SlideShare a Scribd company logo
學校網絡安全漏洞的評估分享,
管理挑戰及趨勢
Cyber Security and
the Trend for Security
Management in
School Sector
Agenda
1. Introduction
2. Assessment Result Sharing and Insight
3. Challenges in Security Management
4. Trends in Security Management
5. Q &A
Introduction
School IT Security Risk Assessment
HKT Web Vulnerability Assessment Service
Assessment
lifecycle
Vulnerability Analysis
Manual
Review
Report and
Recommendations
Information Gathering
Scheduled Scanning
Week 1
Automated
Scanning
Week 2-3
Manual
Review
Week 4 Report
& Debriefing
Estimated
Lead
Time
HKT Web Vulnerability Assessment Service
Vulnerability Assessment Service is performed by a group of security certified engineers
Web Services Scanning
Host Discovery: 59 ; Web Services: 15
(Around 25% has Web Page Services)
Average Risk Score is 54
4 schools Risk Score over average value
(around 66% School’s Risk Score is above average
Domain Vulnerability Result: 31% risk is in High Risk or above.
Application Vulnerability Result: 33% risk is in High Risk Level. There are
283 high risk find in total 849 vulnerability records.
25%
66%
32%
HKT’s Web Vulnerability Assessment Summary
Duration:
Mar,2020 to Dec,2020
Participates:
6 Schools
Application Vulnerability Scanning result
Ongoing Support Result Highlights
33% of Vulnerabilities are in
Critical / High Categories
Low 11%
Medium 58%
High 27%
Critical 5%
Low
Medium
High
Critical
Domain Host Vulnerability Scanning Distribution
0 20 40 60 80
School 1
School 2
School 3
School 4
School 5
School 6
60
45
78
65
55
20
Risk Score
Risk Score
Average Score Highest Score Lowest Score
54 78 20
Ongoing Support Top Security Impact Vulnerabilities
Code (SQL) Injection Cross-site Scripting (XSS)
Using Outdated
Components with Known
Vulnerabilities
The attacker’s hostile data
can trick the interpreter
into executing unintended
commands or accessing
data without proper
authorization.
Allow an attacker to
compromise the
application, access or
modify data, or exploit
latent vulnerabilities in
the underlying database.
- SSL/TLS version
- OS version
- PHP version
- Apache version
…etc
26% 40% 86%
Among the ~15 systems scanned, we find Percentage get the below
Vulnerability……
6.9% of total attacks
belongs to this category.
32% of total attacks
belongs to this category.
4.7% of total attacks
belongs to this category.
Ongoing Support Security Risk Impact
Code (SQL) Injection Cross-site Scripting (XSS)
Using Outdated
Components with Known
Vulnerabilities
- Data Leakage / Loss
- Content Defacement
- Malicious code injection
- Malware / Ransomware Infection
- Black Listing ➔ Affect SCHOOL OPERATON / REPUTATION
The vulnerability may impact your system, result in
10+ years ago
Challenges in
Security
Management
IT Support
Nowadays
IT Support
More User Touch Point
More System
More Data
(More Security Risk)
Challenges in
Security
Management
Ongoing Support Challenges in Security Management
Investment spending in Cyber Security
Success factors that can strengthen your organization’s cybersecurity posture in the next three years
0% 10% 20% 30% 40% 50%
Improvement in technologies
Improvement in staffing
Increase in funding
Cyber intelligence improvements
Improvement in threat sharing
Reduction in the compliance burden
Ability to minimize employee-related risk
Reduction in complexity
Increase in C-level support
Cybersecurity leadership
Other
Complexity
Recruitment
$$
Ponemon Institute Research Report, 2018
Trends in
Security
Management
How to Survive in the challenging
Security Management?
You CANNOT do it all by yourself, find
a TRUSTED PARTNER for Security
Management
Ongoing Support “Security-Centric”- Security Management Everywhere
ISP
Internet Service Provider Perimeter Core Networking End Point Devices/BYOD
School Devices
School Wi-Fi service
School core network
School Firewall
BYOD Devices
Service Gateways
User Remote Access
VIRUS /
MALWARE
INTRUSION
RANSOMWARE /
Email SPAM / Email
Spoofing
DoS / Intrusion
DDoS /
Malicious
Website
Potential Security Threat is everywhere!!
Ongoing Support “Security-Centric”- Security Management Everywhere
ISP
Internet Service Provider Perimeter Core Networking End Point Devices/BYOD
School Devices
School Wi-Fi service
School core network
School Firewall
BYOD Devices
Service Gateways
User Remote Access
-- Separate Network -- -- Separate Network --
-- Separate Network --
Cloud-Based
Firewall / Web
Filtering
UTM Firewall Email Security /
Application Server
EDR
NGAV
Multi-Dimension Security Protection
Ongoing Support “Security-Centric”- Security Management Everywhere
ISP
Internet Service Provider Perimeter Core Networking End Point Devices/BYOD
School Devices
School Wi-Fi service
School core network
School Firewall
BYOD Devices
Service Gateways
User Remote Access
DDoS /
Malicious
Website 1. Centralized Security Log collection and monitoring
2. Automation of security alert and incident recording
3. Remote support for incident recording and assist
Security
Management
Comprehensive Managed Security Service
Ongoing Support Key components on Security Management
People
Technology Process
Secure Connectivity
DDoS
Protection
HKT Internet
Platform
HKT Private Network
Network
Security
System
Security
Endpoint
Protection
Application
Control
Secure On-Premises Solution
HKT School HelpDesk /
Security Operation Center
Security
Operation
Center
Tier 1
Tier 2
Tier 3
SOC Manager
- Security Expert
- Security Intelligence
- Security Management
Tools and Practice
• Occurred on 12-May-2017 (Friday night)
• Take action to disable related firewall TCP ports (139 & 445) in ALL school
wifi circuits
• Completed all school wifi circuits (400+) on 15-May-2017 (Monday)
• Informed schools that HKT already take action to block the TCP ports via
Phone & Email
• Prepare user guide / preventive actions and sent to schools for them to
take action on school’s ITED network
School
Helpdesk
- Security Risk will keep EVOLVING
Key Takeaways
- PERIODIC Security Risk
Assessment is important
- You CANNOT do it all by yourself
- Find a TRUTSED PARTNER for
security management
Any Questions?
Thank You

More Related Content

What's hot

Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
BbAOC
 
IBM Cybersecurity Analyst
IBM Cybersecurity AnalystIBM Cybersecurity Analyst
IBM Cybersecurity Analyst
Mustafa TOPÇU
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurity
Hays Recruitment North America
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_dooly
zdooly
 
Cyber security and safety
Cyber security and safetyCyber security and safety
Cyber security and safety
Dooremoore
 
Infosec
InfosecInfosec
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
Yasir Nafees
 
Cyber Security Awareness Program
Cyber Security Awareness ProgramCyber Security Awareness Program
Cyber Security Awareness Program
John Rocco
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Education slides_MMPL
Education slides_MMPLEducation slides_MMPL
Education slides_MMPL
Medley India Infosolution Pvt Ltd
 
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Avantika University
 
Discovery Home S B Chapter 8
Discovery  Home  S B  Chapter  8Discovery  Home  S B  Chapter  8
Discovery Home S B Chapter 8
tinwerf
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Neha Gupta
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
RaviPrashant5
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto  Chapter Presentation-March 2017ISA Toronto  Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017
Sustainable Resources Management
 
Introduction to cyber security by cyber security infotech(csi)
Introduction to cyber security by cyber security infotech(csi)Introduction to cyber security by cyber security infotech(csi)
Introduction to cyber security by cyber security infotech(csi)
Cyber Security Infotech
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
Cristian Mihai
 
Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)
Cyber Security Infotech
 
Network security
Network securityNetwork security
Network security
William hendric
 

What's hot (20)

Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
 
IBM Cybersecurity Analyst
IBM Cybersecurity AnalystIBM Cybersecurity Analyst
IBM Cybersecurity Analyst
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurity
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_dooly
 
Cyber security and safety
Cyber security and safetyCyber security and safety
Cyber security and safety
 
Infosec
InfosecInfosec
Infosec
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
 
Cyber Security Awareness Program
Cyber Security Awareness ProgramCyber Security Awareness Program
Cyber Security Awareness Program
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Education slides_MMPL
Education slides_MMPLEducation slides_MMPL
Education slides_MMPL
 
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
 
Discovery Home S B Chapter 8
Discovery  Home  S B  Chapter  8Discovery  Home  S B  Chapter  8
Discovery Home S B Chapter 8
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto  Chapter Presentation-March 2017ISA Toronto  Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017
 
Introduction to cyber security by cyber security infotech(csi)
Introduction to cyber security by cyber security infotech(csi)Introduction to cyber security by cyber security infotech(csi)
Introduction to cyber security by cyber security infotech(csi)
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)
 
Network security
Network securityNetwork security
Network security
 

Similar to 1 - HKT Reporting.pdf

02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
eLearning Consortium 電子學習聯盟
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
Mark J. Feldman
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan   vulnerability stats report 2019 - h-isac-2-2-2019Edgescan   vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Eoin Keary
 
Level3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation SnapshotLevel3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation Snapshot
Advanced Technology Consulting (ATC)
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolio
Rhys A. Mossom
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
Netpluz Asia Pte Ltd
 
Mitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsMitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT Systems
BeyondTrust
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
amiable_indian
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Lumension
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
technext1
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
Rishu Mehra
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
IPPAI
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
Marc Crudgington, MBA
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
Bryan Fendley
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room:  Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room:  Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
YogeshIJTSRD
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
PT Datacomm Diangraha
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
Patty Buckley
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Sonatype
 

Similar to 1 - HKT Reporting.pdf (20)

02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan   vulnerability stats report 2019 - h-isac-2-2-2019Edgescan   vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
 
Level3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation SnapshotLevel3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation Snapshot
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolio
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
 
Mitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsMitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT Systems
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room:  Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room:  Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
 

More from eLearning Consortium 電子學習聯盟

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
eLearning Consortium 電子學習聯盟
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
eLearning Consortium 電子學習聯盟
 
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
eLearning Consortium 電子學習聯盟
 
1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
eLearning Consortium 電子學習聯盟
 
HKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
eLearning Consortium 電子學習聯盟
 
How Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
eLearning Consortium 電子學習聯盟
 
5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
4-Herbal ID.pdf
4-Herbal ID.pdf4-Herbal ID.pdf
3-VisualSonic.pdf
3-VisualSonic.pdf3-VisualSonic.pdf
2-kNOw Touch.pdf
2-kNOw Touch.pdf2-kNOw Touch.pdf
1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
eLearning Consortium 電子學習聯盟
 
2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
eLearning Consortium 電子學習聯盟
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
eLearning Consortium 電子學習聯盟
 
07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士
eLearning Consortium 電子學習聯盟
 
06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛
eLearning Consortium 電子學習聯盟
 
04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
eLearning Consortium 電子學習聯盟
 
03 學校網絡安全與防衛
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
eLearning Consortium 電子學習聯盟
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
eLearning Consortium 電子學習聯盟
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
eLearning Consortium 電子學習聯盟
 
Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)
eLearning Consortium 電子學習聯盟
 

More from eLearning Consortium 電子學習聯盟 (20)

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
 
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
 
1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
 
HKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
 
How Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
 
5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf
 
4-Herbal ID.pdf
4-Herbal ID.pdf4-Herbal ID.pdf
4-Herbal ID.pdf
 
3-VisualSonic.pdf
3-VisualSonic.pdf3-VisualSonic.pdf
3-VisualSonic.pdf
 
2-kNOw Touch.pdf
2-kNOw Touch.pdf2-kNOw Touch.pdf
2-kNOw Touch.pdf
 
1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
 
2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
 
07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士
 
06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛
 
04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
 
03 學校網絡安全與防衛
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
 
Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)
 

Recently uploaded

How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
Celine George
 
What is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptxWhat is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptx
christianmathematics
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
adhitya5119
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
WaniBasim
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
Bisnar Chase Personal Injury Attorneys
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
Celine George
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
Celine George
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
ak6969907
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
Nicholas Montgomery
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 

Recently uploaded (20)

How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
 
What is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptxWhat is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptx
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 

1 - HKT Reporting.pdf

  • 2. Cyber Security and the Trend for Security Management in School Sector Agenda 1. Introduction 2. Assessment Result Sharing and Insight 3. Challenges in Security Management 4. Trends in Security Management 5. Q &A
  • 4. HKT Web Vulnerability Assessment Service Assessment lifecycle Vulnerability Analysis Manual Review Report and Recommendations Information Gathering Scheduled Scanning Week 1 Automated Scanning Week 2-3 Manual Review Week 4 Report & Debriefing Estimated Lead Time
  • 5. HKT Web Vulnerability Assessment Service Vulnerability Assessment Service is performed by a group of security certified engineers
  • 6. Web Services Scanning Host Discovery: 59 ; Web Services: 15 (Around 25% has Web Page Services) Average Risk Score is 54 4 schools Risk Score over average value (around 66% School’s Risk Score is above average Domain Vulnerability Result: 31% risk is in High Risk or above. Application Vulnerability Result: 33% risk is in High Risk Level. There are 283 high risk find in total 849 vulnerability records. 25% 66% 32% HKT’s Web Vulnerability Assessment Summary Duration: Mar,2020 to Dec,2020 Participates: 6 Schools Application Vulnerability Scanning result
  • 7. Ongoing Support Result Highlights 33% of Vulnerabilities are in Critical / High Categories Low 11% Medium 58% High 27% Critical 5% Low Medium High Critical Domain Host Vulnerability Scanning Distribution 0 20 40 60 80 School 1 School 2 School 3 School 4 School 5 School 6 60 45 78 65 55 20 Risk Score Risk Score Average Score Highest Score Lowest Score 54 78 20
  • 8. Ongoing Support Top Security Impact Vulnerabilities Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - SSL/TLS version - OS version - PHP version - Apache version …etc 26% 40% 86% Among the ~15 systems scanned, we find Percentage get the below Vulnerability…… 6.9% of total attacks belongs to this category. 32% of total attacks belongs to this category. 4.7% of total attacks belongs to this category.
  • 9. Ongoing Support Security Risk Impact Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities - Data Leakage / Loss - Content Defacement - Malicious code injection - Malware / Ransomware Infection - Black Listing ➔ Affect SCHOOL OPERATON / REPUTATION The vulnerability may impact your system, result in
  • 10. 10+ years ago Challenges in Security Management IT Support
  • 11. Nowadays IT Support More User Touch Point More System More Data (More Security Risk) Challenges in Security Management
  • 12. Ongoing Support Challenges in Security Management Investment spending in Cyber Security Success factors that can strengthen your organization’s cybersecurity posture in the next three years 0% 10% 20% 30% 40% 50% Improvement in technologies Improvement in staffing Increase in funding Cyber intelligence improvements Improvement in threat sharing Reduction in the compliance burden Ability to minimize employee-related risk Reduction in complexity Increase in C-level support Cybersecurity leadership Other Complexity Recruitment $$ Ponemon Institute Research Report, 2018
  • 13. Trends in Security Management How to Survive in the challenging Security Management? You CANNOT do it all by yourself, find a TRUSTED PARTNER for Security Management
  • 14. Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access VIRUS / MALWARE INTRUSION RANSOMWARE / Email SPAM / Email Spoofing DoS / Intrusion DDoS / Malicious Website Potential Security Threat is everywhere!!
  • 15. Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access -- Separate Network -- -- Separate Network -- -- Separate Network -- Cloud-Based Firewall / Web Filtering UTM Firewall Email Security / Application Server EDR NGAV Multi-Dimension Security Protection
  • 16. Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access DDoS / Malicious Website 1. Centralized Security Log collection and monitoring 2. Automation of security alert and incident recording 3. Remote support for incident recording and assist Security Management Comprehensive Managed Security Service
  • 17. Ongoing Support Key components on Security Management People Technology Process Secure Connectivity DDoS Protection HKT Internet Platform HKT Private Network Network Security System Security Endpoint Protection Application Control Secure On-Premises Solution HKT School HelpDesk / Security Operation Center
  • 18. Security Operation Center Tier 1 Tier 2 Tier 3 SOC Manager - Security Expert - Security Intelligence - Security Management Tools and Practice
  • 19. • Occurred on 12-May-2017 (Friday night) • Take action to disable related firewall TCP ports (139 & 445) in ALL school wifi circuits • Completed all school wifi circuits (400+) on 15-May-2017 (Monday) • Informed schools that HKT already take action to block the TCP ports via Phone & Email • Prepare user guide / preventive actions and sent to schools for them to take action on school’s ITED network School Helpdesk
  • 20. - Security Risk will keep EVOLVING Key Takeaways - PERIODIC Security Risk Assessment is important - You CANNOT do it all by yourself - Find a TRUTSED PARTNER for security management