Information Security Challenges & Opportunities

675
-1

Published on

Presentation given in August 2008, at the Launch of Secure Pakistan Initiative by NetSol Technologies Inc.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
675
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Information Security Challenges & Opportunities

  1. 1. 1 Information Security Challenges and Opportunities M. Faisal Naqvi, CISSP, CISA MS (E-Com) Gold (PU), CMA inter (ICMA) 27001 A (IRCA, UK), 27001 Implr (IT Gov, UK) Associate Member of Business Continuity Institute Senior Consultant – Information Security
  2. 2. © 2008 NetSol Technologies, Inc. All rights reserved Information Security (A-I-C)  Availability  Integrity  Confidentiality
  3. 3. © 2008 NetSol Technologies, Inc. All rights reserved Dependence on IT  Almost every Government Department  Banks including ATM network, Stock Exchanges & Brokers  Telecommunication & Mobile Companies  Electronic and Print Media  Software houses and Call centers  Other Private companies including MNCs
  4. 4. © 2008 NetSol Technologies, Inc. All rights reserved Challenges to Information Availability  ATM Network/Credit Card  Mobile Network/Mobile Card Charging Sys  Call Centers  TV Channels  Internet Service Provider  Stock Exchange Application
  5. 5. © 2008 NetSol Technologies, Inc. All rights reserved Attacks on Availability of Information  Denial of Service (DoS) Attacks  Distributed DoS (D-DoS) Attacks  Malicious act by disgruntled employee  Power Failure  Natural/Man-made Disasters like Fire, Flood, Storm, Earthquake, Strike and Terrorism
  6. 6. © 2008 NetSol Technologies, Inc. All rights reserved Challenges to Information Integrity  Balance of Rs.9,000/- in bank is changed to Rs.9,000,000/-  Tempering of NADRA records  Changing CSS exam results  Changing ownership of Vehicle / Land in E-Records  Tempering Share Prices of Stock  Phishing  Electronic Stalking  Salami Attacks
  7. 7. © 2008 NetSol Technologies, Inc. All rights reserved Attacks on Information Integrity  Hacking  SQL injection  Insiders / Employees  Weak cryptographic algorithms  Buffer overflow  Malicious Code
  8. 8. © 2008 NetSol Technologies, Inc. All rights reserved Challenges to Confidentiality of Information  Source Code/Trade Secret Theft  Tenders Quotation Disclosure  Clients Information Stealing  Govt. Sensitive Information Leakage  Mobile Usage and Personal Information  Online Bank Account Password  ATM Pins
  9. 9. © 2008 NetSol Technologies, Inc. All rights reserved Attacks on Confidentiality of Information  Employees  Social Engineering  Hacking  SQL Injection  Key Loggers (software/hardware)
  10. 10. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins
  11. 11. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  12. 12. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  13. 13. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  14. 14. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  15. 15. © 2008 NetSol Technologies, Inc. All rights reserved How to Overcome these challenges  Pro-active approach rather than Reactive  Preventive Controls rather than Corrective
  16. 16. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Availability of Information  Firewalls  Intrusion Detection Systems  Intrusion Prevention Systems  Anomaly Detection Systems  Antivirus  Business Continuity Management  Disaster Recovery Planning
  17. 17. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Integrity of Information  Application Security  Segregation and Rotation of Duties  Strong Cryptography  Access Control  Application Vulnerability Assessment  Application Penetration Testing
  18. 18. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Confidentiality of Information  Access Control  Training and Awareness  Anti spy ware  Extrusion Prevention Systems
  19. 19. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security  Strength of overall Information Security is not more than one weakest element  Need for a system which can ensure the A-I-C in a comprehensive manner  ISO-27001 Information Security Management System (ISMS)  ISMS 133 countermeasures to control all possible Threats and Vulnerabilities
  20. 20. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security  Periodic Audits and Assessments through independent neutral organizations  Vulnerability Assessments  Penetration Tests through Ethical Hackers
  21. 21. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security by Govt.  Electronic Transaction Ordinance (ETO), 2002  Prevention of Electronic Crime Ordinance (PECO) 2007  National Response Centre for Cyber Crimes (NR3C), FIA  Information & Communication Technology (ICT) Tribunals
  22. 22. © 2008 NetSol Technologies, Inc. All rights reserved Electronic Transaction Ordinance 36. Violation of privacy of information Protects Confidentiality 37. Damage to information system, etc. Protects Integrity and Availability
  23. 23. © 2008 NetSol Technologies, Inc. All rights reserved Prevention of Electronic Crime Ordinance (Crimes) 3. Criminal Access 4. Criminal Data Access 5. Data Damage 6. System Damage 7. Electronic Fraud 8. Electronic Forgery 9. Misuse of Electronic System or Device 10. Unauthorized access to code
  24. 24. © 2008 NetSol Technologies, Inc. All rights reserved Prevention of Electronic Crime Ordinance 11. Misuse of Encryption 12. Malicious Code 15. Cyber Stalking 16. Spamming 17. Spoofing 18. Unauthorized interception 19. Cyber Terrorism 20. Enhanced punishment for offences involving electronic systems
  25. 25. © 2008 NetSol Technologies, Inc. All rights reserved ?
  26. 26. © 2008 NetSol Technologies, Inc. All rights reserved Thank You
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×