Your SlideShare is downloading. ×
Information Security Challenges & Opportunities
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Information Security Challenges & Opportunities

528

Published on

Presentation given in August 2008, at the Launch of Secure Pakistan Initiative by NetSol Technologies Inc.

Presentation given in August 2008, at the Launch of Secure Pakistan Initiative by NetSol Technologies Inc.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
528
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 1 Information Security Challenges and Opportunities M. Faisal Naqvi, CISSP, CISA MS (E-Com) Gold (PU), CMA inter (ICMA) 27001 A (IRCA, UK), 27001 Implr (IT Gov, UK) Associate Member of Business Continuity Institute Senior Consultant – Information Security
  • 2. © 2008 NetSol Technologies, Inc. All rights reserved Information Security (A-I-C)  Availability  Integrity  Confidentiality
  • 3. © 2008 NetSol Technologies, Inc. All rights reserved Dependence on IT  Almost every Government Department  Banks including ATM network, Stock Exchanges & Brokers  Telecommunication & Mobile Companies  Electronic and Print Media  Software houses and Call centers  Other Private companies including MNCs
  • 4. © 2008 NetSol Technologies, Inc. All rights reserved Challenges to Information Availability  ATM Network/Credit Card  Mobile Network/Mobile Card Charging Sys  Call Centers  TV Channels  Internet Service Provider  Stock Exchange Application
  • 5. © 2008 NetSol Technologies, Inc. All rights reserved Attacks on Availability of Information  Denial of Service (DoS) Attacks  Distributed DoS (D-DoS) Attacks  Malicious act by disgruntled employee  Power Failure  Natural/Man-made Disasters like Fire, Flood, Storm, Earthquake, Strike and Terrorism
  • 6. © 2008 NetSol Technologies, Inc. All rights reserved Challenges to Information Integrity  Balance of Rs.9,000/- in bank is changed to Rs.9,000,000/-  Tempering of NADRA records  Changing CSS exam results  Changing ownership of Vehicle / Land in E-Records  Tempering Share Prices of Stock  Phishing  Electronic Stalking  Salami Attacks
  • 7. © 2008 NetSol Technologies, Inc. All rights reserved Attacks on Information Integrity  Hacking  SQL injection  Insiders / Employees  Weak cryptographic algorithms  Buffer overflow  Malicious Code
  • 8. © 2008 NetSol Technologies, Inc. All rights reserved Challenges to Confidentiality of Information  Source Code/Trade Secret Theft  Tenders Quotation Disclosure  Clients Information Stealing  Govt. Sensitive Information Leakage  Mobile Usage and Personal Information  Online Bank Account Password  ATM Pins
  • 9. © 2008 NetSol Technologies, Inc. All rights reserved Attacks on Confidentiality of Information  Employees  Social Engineering  Hacking  SQL Injection  Key Loggers (software/hardware)
  • 10. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins
  • 11. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  • 12. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  • 13. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  • 14. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  • 15. © 2008 NetSol Technologies, Inc. All rights reserved How to Overcome these challenges  Pro-active approach rather than Reactive  Preventive Controls rather than Corrective
  • 16. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Availability of Information  Firewalls  Intrusion Detection Systems  Intrusion Prevention Systems  Anomaly Detection Systems  Antivirus  Business Continuity Management  Disaster Recovery Planning
  • 17. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Integrity of Information  Application Security  Segregation and Rotation of Duties  Strong Cryptography  Access Control  Application Vulnerability Assessment  Application Penetration Testing
  • 18. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Confidentiality of Information  Access Control  Training and Awareness  Anti spy ware  Extrusion Prevention Systems
  • 19. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security  Strength of overall Information Security is not more than one weakest element  Need for a system which can ensure the A-I-C in a comprehensive manner  ISO-27001 Information Security Management System (ISMS)  ISMS 133 countermeasures to control all possible Threats and Vulnerabilities
  • 20. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security  Periodic Audits and Assessments through independent neutral organizations  Vulnerability Assessments  Penetration Tests through Ethical Hackers
  • 21. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security by Govt.  Electronic Transaction Ordinance (ETO), 2002  Prevention of Electronic Crime Ordinance (PECO) 2007  National Response Centre for Cyber Crimes (NR3C), FIA  Information & Communication Technology (ICT) Tribunals
  • 22. © 2008 NetSol Technologies, Inc. All rights reserved Electronic Transaction Ordinance 36. Violation of privacy of information Protects Confidentiality 37. Damage to information system, etc. Protects Integrity and Availability
  • 23. © 2008 NetSol Technologies, Inc. All rights reserved Prevention of Electronic Crime Ordinance (Crimes) 3. Criminal Access 4. Criminal Data Access 5. Data Damage 6. System Damage 7. Electronic Fraud 8. Electronic Forgery 9. Misuse of Electronic System or Device 10. Unauthorized access to code
  • 24. © 2008 NetSol Technologies, Inc. All rights reserved Prevention of Electronic Crime Ordinance 11. Misuse of Encryption 12. Malicious Code 15. Cyber Stalking 16. Spamming 17. Spoofing 18. Unauthorized interception 19. Cyber Terrorism 20. Enhanced punishment for offences involving electronic systems
  • 25. © 2008 NetSol Technologies, Inc. All rights reserved ?
  • 26. © 2008 NetSol Technologies, Inc. All rights reserved Thank You

×