Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
ในงาน THE FIRST NIDA BUSINESS ANALYTICS AND DATA SCIENCES CONTEST/CONFERENCE จัดโดย คณะสถิติประยุกต์และ DATA SCIENCES THAILAND
4. • Technology Is Concrete
• Can visualize devices and transmission lines
• Can understand device and software operation
• Management Is Abstract
• Management Is More Important
• Security is a process, not a product (Bruce Schneier)
4
Management is the Hard Part
5. Courses
• Information Security Management
• Computer and Network Security
• Information Security Risk Analysis
• Software Development Security
• Information Security Policy
• Internet Security
• Database Security
• Software Development Security
• Cloud Computing Security
• Penetration Testing and Vulnerability Analysis
• Digital Forensics and Investigations
7. • Identify Current IT Security Gaps
• Identify Driving Forces
• The threat environment
• Compliance laws and regulations
• Corporate structure changes, such as mergers
• Identify Corporate Resources Needing
Protection
• Enumerate all resources
• Rate each by sensitivity
7
Strategic IT Security Planning
8. • Develop Remediation Plans
• Develop a remediation plan for all security gaps
• Develop a remediation plan for every resource unless
it is well protected
• Develop an Investment Portfolio
• You cannot close all gaps immediately
• Choose projects that will provide the largest returns
• Implement these
8
Strategic IT Security Planning
9. In The News
Stealing Money using fake ID
IDENTITY THEFT
SOCIAL
ENGINEERING
OTP
TWO-FACTOR
AUTHENTICATION
10. Campus Area Networks
AAA Server
DHCP Server
ESA/WSA
Web ServerEmail Server
VPN
Hosts
Layer 3 Switches
Layer 2 Switches
IPSFirewall
Internet
11. Small Office and Home Office Networks
Wireless Router
Layer 2 Switch
Internet
13. The Evolving Network Border
• Critical MDM functions for BYOD network
– Data encryption
– PIN enforcement
– Data wipe
– Data loss prevention
– Jailbreak/root detection
14. The Hacker & The Evolution of Hackers
Modern hacking titles:
• Script Kiddies
• Vulnerability Brokers
• Hacktivists
• Cyber Criminals
• State-Sponsored Hackers
Traditional Hackers
• Motivated by thrill, validation of skills,
sense of power
• Motivated to increase reputation among
other hackers
• Often do damage as a byproduct
• Often engage in petty crime
27. Next Generation Firewall (NGFW)
• An integrated network platform that combines a
traditional firewall with other network device
filtering functionalities such as an application
firewall using in-line deep packet inspection (DPI),
an intrusion prevention system (IPS)