ITU Regional Workshop on Bridging the Standardization Gap

Information and Network Security

Presentation by Philip Victor & Shahbaz KhanNadi, Fiji4th – 6th July 2011

About ITU-IMPACT

3

Global CoalitionITU-IMPACT

The International Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurity executing arm of the United Nations’ (UN) specialised agency - the International Telecommunication Union (ITU) - bringing

together governments, academia and industry experts to enhance the global community’s capabilities in dealing with cyber threats.

4

Framework for International Cooperation

ITU’s Global Cybersecurity Agenda (GCA)

ITU’s Global Cybersecurity Agenda (GCA) – UN backed framework to enhance confidence and security in the information society.

Global Cybersecurity Agenda

5

Operationalising the Global Cybersecurity Agenda

6

Global CoalitionIndustryExperts

AcademiaInternationa

l Bodies

192 192 Partner Partner

CountriesCountries

ThinkTank

IMPACT’s Global Alliances

UNUNSystemSystem

7

134 countries have joined the ITU-IMPACT coalition

Cybersecurity Services Deployed

8

2009 - 2011ITU-IMPACT Milestones

1. Global Response Centre

a) Deployed cybersecurity services across 100 over countries globally

b) Incident remediation coordination by the Global Response Centre for various governments globally

c) Conducted cybersecurity assessments/workshops for 24 countries globally

2. Centre for Training & Skills Development

a) Trained over 200 cybersecurity professionals and practitioners in 2010

b) Deployed 180 scholarships to 31 partner countries globally (SANS & EC-Council)

c) Trained 50 law enforcement officers globally on Network Investigation

3. Centre for Policy & International Cooperation

a) Conducted 7 high level briefings with industry partners for over 300 participants from partner countries

b) ITU-IMPACT Partner Forum – participation from 7 global industry partners

c) IMPACT collaborated with the US Department of Defense to sponsor the international category winners for the DC3 Forensics challenge in 2009 and 2010

4. Centre for Research and Security Assurance

a) Successfully implemented IMPACT Government Security Scorecard (IGSS) for Malaysian Administration and Modernisation Planning Unit (MAMPU), Prime Minister’s Department, Malaysia

Information & Network Security

10

Technology TrendIntroduction - Information Security

Stone Iron Industry Information Age!

The world has now moved fromNATURAL RESOURCES to INFORMATION ECONOMY

Today, information is a key asset of almost every organization and individual!

11

Information Security SpaceIntro. - Information Security

Basic Idea CIA

12

Security Scenarios (Confidentiality)

Information Security – Key Areas

• Once spying was person against person, country against country.

• Today, cyber criminals sit on fiber-optic cables and our Wi-Fi networks.

• They steal data and information without breaking any glass.

• Keeping data confidential is one core mission of information security

13

Incorrect Information (Integrity)

Information Security – Key Areas

• Wrong information is worse than no information.

• When users of information lose confidence that the information is accurate, they’ll never rely on it.

• Maintaining data integrity is also a core mission of information security.

14

Inaccessible Information (Availability)

Information Security – Key Areas

• Information security doesn’t mean locking everything down.

• If people don’t have the information they need, they can’t do their jobs.

• Information security professionals must be able to balance access to information and the risk of damage.

• A third core mission of Information Security is making information available when needed.

15

How to start?

Information Security

16

Things to do

17

18

19

20

Security tasks

21

Vulnerability AssessmentInternet

22

Vulnerability AssessmentInternet

External Scanner

Internal Scanner

23

Penetration TestingInternet

24

Penetration TestingInternet

External Hacker

25

Penetration TestingInternet

Internal Attacker

26

Web Application Assessment

Attacker(Browser)

HTTP/HTTPS(Transport Layer)

IIS, APACHE, etc.(Middle Tier)

MSSQL. MYSQL, etc.(Database Tier)

Identify security vulnerabilities and exploitable elements residing within the web applications.

27

Reactive Services

28

Proactive ServicesInternet

29

Data Leakage PreventionInternet

30

Human Capacity Building

Provide quality and current information security trainings

31

Things to do - Summary

IMPACTJalan IMPACT63000 CyberjayaMalaysia

T +60 (3) 8313 2020F +60 (3) 8319 2020E contactus@impact-alliance.orgimpact-alliance.org © Copyright 2011 IMPACT. All Rights Reserved.

Thank youwww.facebook.com/impactalliance