1. Security, Present and Future
Marco Melo Raposo
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
2. Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
3. Present Day…
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
4. World in 201x…
Source: Economist, world in 2012
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
5. 2010 CSI Annual report
• Malware infection continued to be the most commonly seen
attack
• Fewer financial fraud incidents than in previous years (8.7%)
• 45.6% subject of at least one targeted attack.
• Fewer organizations are willing to share specific information
about losses.
• Regulatory compliance efforts have had a positive effect.
• Activities of malicious insiders NOT perceived as source of
losses (59.1%). Only 39.5 can confirm the fact for sure.
• 51.1 % still not using cloud computing.
Source: CSI annual report 2011
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
6. 2010 - Attacks Experienced
• Malware and Bot
activity increasing
• Phishing almost on 40%
• Inside abuse
decreasing
• “Legacy” menaces
decreasing impact
Source: CSI annual report 2011
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
7. Security Spending 2011-2015
Source: IDC, 2011
• Security spending will almost double in
4 years
• NAR spends twice as much as EMEA or
APAC
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
8. Accelerators & Inhibitors
Compliance
Convergence Economy
Industry transformation Profits
Customer Demand
The digital marketplace
Hardware
Pervasive computing Services
Green IT
Saturation
Source: IDC Jan 2011
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
9. Regulation
Relevant Regulation
• Directive 2009/136/CE - Serviço universal e aos direitos dos utilizadores,
tratamento de dados pessoais e à protecção da privacidade e cooperação
entre as autoridades nacionais
• Lei n.º 109/2009 - Lei do cibercrime
• Lei 67/ 98 – Lei da Protecção de Dados Pessoais
Recent Changes in Portuguese Regulation
• “Segurança e Integridade de Redes e Serviços” (lei n.º 51/2011)
• “Protecção de Infra-estruturas Críticas” (dl n.º 62/2011
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
10. Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
11. The Hot Topics
Consumer
devices gone Society
wild
Web 2.0 (Or not)
Electronic Cloud
Payments Security
Digital
Corporate footprint
Reputation
Information Endpoint
Systems
Warfare Security
Electronic ID
Privacy, accountability and trust
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
12. Work-Life balance
Community Organization
Cu re
ltu ltu
re
Cu
Human People Processes
Emergence Emergence
Relations
s Hum
ct or a nF
a act
a nF ors
Hum
World Technology
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
13. The Ghost Net
March, 2009
A study revealed the a malware-based cyber espionage network called GhostNet
Four control servers allowed attacker to control and receive data from compromised
computers.
A wide-ranging network of compromised computers: At least 1,295 infected
computers in 103 countries was detected.
30% of the infected computers considered high-value: Ministries of foreign affairs of
Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan;
embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan,
Portugal, Germany and Pakistan; the ASEAN ,Secretariat, SAARC, Asian Development
Bank; news organizations; and an unclassified computer located at NATO
headquarters.
The GhostNet system directs infected computers to download a Trojan known as gh0st
RAT that allows attackers to gain complete, real-time control.
Instances of gh0st RAT are consistently controlled from commercial Internet access
accounts located on the island of Hainan, People’s Republic of China.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
http://www.infowar-monitor.net/ghostnet/
14. Closing Remarks
• Entering Information Age
• Threats are moving from enterprise to consumer
• Blending of physical instances
• Blending of corporate and private
• Security matters people
• Concerns will focus on
– Privacy
– Critical Infrastructures
– Information warfare
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
15. More Info ??
• ENISA
www.enisa.europa.eu
• NIST
csrc.nist.gov
• EC
ec.europa.eu/justice/data-protection/index_en.htm
• Cloudsecurity
cloudsecurityalliance.org/
• CNPD Legislação Nacional
www.cnpd.pt/bin/legis/leis_nacional.htm
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
16. THANK YOU!
marco.raposo@alcatel-lucent.com
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.