SlideShare a Scribd company logo

02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。

E
eLearning Consortium 電子學習聯盟

This document summarizes a presentation about assessing and managing school network security. It discusses the results of vulnerability assessments conducted on 50 school websites, which found over 110 critical vulnerabilities. The top issues were SQL injection, cross-site scripting, and outdated components. Managing security is challenging due to increasing systems, data, and user touchpoints. Trends include taking a security-centric approach across the network and adopting comprehensive managed security services. Key aspects of security management are people, technology, process and having a security operations center for monitoring, alerting and incident response.

1 of 23
Download to read offline
學校網絡安全漏洞的評估 分享, 管理挑戰及趨勢 香港電訊有限公司 商業客戶業務總處 潘震宇先生 13th Jan, 2020
學校網絡安全漏 洞的評估分享, 管理挑戰及趨勢 Agenda 1. Introduction 2. Assessment Result Sharing and Insight 3. Challenges in Security Management 4. Trends in Security Management 5. Q &A
Introduction School IT Security Risk Assessment
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support HKT Web Vulnerability Assessment Service Web vulnerability assessment lifecycle Vulnerability Analysis Manual Review Report and Recommendations Information Gathering
COMPANY CONFIDENTIAL - HKT Internal use only HKT Web Vulnerability Assessment Service HKT Web Vulnerability Assessment Service is performed by a group of security certified engineers
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Result Highlights 150+Hours of Scanning By using different Risk Assessment Tools and manual testing/review ~50Websites Internet-facing application of 20 schools 110+ Critical Vulnerabilities
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Result Highlights Critical 3% High 14% Medium 28% Low 55% 4000+ Vulnerabilities 17% of vulnerabilities are Critical / High Vulnerabilities
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Top Security Impact Vulnerabilities Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - SSL/TLS version - OS version - PHP version - Apache version …etc 39% 27% 63% Among the ~50 scanned systems…
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Security Risk Impact Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities - Data Leakage / Loss - Content Defacement - Malicious code injection - Malware / Ransomware Infection - Black Listing ➔ SCHOOL OPERATON / REPUTATION
10+ years ago Challenges in Security Management IT Support
Nowadays IT Support More User Touch Point More System More Data (More Security Risk) Challenges in Security Management
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Challenges in Security Management Enterprises need to keep investing in Cyber Security Success factors that can strengthen your organization’s cybersecurity posture in the next three years 0% 20% 40% 60% Improvement in technologies Improvement in staffing Increase in funding Cyber intelligence improvements Improvement in threat sharing Reduction in the compliance burden Ability to minimize employee-… Reduction in complexity Increase in C-level support Cybersecurity leadership Other Complexity Recruitment $$ Ponemon Institute Research Report, 2018
Trends in Security Management How to Survive in the challenging Security Management? You CANNOT do it all by yourself, find a TRUSTED PARTNER for Security Management
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access VIRUS / MALWARE INTRUSION RANSOMWARE / Email SPAM / Email Spoofing DoS / IntrusionDDoS / Malicious Website Potential Security Threat is everywhere!!
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access -- Separate Network -- -- Separate Network ---- Separate Network -- Cloud- Based Firewall / Web Filtering UTM Firewall Email Security / Application Server EDR NGAV Multi-Dimension Security Protection
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access DDoS / Malicious Website 1. Centralized Security Log collection and monitoring 2. Automation of security alert and incident recording 3. Remote support for incident recording and assist Security Management Comprehensive Managed Security Service
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Key components on Security Management People Technology Process Secure Connectivity DDoS ProtectionHKT Internet Platform HKT Private Network Network Security System Security Endpoint Protection Application Control Secure On-Premises Solution HKT School HelpDesk / Security Operation Center
Security Operation Center Tier 1 Tier 2 Tier 3 SOC Manager- Security Expert - Security Intelligence - Security Management Tools and Practice
• Occurred on 12-May-2017 (Friday night) • Take action to disable related firewall TCP ports (139 & 445) in ALL school wifi circuits • Completed all school wifi circuits (400+) on 15-May-2017 (Monday) • Informed schools that HKT already take action to block the TCP ports via Phone & Email • Prepare user guide / preventive actions and sent to schools for them to take action on school’s ITED network School Helpdesk
- Security Risk will keep EVOLVING Key Takeaways - PERIODIC Security Risk Assessment is important - You CANNOT do it all by yourself - Find a TRUTSED PARTNER for security management
Any Questions?
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support More HKT Enterprise Solution on social media Follow HKT Enterprise Solutions on LinkedIn & Facebook
Thank You

Recommended

08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
eLearning Consortium 電子學習聯盟
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Executive Information Security Training
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security Training
Angela Samuels
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
Kimberly Hood
 
Cybersecurity education catalog sae september 2021
Cybersecurity education catalog sae september 2021Cybersecurity education catalog sae september 2021
Cybersecurity education catalog sae september 2021
TrustwaveHoldings
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
Partner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 securityPartner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 security
Zymbian
 
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
Ivanti
 

Recommended

08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
eLearning Consortium 電子學習聯盟
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Executive Information Security Training
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security Training
Angela Samuels
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
Kimberly Hood
 
Cybersecurity education catalog sae september 2021
Cybersecurity education catalog sae september 2021Cybersecurity education catalog sae september 2021
Cybersecurity education catalog sae september 2021
TrustwaveHoldings
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
Partner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 securityPartner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 security
Zymbian
 
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
Ivanti
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
Brian Honan
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
CommLab India – Rapid eLearning Solutions
 
Information security policy
Information security policyInformation security policy
Information security policy
BalachanderThilakar1
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
Pace IT at Edmonds Community College
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Bryan Len
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk Mitigation
Mukalele Rogers
 
Security tools
Security toolsSecurity tools
Security tools
arfan shahzad
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
Tammy Clark
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
BbAOC
 
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
Robert Straus
 
Topic11
Topic11Topic11
Topic11
Anne Starr
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat Response
Vivek Jindaniya
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
Vaughan Olufemi ACIB, AICEN, ANIM
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
D zone-cat-datasheet
D zone-cat-datasheetD zone-cat-datasheet
D zone-cat-datasheet
Lindsay Carreau
 
1 - HKT Reporting.pdf
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
eLearning Consortium 電子學習聯盟
 
Information security presentation
Information security presentationInformation security presentation
Information security presentation
HK IT solutions... unlimited...
 

More Related Content

What's hot

Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
Brian Honan
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
CommLab India – Rapid eLearning Solutions
 
Information security policy
Information security policyInformation security policy
Information security policy
BalachanderThilakar1
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
Pace IT at Edmonds Community College
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Bryan Len
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk Mitigation
Mukalele Rogers
 
Security tools
Security toolsSecurity tools
Security tools
arfan shahzad
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
Tammy Clark
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
BbAOC
 
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
Robert Straus
 
Topic11
Topic11Topic11
Topic11
Anne Starr
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat Response
Vivek Jindaniya
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
Vaughan Olufemi ACIB, AICEN, ANIM
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
D zone-cat-datasheet
D zone-cat-datasheetD zone-cat-datasheet
D zone-cat-datasheet
Lindsay Carreau
 

What's hot (20)

Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Information security policy
Information security policyInformation security policy
Information security policy
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex Training
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk Mitigation
 
Security tools
Security toolsSecurity tools
Security tools
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
 
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
 
Topic11
Topic11Topic11
Topic11
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat Response
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
D zone-cat-datasheet
D zone-cat-datasheetD zone-cat-datasheet
D zone-cat-datasheet
 

Similar to 02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。

1 - HKT Reporting.pdf
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
eLearning Consortium 電子學習聯盟
 
Information security presentation
Information security presentationInformation security presentation
Information security presentation
HK IT solutions... unlimited...
 
Level3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation SnapshotLevel3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation Snapshot
Advanced Technology Consulting (ATC)
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - English
Didiet Kusumadihardja
 
Federal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive PanelFederal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive Panel
BDPA Education and Technology Foundation
 
CV
CVCV
CV
Tamaa Alneyadi
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
Jyothi Satyanathan
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
Cloud Expo
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
Jim Kaplan CIA CFE
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
Core Security Technologies
 
Cisco Managed Security
Cisco Managed SecurityCisco Managed Security
Cisco Managed Security
Srivatsan Desikan
 
03 學校網絡安全與防衛
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
eLearning Consortium 電子學習聯盟
 
Updated Resume
Updated ResumeUpdated Resume
Updated Resume
Robert Boston III Systems Administrator
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamens
kamensm02
 
Pankaj's Resume Information Security Professional
Pankaj's Resume Information Security ProfessionalPankaj's Resume Information Security Professional
Pankaj's Resume Information Security Professional
Pankaj Kumar
 
Huwei Cyber Security Presentation
Huwei Cyber Security PresentationHuwei Cyber Security Presentation
Huwei Cyber Security Presentation
Peter921148
 
Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)
eLearning Consortium 電子學習聯盟
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disney
kamensm02
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
IPPAI
 

Similar to 02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。 (20)

1 - HKT Reporting.pdf
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
 
Information security presentation
Information security presentationInformation security presentation
Information security presentation
 
Level3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation SnapshotLevel3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation Snapshot
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - English
 
Federal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive PanelFederal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive Panel
 
CV
CVCV
CV
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
Cisco Managed Security
Cisco Managed SecurityCisco Managed Security
Cisco Managed Security
 
03 學校網絡安全與防衛
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
 
Updated Resume
Updated ResumeUpdated Resume
Updated Resume
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamens
 
Pankaj's Resume Information Security Professional
Pankaj's Resume Information Security ProfessionalPankaj's Resume Information Security Professional
Pankaj's Resume Information Security Professional
 
Huwei Cyber Security Presentation
Huwei Cyber Security PresentationHuwei Cyber Security Presentation
Huwei Cyber Security Presentation
 
Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disney
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 

More from eLearning Consortium 電子學習聯盟

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
eLearning Consortium 電子學習聯盟
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
eLearning Consortium 電子學習聯盟
 
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
eLearning Consortium 電子學習聯盟
 
1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
eLearning Consortium 電子學習聯盟
 
HKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
eLearning Consortium 電子學習聯盟
 
How Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
eLearning Consortium 電子學習聯盟
 
5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf
eLearning Consortium 電子學習聯盟
 
4-Herbal ID.pdf
4-Herbal ID.pdf4-Herbal ID.pdf
4-Herbal ID.pdf
eLearning Consortium 電子學習聯盟
 
3-VisualSonic.pdf
3-VisualSonic.pdf3-VisualSonic.pdf
3-VisualSonic.pdf
eLearning Consortium 電子學習聯盟
 
2-kNOw Touch.pdf
2-kNOw Touch.pdf2-kNOw Touch.pdf
2-kNOw Touch.pdf
eLearning Consortium 電子學習聯盟
 
1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
eLearning Consortium 電子學習聯盟
 
3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf
eLearning Consortium 電子學習聯盟
 
2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
eLearning Consortium 電子學習聯盟
 
07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士
eLearning Consortium 電子學習聯盟
 
06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛
eLearning Consortium 電子學習聯盟
 
04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
eLearning Consortium 電子學習聯盟
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
eLearning Consortium 電子學習聯盟
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
eLearning Consortium 電子學習聯盟
 
高可寧的保安安排
高可寧的保安安排高可寧的保安安排
高可寧的保安安排
eLearning Consortium 電子學習聯盟
 
Experience Sharing on School Pentest Project
Experience Sharing on School Pentest ProjectExperience Sharing on School Pentest Project
Experience Sharing on School Pentest Project
eLearning Consortium 電子學習聯盟
 

More from eLearning Consortium 電子學習聯盟 (20)

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
 
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
 
1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
 
HKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
 
How Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
 
5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf
 
4-Herbal ID.pdf
4-Herbal ID.pdf4-Herbal ID.pdf
4-Herbal ID.pdf
 
3-VisualSonic.pdf
3-VisualSonic.pdf3-VisualSonic.pdf
3-VisualSonic.pdf
 
2-kNOw Touch.pdf
2-kNOw Touch.pdf2-kNOw Touch.pdf
2-kNOw Touch.pdf
 
1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
 
3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf
 
2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
 
07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士
 
06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛
 
04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
 
高可寧的保安安排
高可寧的保安安排高可寧的保安安排
高可寧的保安安排
 
Experience Sharing on School Pentest Project
Experience Sharing on School Pentest ProjectExperience Sharing on School Pentest Project
Experience Sharing on School Pentest Project
 

Recently uploaded

Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
ak6969907
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
IreneSebastianRueco1
 
Smart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICTSmart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICT
simonomuemu
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
Celine George
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
mulvey2
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
heathfieldcps1
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
TechSoup
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
Dr. Shivangi Singh Parihar
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 

Recently uploaded (20)

Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
 
Smart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICTSmart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICT
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 

02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。

  • 2. 學校網絡安全漏 洞的評估分享, 管理挑戰及趨勢 Agenda 1. Introduction 2. Assessment Result Sharing and Insight 3. Challenges in Security Management 4. Trends in Security Management 5. Q &A
  • 4. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support HKT Web Vulnerability Assessment Service Web vulnerability assessment lifecycle Vulnerability Analysis Manual Review Report and Recommendations Information Gathering
  • 5. COMPANY CONFIDENTIAL - HKT Internal use only HKT Web Vulnerability Assessment Service HKT Web Vulnerability Assessment Service is performed by a group of security certified engineers
  • 6. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Result Highlights 150+Hours of Scanning By using different Risk Assessment Tools and manual testing/review ~50Websites Internet-facing application of 20 schools 110+ Critical Vulnerabilities
  • 7. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Result Highlights Critical 3% High 14% Medium 28% Low 55% 4000+ Vulnerabilities 17% of vulnerabilities are Critical / High Vulnerabilities
  • 8. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Top Security Impact Vulnerabilities Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - SSL/TLS version - OS version - PHP version - Apache version …etc 39% 27% 63% Among the ~50 scanned systems…
  • 9. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Security Risk Impact Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities - Data Leakage / Loss - Content Defacement - Malicious code injection - Malware / Ransomware Infection - Black Listing ➔ SCHOOL OPERATON / REPUTATION
  • 10. 10+ years ago Challenges in Security Management IT Support
  • 11. Nowadays IT Support More User Touch Point More System More Data (More Security Risk) Challenges in Security Management
  • 12. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Challenges in Security Management Enterprises need to keep investing in Cyber Security Success factors that can strengthen your organization’s cybersecurity posture in the next three years 0% 20% 40% 60% Improvement in technologies Improvement in staffing Increase in funding Cyber intelligence improvements Improvement in threat sharing Reduction in the compliance burden Ability to minimize employee-… Reduction in complexity Increase in C-level support Cybersecurity leadership Other Complexity Recruitment $$ Ponemon Institute Research Report, 2018
  • 13. Trends in Security Management How to Survive in the challenging Security Management? You CANNOT do it all by yourself, find a TRUSTED PARTNER for Security Management
  • 14. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access VIRUS / MALWARE INTRUSION RANSOMWARE / Email SPAM / Email Spoofing DoS / IntrusionDDoS / Malicious Website Potential Security Threat is everywhere!!
  • 15. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access -- Separate Network -- -- Separate Network ---- Separate Network -- Cloud- Based Firewall / Web Filtering UTM Firewall Email Security / Application Server EDR NGAV Multi-Dimension Security Protection
  • 16. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access DDoS / Malicious Website 1. Centralized Security Log collection and monitoring 2. Automation of security alert and incident recording 3. Remote support for incident recording and assist Security Management Comprehensive Managed Security Service
  • 17. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Key components on Security Management People Technology Process Secure Connectivity DDoS ProtectionHKT Internet Platform HKT Private Network Network Security System Security Endpoint Protection Application Control Secure On-Premises Solution HKT School HelpDesk / Security Operation Center
  • 18. Security Operation Center Tier 1 Tier 2 Tier 3 SOC Manager- Security Expert - Security Intelligence - Security Management Tools and Practice
  • 19. • Occurred on 12-May-2017 (Friday night) • Take action to disable related firewall TCP ports (139 & 445) in ALL school wifi circuits • Completed all school wifi circuits (400+) on 15-May-2017 (Monday) • Informed schools that HKT already take action to block the TCP ports via Phone & Email • Prepare user guide / preventive actions and sent to schools for them to take action on school’s ITED network School Helpdesk
  • 20. - Security Risk will keep EVOLVING Key Takeaways - PERIODIC Security Risk Assessment is important - You CANNOT do it all by yourself - Find a TRUTSED PARTNER for security management
  • 22. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support More HKT Enterprise Solution on social media Follow HKT Enterprise Solutions on LinkedIn & Facebook