SlideShare a Scribd company logo

Cyber Security Perspective for Zimbabwe

M
marukanda

This document discusses cyber security from past, present, and future perspectives. It notes that cyber security has evolved from an immature field to one that will become more scientific and technology-centric over time. The document outlines key cyber threats such as botnets, targeted attacks, and the underground economy that supports them. It also summarizes India's cyber security strategy, noting the importance of legal frameworks, incident response, capacity building, research and development, and international collaboration to enhance cyber security.

Technology
1 of 33
Download to read offline
1 Cyber Security General Perspective 1 Towards a Secure Digital Future Zimbabwe , June 2015 Dr. Whisper Rukanda wr@mornipac.co.za This report is solely for the use at CSZ presentation. No part of it may be circulated, quoted, or reproduced for distribution outside the client organization without prior written approval from MorniPac Consultants This material was used by MorniPac Consultants during an oral presentation; it is not a complete record of the discussion. Computer Society of Zimbabwe Business School
PAST, PRESENT Cyber security is a young and immature field The attackers are more innovative than defenders Defenders are mired in FUD (fear, uncertainty and doubt) and fairy tales Attack back is illegal or classified FUTURE Cyber security will become a scientific discipline Cyber security will be application and technology centric Cyber security will never be “solved” but will be “managed” Attack back will be a integral part of cyber security
Cyber Security Objectives CONFIDENTIALITY disclosure 3 CONFIDENTIALITY disclosure USAGE purpose CONFIDENTIALITY disclosure USAGE AVAILABILITY access INTEGRITY authenticity USAGE purpose Security Objectives: Black-and-white to shades of grey Attackers: Innovative beyond belief Defenders: Need new doctrine Major Innovations  Botnets,  Robust underground economy and supply chain  Targeted attacks , Stealthy attacks Some Examples  Drive by downloads  Scareware, Doctored online statements  Long-lived stealth attacks Status  Attackers have sizable inventory of known  but unused or rarely used tricks  Innovation will continue
Web Sites (WWW) 1993 Web Invented and implemented 130 Nos. web sites 1994 2738 Nos. 1995 23500 Nos. 2007 550 Million Nos. 2008 850 Million Nos. Web Evolution
55 Internet Infrastructure in INDIA
Innovation fostering the Growth of NGNs • Smart devices – Television – Computers – PDA – Mobile Phone (Single device to provide an end-to-end, seamlessly secure access) • Application Simplicity – Preference of single, simple and secure interface to access applications or content – Ubiquitous interface - web browser • Flexible Infrastructure Because of these areas of evolution, today’s NGNs are defined more by the services they support than by traditional demarcation of Physical Infrastructure.
The Emergence of NGNs • The communication network operating two years ago are father’s telecommunication Network. • NGNs are teenager’s Network. • No longer consumer and business accept the limitation of single-use device or network. • Both individuals and Business want the ability to communicate, work and be entertained over any device, any time, anywhere. • The demand of these services coupled with innovation in technology is advancing traditional telecommunication far outside its original purpose.
8 The Complexity of Today’s Network Changes Brought in IT • Large network as backbone for connectivity across the country • Multiple Service providers for providing links – BSNL, MTNL, Reliance, TATA, Rail Tel • Multiple Technologies to support network infrastructure CDMA, VSAT, DSL • Multiple Applications Router Internet Intranet ` Unmanaged Device New PC Internet Perimeter Network Branch Offices Remote Workers Home Users Unmanaged Devices Router RouterRouter Router ` ` ` ` ` ` Branch Offices Desktops Laptops Servers Extranet Servers Router Network Infrastructure Unmanaged Devices Perimeter Network Servers Trends shaping the future • Ubiquitous computing, networking and mobility • Embedded Computing • Security • IPv6 • VoIP
Challenges for Network Operator • Business challenges include new Pricing Structure, new relationship and new competitors. • Technical challenges include migrating and integrating with new advances in technologies from fibre optics, installation of Wi-Fi support. • Developing a comprehensive Security Policy and architecture in support of NGN services.
To Reap Benefits • To reap benefits of NGN, the operator must address – Technology – Risk – Security – Efficiency
NGN Architecture Identify Layer Compromises of end users owned by a telecom or a third-party service provider accessing services using devices like PC, PDA or mobile phone, to connect to the Internet Service Layer Hosts service applications and provides a framework for the creation of customer-focused services provided by either operator or a third-party service provider Network Layer Performs service execution, service management, network management and media control functions Connects with the backbone network InternetThird-Party Application Untrusted Web Tier Service Provider Application Service Delivery Platform (Service Provider ) Service Delivery Platform Common Framework Backbone Network Partly Trusted
12 Growing Concern • Computing Technology has turned against us • Exponential growth in security incidents – Pentagon, US in 2007 – Estonia in April 2007 – Computer System of German Chancellory and three Ministries – Highly classified computer network in New Zealand & Australia • Complex and target oriented software • Common computing technologies and systems • Constant probing and mapping of network systems
Cyber Threat Evolution Virus Breaking Web Sites Malicious Code (Melissa) Advanced Worm / Trojan (I LOVE YOU) Identity Theft (Phishing) Organised Crime Data Theft, DoS / DDoS 1995 2000 2003-04 2005-06 2007-081977
Cyber attacks being observed • Web defacement • Spam • Spoofing • Proxy Scan • Denial of Service • Distributed Denial of Service • Malicious Codes – Virus – Bots • Data Theft and Data Manipulation – Identity Theft – Financial Frauds • Social engineering Scams
15 Security Incidents reported during 2008
Trends of Incidents • Sophisticated attacks – Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity • Rise of Cyber Spying and Targeted attacks – Mapping of network, probing for weakness/vulnerabilities • Malware propagation through Website intrusion – Large scale SQL Injection attacks like Asprox Botnet • Malware propagation through Spam on the rise – Storm worm, which is one of the most notorious malware programs seen during 2007-08, circulates through spam
Trends of Incidents • Phishing – Increase in cases of fast-flux phishing and rock-phish – Domain name phishing and Registrar impersonation • Crimeware – Targeting personal information for financial frauds • Information Stealing through social networking sites • Rise in Attack toolkits – Toolkits like Mpack and Neospolit can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised sites
Global Attack Trend Source: Websense
19 Top originating countries – Malicious code
20 Three faces of cyber crime • Organised Crime • Terrorist Groups • Nation States
Security of Information Assets • Security of information & information assets is becoming a major area of concern • With every new application, newer vulnerabilities crop up, posing immense challenges to those who are mandated to protect the IT assets • Coupled with this host of legal requirements and international business compliance requirements on data protection and privacy place a huge demand on IT/ITES/BPO service organizations • We need to generate ‘Trust & Confidence’
Challenges before the Industry
Model Followed Internationally • Internationally, the general approach has been to have legal drivers supported by suitable verification mechanism. • For example, in USA Legal drivers have been – SOX – HIPPA – GLBA – FISMA etc. • In Europe, the legal driver has been the “Data Protection Act” supported by ISO27001 ISMS.
24 Confidentiality INFORMATION SECURITY Integrity Availability Authenticity Security Policy People Process Technology Regulatory Compliance Access Control Security Audit User Awareness Program Incident Response Firewall, IPS/IDS Encryption, PKI Antivirus Information Security Management
Cyber Security Strategy – India • Security Policy, Compliance and Assurance – Legal Framework – IT Act, 2000 – IT (Amendment) Bill, 2006 – Data Protection & Computer crimes – Best Practice ISO 27001 – Security Assurance Framework- IT/ITES/BPO Companies • Security Incident – Early Warning & Response – CERT-In National Cyber Alert System – Information Exchange with international CERTs • Capacity building – Skill & Competence development – Training of law enforcement agencies and judicial officials in the collection and analysis of digital evidence – Training in the area of implementing information security in collaboration with Specialised Organisations in US • Setting up Digital Forensics Centres – Domain Specific training – Cyber Forensics • Research and Development – Network Monitoring – Biometric Authentication – Network Security • International Collaboration
Status of security and quality compliance in India • Quality and Security – Large number of companies in India have aligned their internal process and practices to international standards such as • ISO 9000 • CMM • Six Sigma • Total Quality Management – Some Indian companies have won special recognition for excellence in quality out of 18 Deming Prize winners for Total Quality Management in the last five years, six are Indian companies.
ISO 27001/BS7799 Information Security Management • Government has mandated implementation of ISO27001 ISMS by all critical sectors • ISMS 27001 has mainly three components – Technology – Process – Incident reporting and monitoring • 296 certificates issued in India out of 7735 certificates issued worldwide • Majority of certificates issued in India belong to IT/ITES/BPO sector
CERT-In Work Process Department of Information Technology Detection Analysis Dissemination & Support Analysis Recovery Detect Dissemination ISP Hot Liners Press & TV / Radio Home Users Private Sectors Major ISPs Foreign Ptns
Distributed Honeypot Deployment
PC & End User Security: Auto Security Patch Update Windows Security Patch Auto Update ` ` ` No. of Download ActiveX: 18 Million Internet Microsoft Download Ctr. ActiveX DL Server Sec. Patch ActiveX Site
Incident Response Help Desk PC & End User Security Internet PSTN • Make a call using 1800 – 11 - 4949 • Send fax using 1800 – 11 - 6969 • Communicate through email at incident@cert-in.org.in • Number of security incidents handled during 2008 (till Oct): 1425 • Vulnerability Assessment Service
Int’l Co-op: Cyber Security Drill Joint International Incident Handling Coordination Drill • Participated APCERT International Incident Handling Drill 2006 • Participants: 13 APCERT Members and New Zealand, Vietnam including 5 major Korean ISPs • Scenario: Countermeasure against Malicious Code and relevant infringement as DDoS attack • Participated APCERT International Incident Handling Drill 2007 • Participants: 13 APCERT Members + Korean ISPs • Scenario: DDoS and Malicious Code Injection • To be Model: World Wide Cyber Security Incidents Drill among security agencies

Recommended

Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security RiskMurray Security Services
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021Doug Newdick
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 

Recommended

Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security RiskMurray Security Services
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021Doug Newdick
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problemShiva Bissessar
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4 Jeewanthi Fernando
 
Security Awareness
Security AwarenessSecurity Awareness
Security AwarenessDinesh O Bareja
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance AwarenessDinesh O Bareja
 
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network SecurityChapter 8 Wireless Network Security
Chapter 8 Wireless Network SecurityDr. Ahmed Al Zaidy
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsGerry Elman
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTHAwais Shibli
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Ben Rothke
 

More Related Content

What's hot

The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
 
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network SecurityChapter 8 Wireless Network Security
Chapter 8 Wireless Network SecurityDr. Ahmed Al Zaidy
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsGerry Elman
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTHAwais Shibli
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
 

What's hot (20)

Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance Awareness
 
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network SecurityChapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and Resources
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of Things
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of security
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTH
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
 

Similar to Cyber Security Perspective for Zimbabwe

Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Ben Rothke
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxMalu704065
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveAvinantaTarigan
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudCompTIA UK
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...Prasanna Hegde
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
Cyber security by Gaurav Singh
Cyber security by Gaurav SinghCyber security by Gaurav Singh
Cyber security by Gaurav SinghGaurav Singh
 

Similar to Cyber Security Perspective for Zimbabwe (20)

Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
 
U nit 4
U nit 4U nit 4
U nit 4
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
2019 Cyber Security Trends
2019 Cyber Security Trends2019 Cyber Security Trends
2019 Cyber Security Trends
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College Workshop
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
 
Networking Expertise
Networking ExpertiseNetworking Expertise
Networking Expertise
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
Cyber security by Gaurav Singh
Cyber security by Gaurav SinghCyber security by Gaurav Singh
Cyber security by Gaurav Singh
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Cyber Security Perspective for Zimbabwe

  • 1. 1 Cyber Security General Perspective 1 Towards a Secure Digital Future Zimbabwe , June 2015 Dr. Whisper Rukanda wr@mornipac.co.za This report is solely for the use at CSZ presentation. No part of it may be circulated, quoted, or reproduced for distribution outside the client organization without prior written approval from MorniPac Consultants This material was used by MorniPac Consultants during an oral presentation; it is not a complete record of the discussion. Computer Society of Zimbabwe Business School
  • 2. PAST, PRESENT Cyber security is a young and immature field The attackers are more innovative than defenders Defenders are mired in FUD (fear, uncertainty and doubt) and fairy tales Attack back is illegal or classified FUTURE Cyber security will become a scientific discipline Cyber security will be application and technology centric Cyber security will never be “solved” but will be “managed” Attack back will be a integral part of cyber security
  • 3. Cyber Security Objectives CONFIDENTIALITY disclosure 3 CONFIDENTIALITY disclosure USAGE purpose CONFIDENTIALITY disclosure USAGE AVAILABILITY access INTEGRITY authenticity USAGE purpose Security Objectives: Black-and-white to shades of grey Attackers: Innovative beyond belief Defenders: Need new doctrine Major Innovations  Botnets,  Robust underground economy and supply chain  Targeted attacks , Stealthy attacks Some Examples  Drive by downloads  Scareware, Doctored online statements  Long-lived stealth attacks Status  Attackers have sizable inventory of known  but unused or rarely used tricks  Innovation will continue
  • 4. Web Sites (WWW) 1993 Web Invented and implemented 130 Nos. web sites 1994 2738 Nos. 1995 23500 Nos. 2007 550 Million Nos. 2008 850 Million Nos. Web Evolution
  • 6. Innovation fostering the Growth of NGNs • Smart devices – Television – Computers – PDA – Mobile Phone (Single device to provide an end-to-end, seamlessly secure access) • Application Simplicity – Preference of single, simple and secure interface to access applications or content – Ubiquitous interface - web browser • Flexible Infrastructure Because of these areas of evolution, today’s NGNs are defined more by the services they support than by traditional demarcation of Physical Infrastructure.
  • 7. The Emergence of NGNs • The communication network operating two years ago are father’s telecommunication Network. • NGNs are teenager’s Network. • No longer consumer and business accept the limitation of single-use device or network. • Both individuals and Business want the ability to communicate, work and be entertained over any device, any time, anywhere. • The demand of these services coupled with innovation in technology is advancing traditional telecommunication far outside its original purpose.
  • 8. 8 The Complexity of Today’s Network Changes Brought in IT • Large network as backbone for connectivity across the country • Multiple Service providers for providing links – BSNL, MTNL, Reliance, TATA, Rail Tel • Multiple Technologies to support network infrastructure CDMA, VSAT, DSL • Multiple Applications Router Internet Intranet ` Unmanaged Device New PC Internet Perimeter Network Branch Offices Remote Workers Home Users Unmanaged Devices Router RouterRouter Router ` ` ` ` ` ` Branch Offices Desktops Laptops Servers Extranet Servers Router Network Infrastructure Unmanaged Devices Perimeter Network Servers Trends shaping the future • Ubiquitous computing, networking and mobility • Embedded Computing • Security • IPv6 • VoIP
  • 9. Challenges for Network Operator • Business challenges include new Pricing Structure, new relationship and new competitors. • Technical challenges include migrating and integrating with new advances in technologies from fibre optics, installation of Wi-Fi support. • Developing a comprehensive Security Policy and architecture in support of NGN services.
  • 10. To Reap Benefits • To reap benefits of NGN, the operator must address – Technology – Risk – Security – Efficiency
  • 11. NGN Architecture Identify Layer Compromises of end users owned by a telecom or a third-party service provider accessing services using devices like PC, PDA or mobile phone, to connect to the Internet Service Layer Hosts service applications and provides a framework for the creation of customer-focused services provided by either operator or a third-party service provider Network Layer Performs service execution, service management, network management and media control functions Connects with the backbone network InternetThird-Party Application Untrusted Web Tier Service Provider Application Service Delivery Platform (Service Provider ) Service Delivery Platform Common Framework Backbone Network Partly Trusted
  • 12. 12 Growing Concern • Computing Technology has turned against us • Exponential growth in security incidents – Pentagon, US in 2007 – Estonia in April 2007 – Computer System of German Chancellory and three Ministries – Highly classified computer network in New Zealand & Australia • Complex and target oriented software • Common computing technologies and systems • Constant probing and mapping of network systems
  • 13. Cyber Threat Evolution Virus Breaking Web Sites Malicious Code (Melissa) Advanced Worm / Trojan (I LOVE YOU) Identity Theft (Phishing) Organised Crime Data Theft, DoS / DDoS 1995 2000 2003-04 2005-06 2007-081977
  • 14. Cyber attacks being observed • Web defacement • Spam • Spoofing • Proxy Scan • Denial of Service • Distributed Denial of Service • Malicious Codes – Virus – Bots • Data Theft and Data Manipulation – Identity Theft – Financial Frauds • Social engineering Scams
  • 16. Trends of Incidents • Sophisticated attacks – Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity • Rise of Cyber Spying and Targeted attacks – Mapping of network, probing for weakness/vulnerabilities • Malware propagation through Website intrusion – Large scale SQL Injection attacks like Asprox Botnet • Malware propagation through Spam on the rise – Storm worm, which is one of the most notorious malware programs seen during 2007-08, circulates through spam
  • 17. Trends of Incidents • Phishing – Increase in cases of fast-flux phishing and rock-phish – Domain name phishing and Registrar impersonation • Crimeware – Targeting personal information for financial frauds • Information Stealing through social networking sites • Rise in Attack toolkits – Toolkits like Mpack and Neospolit can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised sites
  • 19. 19 Top originating countries – Malicious code
  • 20. 20 Three faces of cyber crime • Organised Crime • Terrorist Groups • Nation States
  • 21. Security of Information Assets • Security of information & information assets is becoming a major area of concern • With every new application, newer vulnerabilities crop up, posing immense challenges to those who are mandated to protect the IT assets • Coupled with this host of legal requirements and international business compliance requirements on data protection and privacy place a huge demand on IT/ITES/BPO service organizations • We need to generate ‘Trust & Confidence’
  • 23. Model Followed Internationally • Internationally, the general approach has been to have legal drivers supported by suitable verification mechanism. • For example, in USA Legal drivers have been – SOX – HIPPA – GLBA – FISMA etc. • In Europe, the legal driver has been the “Data Protection Act” supported by ISO27001 ISMS.
  • 24. 24 Confidentiality INFORMATION SECURITY Integrity Availability Authenticity Security Policy People Process Technology Regulatory Compliance Access Control Security Audit User Awareness Program Incident Response Firewall, IPS/IDS Encryption, PKI Antivirus Information Security Management
  • 25. Cyber Security Strategy – India • Security Policy, Compliance and Assurance – Legal Framework – IT Act, 2000 – IT (Amendment) Bill, 2006 – Data Protection & Computer crimes – Best Practice ISO 27001 – Security Assurance Framework- IT/ITES/BPO Companies • Security Incident – Early Warning & Response – CERT-In National Cyber Alert System – Information Exchange with international CERTs • Capacity building – Skill & Competence development – Training of law enforcement agencies and judicial officials in the collection and analysis of digital evidence – Training in the area of implementing information security in collaboration with Specialised Organisations in US • Setting up Digital Forensics Centres – Domain Specific training – Cyber Forensics • Research and Development – Network Monitoring – Biometric Authentication – Network Security • International Collaboration
  • 26. Status of security and quality compliance in India • Quality and Security – Large number of companies in India have aligned their internal process and practices to international standards such as • ISO 9000 • CMM • Six Sigma • Total Quality Management – Some Indian companies have won special recognition for excellence in quality out of 18 Deming Prize winners for Total Quality Management in the last five years, six are Indian companies.
  • 27. ISO 27001/BS7799 Information Security Management • Government has mandated implementation of ISO27001 ISMS by all critical sectors • ISMS 27001 has mainly three components – Technology – Process – Incident reporting and monitoring • 296 certificates issued in India out of 7735 certificates issued worldwide • Majority of certificates issued in India belong to IT/ITES/BPO sector
  • 28.
  • 29. CERT-In Work Process Department of Information Technology Detection Analysis Dissemination & Support Analysis Recovery Detect Dissemination ISP Hot Liners Press & TV / Radio Home Users Private Sectors Major ISPs Foreign Ptns
  • 31. PC & End User Security: Auto Security Patch Update Windows Security Patch Auto Update ` ` ` No. of Download ActiveX: 18 Million Internet Microsoft Download Ctr. ActiveX DL Server Sec. Patch ActiveX Site
  • 32. Incident Response Help Desk PC & End User Security Internet PSTN • Make a call using 1800 – 11 - 4949 • Send fax using 1800 – 11 - 6969 • Communicate through email at incident@cert-in.org.in • Number of security incidents handled during 2008 (till Oct): 1425 • Vulnerability Assessment Service
  • 33. Int’l Co-op: Cyber Security Drill Joint International Incident Handling Coordination Drill • Participated APCERT International Incident Handling Drill 2006 • Participants: 13 APCERT Members and New Zealand, Vietnam including 5 major Korean ISPs • Scenario: Countermeasure against Malicious Code and relevant infringement as DDoS attack • Participated APCERT International Incident Handling Drill 2007 • Participants: 13 APCERT Members + Korean ISPs • Scenario: DDoS and Malicious Code Injection • To be Model: World Wide Cyber Security Incidents Drill among security agencies