Pyramid of Cyber Security

PYRAMID of Cyber SecurityPYRAMID of Cyber Security
Current rules of IT Security are not a dogma, what not worksCurrent rules of IT Security are not a dogma, what not works
well, it must be changedwell, it must be changed
author : Jiří Nápravník
napravnik.jiri@salamandr.cz

People create software, computer viruses and CyberPeople create software, computer viruses and Cyber
security rulessecurity rules
People can change this !!People can change this !!

● When a child wants to ride a bike, he/ she must
learn to sit, stand, walk, then hold your balance
while running and only then has the chance to
learn to ride a bicycle well.
● In the IT environment is an important initial
steps omitted. That is the
cause of persistent problems
with IT security and data
protection.

Content :
● IT and non-IT environment
● The Three Laws of Cyber Securiry
● Analysis of the source code
● Methods for user login

IT and non-IT environment
– Food, toysFood, toys
● Testing food or toys for harmful substances
● ISO 7002, ISO 6541, etc.
– CarsCars
● NCAP crash tests
● ISO 16949, etc.
– SoftwareSoftware
● In SW is a lot of mistakes. “Specialist” say : It is not possible to do
otherwise.
● In the software was hidden features - http://www.eeggs.com/tree/1119.html

IT and non-IT environment
•
Production of Food or Cars must respect the laws of nature - biology,Production of Food or Cars must respect the laws of nature - biology,
chemistry, physics, etc.chemistry, physics, etc.
•
Creating software is only human activity which does not respect the laws ofCreating software is only human activity which does not respect the laws of
nature.nature.
✔
Quality and security software are based only on human workQuality and security software are based only on human work

The current state of IT security
● First, there was created the HW / SW
market, free and uncontrolled market.
After several security incidents are dealt IT
security
● How to solve security, today say authors
SW and advisors
● Cyber Security is now a business
● Authors SW claims to customers that there
is no other solution

The current state of IT Security
Flaw, Back Door is maybe the interest of creators and
governments
Today there is no evidence for
or against
This is a great system errorThis is a great system error
Is time to change the Cyber SecurityIs time to change the Cyber Security

The current state of IT Security
In fact :
● The virus can attacks the adversary system, but
can turn against its creators
● Misinformation and concealment makes it
difficult for revealing the actual attacker, and
may be accused innocent
● Revealing and description of the virus is a source
of information for other virus writers

Corfirmation Bias
● The current solution is the only possible
● It is not possible to create better solutions
● Users are inexperienced, inattentive.They are
the greatest risk to IT

To whom help the change of the basics of IT and who earn on it?
• Owners, CEOs, CIOs, CSIOs, users and admins
• Confidence returns to IT
• Changes will also help authors SW
• It will also help authors of
security solutions

TheThree Laws of Cyber Security
Basis of security
for the entire
field of IT

● It will be a basic control mechanism
● Compares the parameters of file from the user's computer and compares it
with the same file by the author SW
● This a new control mechanism is for all operating systems and applications.
Can check Desktop, Server, smartphone, tablet, SCADA / PLC, IoT, etc.
Can also check the firmware and all files from the upgrade.

● It will be a basic check mechanism
● In the users device (PC, phone, SCADA, IoT) will not be able to install a file
that can not be verified
● In the users device can not run the application whose parts (files and/ or
libraries) can not be verified
● File that changed the virus, hacker or some other error is detected quickly
and can not be run on the device (PC, phone, SCADA, IoT, etc.)

Possible objections - this solutions do not solve weaknesses in the software
(operating systems or app)
● YES. Reducing the number of weaknesses is the task for the authors SW
● TheThree Laws of Cyber security set rules to prevent editing files by a virus
or hackers
● The system, which will be useTheThree Laws of Cyber security, will be
resistant computer viruses

Analysis of the source code
Analysis will contribute
to a sustained reduction
of weaknesses or close
backdoor in the programs

● Tools for searching weaknesses in source code already exist
● Tools are becoming increasingly sophisticated
● Now, in the present analysis / modernization of the source code is not
mandatory. It depends on the access of SW firms

● There are projects
– OWASP, etc.
● Exist commercial solutions
● Checkmarx, Klockwork,VERACODE, atd.
●
Now is not pressure on SW companies to carry out an analysis of theNow is not pressure on SW companies to carry out an analysis of the
source codesource code

TheThree Laws of Cyber Security and
● TheThree Laws of Cyber Security ensures that in the device (PC, phone,
SCADA, IoT, etc.) will not run an infected or unknown program.
● Analysis of the source code will help improve quality of SW.This will
reduce the space through which hacker can to exploit file

TheThree Laws of Cyber Security and
● The first and second level of the pyramid of ICT security remove virus
infections and hacker attacks through bugs/ vulnerabilities in the
programs.
● The next level - attack using stolen username and password
– It's a similar situation as theft and misuse of keys from an apartment or car

Rules for users login
● In the IT environment is still talking about the fact that users use
passwords that can be easily guessed
● Human behavior is not easy to change
● Settings of server / login are easy to change

● Weak passwords
– Instead of an inexperienced user can solve the problem an experienced author and /
or the system administrator
– Creator of the system or administrator will always have more experience than a
regular user
– Creator of the system or the administrator can set restrictions that will prevent
users to use weak password

● Example beyond IT - seat belts in the car
– Useing seat belts is uncomfortable
– Many users are reluctant to use seat belts
● Solution: automobile manufacturers in the new models use control on
seat belts. If the driver moves off without a fastened seat belts then is
heard a warning.

1,Basis - comparing the checksums of the files in the user's device with
checksums same file from author SW
– The virus has no chance of long-term work in the user's device
2,The next level - Analysis of the source code of software, especially
operating systems
– Virus or hacker does not have a chance once-times or repeatedly abused
weaknesses in SW
3, Changed looking at user logon
– Millions of users can not be changed. A simpler is to change approach the authors
of applications like the changed approach automobile manufacturers to control
seat belts

Current rules of Cyber Security are not aCurrent rules of Cyber Security are not a
dogmadogma !!
● IT is the technical branch. Like in
mechanical or electrical engineering, it
is possible to change the outdated
solutions.
● It is therefore possible to change the
basics of the IT.

dogmadogma !!
● Do you really want to change the
situation in the Cyber security?
● Support the three laws of Cyber
security and other changes associated
with it.
● Share the link of this presentation, or
email us, thank you

dogmadogma !!
Thank you for your time and interest

Pyramid of Cyber Security

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Pyramid of Cyber Security

Similar to Pyramid of Cyber Security (20)

More from Jiří Napravnik

More from Jiří Napravnik (14)

Recently uploaded

Recently uploaded (20)

Pyramid of Cyber Security