Upload
isabel-page
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
ITU Regional Workshop on Bridging the Standardization Gap
Information and Network Security
Presentation by Philip Victor & Shahbaz KhanNadi, Fiji4th – 6th July 2011
About ITU-IMPACT
3
Global CoalitionITU-IMPACT
The International Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurity executing arm of the United Nations’ (UN) specialised agency - the International Telecommunication Union (ITU) - bringing
together governments, academia and industry experts to enhance the global community’s capabilities in dealing with cyber threats.
4
Framework for International Cooperation
ITU’s Global Cybersecurity Agenda (GCA)
ITU’s Global Cybersecurity Agenda (GCA) – UN backed framework to enhance confidence and security in the information society.
Global Cybersecurity Agenda
5
Operationalising the Global Cybersecurity Agenda
6
Global CoalitionIndustryExperts
AcademiaInternationa
l Bodies
192 192 Partner Partner
CountriesCountries
ThinkTank
IMPACT’s Global Alliances
UNUNSystemSystem
7
134 countries have joined the ITU-IMPACT coalition
Cybersecurity Services Deployed
8
2009 - 2011ITU-IMPACT Milestones
1. Global Response Centre
a) Deployed cybersecurity services across 100 over countries globally
b) Incident remediation coordination by the Global Response Centre for various governments globally
c) Conducted cybersecurity assessments/workshops for 24 countries globally
2. Centre for Training & Skills Development
a) Trained over 200 cybersecurity professionals and practitioners in 2010
b) Deployed 180 scholarships to 31 partner countries globally (SANS & EC-Council)
c) Trained 50 law enforcement officers globally on Network Investigation
3. Centre for Policy & International Cooperation
a) Conducted 7 high level briefings with industry partners for over 300 participants from partner countries
b) ITU-IMPACT Partner Forum – participation from 7 global industry partners
c) IMPACT collaborated with the US Department of Defense to sponsor the international category winners for the DC3 Forensics challenge in 2009 and 2010
4. Centre for Research and Security Assurance
a) Successfully implemented IMPACT Government Security Scorecard (IGSS) for Malaysian Administration and Modernisation Planning Unit (MAMPU), Prime Minister’s Department, Malaysia
Information & Network Security
10
Technology TrendIntroduction - Information Security
Stone Iron Industry Information Age!
The world has now moved fromNATURAL RESOURCES to INFORMATION ECONOMY
Today, information is a key asset of almost every organization and individual!
11
Information Security SpaceIntro. - Information Security
Basic Idea CIA
12
Security Scenarios (Confidentiality)
Information Security – Key Areas
• Once spying was person against person, country against country.
• Today, cyber criminals sit on fiber-optic cables and our Wi-Fi networks.
• They steal data and information without breaking any glass.
• Keeping data confidential is one core mission of information security
13
Incorrect Information (Integrity)
Information Security – Key Areas
• Wrong information is worse than no information.
• When users of information lose confidence that the information is accurate, they’ll never rely on it.
• Maintaining data integrity is also a core mission of information security.
14
Inaccessible Information (Availability)
Information Security – Key Areas
• Information security doesn’t mean locking everything down.
• If people don’t have the information they need, they can’t do their jobs.
• Information security professionals must be able to balance access to information and the risk of damage.
• A third core mission of Information Security is making information available when needed.
15
How to start?
Information Security
16
Things to do
17
18
19
20
Security tasks
21
Vulnerability AssessmentInternet
22
Vulnerability AssessmentInternet
External Scanner
Internal Scanner
23
Penetration TestingInternet
24
Penetration TestingInternet
External Hacker
25
Penetration TestingInternet
Internal Attacker
26
Web Application Assessment
Attacker(Browser)
HTTP/HTTPS(Transport Layer)
IIS, APACHE, etc.(Middle Tier)
MSSQL. MYSQL, etc.(Database Tier)
Identify security vulnerabilities and exploitable elements residing within the web applications.
27
Reactive Services
28
Proactive ServicesInternet
29
Data Leakage PreventionInternet
30
Human Capacity Building
Provide quality and current information security trainings
31
Things to do - Summary
IMPACTJalan IMPACT63000 CyberjayaMalaysia
T +60 (3) 8313 2020F +60 (3) 8319 2020E [email protected] © Copyright 2011 IMPACT. All Rights Reserved.
Thank youwww.facebook.com/impactalliance