of security threats Interconnectivity of devices/systems Availability of easy-to-use hacking tools Cloud Computing Rise of social networking Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. IT and business executives (aka end users) responsible for security
  • 9. What Is Security?  “The quality or state of being secure--to be free from danger”  To be protected from adversaries  A successful organization should have multiple layers of security in place:  Physical security  Personal security  Operations security  Communications security  Network security
  • 10. What Is Information Security?  The protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information  Tools, such as policy, awareness, training, education, and technology are necessary  The C.I.A. triangle was the standard based on confidentiality, integrity, and availability  The C.I.A. triangle has expanded into a list of critical characteristics of information
  • 11. Business Needs First, Technology Needs Last Information security performs four important functions for a Government:  Protects the Government’s ability to function  Enables the safe operation of applications implemented on the Government’s IT systems  Protects the data the Government collects and uses  Safeguards the technology assets in use at the Government
  • 12. Protecting the Ability to Function  Management is responsible  Information security is  a management issue  a people issue  Communities of interest must argue for information security in terms of impact and cost
  • 13. Enabling Safe Operation  Organizations must create integrated, efficient, and capable applications  Organization need environments that safeguard applications  Management must not abdicate to the IT department its responsibility to make choices and enforce decisions
  • 14. Protecting Data  One of the most valuable assets is data  Without data, an organization loses its record of transactions and/or its ability to deliver value to its customers  An effective information security program is essential to the protection of the integrity and value of the organization’s data
  • 15. Safeguarding Technology Assets  Organizations must have secure infrastructure services based on the size and scope of the enterprise  Additional security services may have to be provided  More robust solutions may be needed to replace security programs the organization has outgrown
  • 16. Threats
  • 17. Top Security Threats Data: InformationWeek Strategic Security Survey of business technology and security professionals at organizations with 100 or more employees
  • 18. Threats to National security Internet has become an weapon for political, military and economic espionage  Organized cyber attacks have been witnessed  Pentagon, US. 24000 sensitive files were stolen  Estonia in April 2007  Computer systems of German Chancellery and three Ministries  E-mail accounts at National Informatics Centre, India  Key MEA divisions India get hacked every 4-5 months  Highly classified Govt. computer networks in New Zealand & Australia  Most Govt. agencies and companies around the world use common computing technologies & systems that are frequently penetrated by criminal hackers and malware.  Traditional protective measures are not enough to protect against attacks such as those on Estonia, as the complexity and coordination in using the botnets was totally new. National networks with less sophistication in monitoring and defense capabilities could face serious problems to National security.
  • 19. Threats to National security Contd.  Report by Arbor Networks- Key India-Specific findings  Drastic increase in Reported Attacks on Government and Financial Services Organizations in India  End-Users or subscribers most common target type, financial and e-commerce services tie for second place.  Significant increase seen in attacks against financials and government, with 34 percent and 43 percent reporting cyber threats and attacks respectively, up from last year’s 15 percent and 19 percent respectively. Cyber attacks against Indian Government and financial organizations witness more than 100 percent jump Source: InformationWeek, February26, 2014
  • 20. Uttar Pradesh:- Information Security Plan  The Government of UP has envisioned the Information Security plan which is aligned with GoUP IT Policy 2012 & National Cyber Security Policy -2013  Implementation of Industries Best Security Practices such as ISO 27001:2013 etc.  Setting up of State Cyber Security Incident Response Team  Encourage wider usage of Public Key Infrastructure (PKI) within Government for trusted communication & Transactions  Set up Information Sharing & Analysis Centres (ISACs) in various sectors and cooperate with the sectorial CERTs at the operational level.  Critical shortage of cyber security professionals need to be tackled in mission mode with innovative recruitment and placement procedures along with specialized training of existing manpower.  Establishing a competency framework to assess skills required, identify gaps, and devise strategies and programmes for capacity-building. This may include designing security certification schemes for IT professionals and advising cyber security related curriculum for formal sector (B.Tech, M.Tech., MBA etc).
  • 21. Uttar Pradesh:- Information Security Plan Contd.  Work towards establishing a multi-disciplinary Centre of Excellence (COEs) in Cyber security areas including best practices, forensics, cyber crime investigation, studies, research and international frameworks/ institutions.  Given the role of security standards and audit in enhancing the level of preparedness and assurance in cyber security, the private sector would be an active partner in undertaking the following activities:  Define baseline security standards and practices/guidelines for the critical sector organizations/Departments & various e-Governance Projects in Uttar Pradesh  Define enhanced standards and guidelines for organizations/Departments that fall in the high risk category i.e. the critical information infrastructure organizations  Laying down of security standards and guidelines for acquisition of IT products and services. Develop protection profiles, capturing users’ cyber security concerns, to aid the procurement of IT products as well as compliance verification of IT products prior to deployment  Work jointly towards the establishment of Institute of Cyber Security Professionals of India (similar to ICAI for CAs). This could be an autonomous institution under the patronage of MCIT  Make cyber security audit mandatory
  • 22. Thank You