This document discusses cyber security from past, present, and future perspectives. It notes that cyber security has evolved from an immature field to one that will become more scientific and technology-centric over time. The document outlines key cyber threats such as botnets, targeted attacks, and the underground economy that supports them. It also summarizes India's cyber security strategy, noting the importance of legal frameworks, incident response, capacity building, research and development, and international collaboration to enhance cyber security.
The document discusses information security workshops offered by Pinaka Technology Solutions to help organizations strengthen their security governance and increase user awareness of threats like phishing. The workshops cover topics such as security policies, risk management, and social engineering attacks, and are aimed at executives, IT staff, and other personnel handling sensitive data. Details are provided on workshop content, duration, cost, and customization options.
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
This document discusses cybercrime and cyber security challenges in Africa. It notes that while internet penetration is growing, broadband access remains low. Mobile networks are the primary way Africans access the internet. Cybercriminals target both individuals and networks across borders through social media and mobile phones. African governments recognize cyber security issues but have limited capabilities. The document recommends capacity building, international cooperation, and establishing legal frameworks to promote cyber security in Africa.
The document discusses the main cybersecurity challenges faced in social computing. It identifies several key challenges: (1) big data breaches as more personal data is collected and stored; (2) the expansion of AI which could help detect cyberattacks but also poses risks; and (3) limited IT resources making it difficult for organizations to adequately monitor and secure expanding networks and devices. Additional challenges discussed include threats posed by the growing number of internet-connected devices and vulnerabilities in serverless applications. Real-world examples are provided to illustrate incidents and the potential damage from successful cyberattacks.
A security awareness presentation created for an audience of senior officials from MTNL (India's foremost telecom PSU). The presentation covers fundamentals of Information Security, it's evolution, present day risks from the IT and Telecom infrastructure perspective.
This document discusses bring your own device (BYOD) policies in enterprises. It notes that the mobile device market is thriving, with growing usage of personal devices for work purposes by physicians and other professionals. It outlines considerations for allowing employee-owned devices onto corporate networks, including how to provide secure access while protecting data and delivering mobile apps. The document discusses developing a holistic enterprise mobility strategy and solution that provides security, manageability, scalability and support for multiple mobile operating systems. It also raises questions that organizations should address around compliance, risk tolerance and device support when developing a BYOD policy.
The document discusses various types of wireless network attacks including Bluetooth, Near Field Communication (NFC), and Radio Frequency Identification (RFID) attacks. It also covers vulnerabilities in IEEE 802.11 wireless security standards and the evolution of wireless networking standards over time with increasing speeds and capabilities. Common attacks described are bluejacking, bluesnarfing, eavesdropping, man-in-the-middle, and unauthorized access of wireless networks or tagged devices. The document emphasizes the importance of securing wireless networks and devices to prevent such attacks and data theft.
Internet of things are exploding. This whitepaper would help product developers to understand the Security and Privacy issues, their impact and a recommendation for embedding the best practices during PDLC.
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
This document provides an overview of information security and privacy presented by Nawanan Theera-Ampornpunt. It covers topics such as protecting information privacy and security, user security, software security, cryptography, malware, and security standards. Specific threats to information security in Thailand are discussed such as hackers, viruses, insider threats, and natural disasters. The consequences of security attacks on information, operations, individuals, and organizations are also reviewed.
The document discusses cybersecurity, including the different types of cyber criminals and cybersecurity specialists. It describes common cybersecurity threats like hacking, malware, and data breaches that can affect individuals, businesses, and organizations. The document also examines factors that contribute to the spread of cybercrime, such as software vulnerabilities, mobile devices, and the growth of internet-connected devices and large datasets. It outlines efforts to increase the cybersecurity workforce through frameworks, certifications, and professional development opportunities for cybersecurity experts.
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
Understand the cyber threat facing APAC organisations, current legislation and how to utilise international standards to get your business cyber secure in this informative webinar, hosted by Alan Calder.
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
This webinar will provide more information on the importance of information security and how you can take security well beyond compliance, an approach on building strong information security, privacy and data governance programs, and the importance of strong data governance in relation to privacy and information security requirements.
The webinar covers
• Information Security
• Importance Of Information Security Today
• Taking Information Security Beyond A Compliance First
• Importance Of Data Governance In Information Security
• Privacy
• Changing And Evolving Privacy Requirements
• Importance Of Data Governance In Privacy
• Data Governance And Data Privacy
• Data Privacy - Data Processing Principles
Presenters:
Moji is a Senior Business Process Analyst working with GemaltoThales, a leading firm in the IT industry. Moji has over fifteen years of experience in leading projects to improve processes, create and implement processes leading to increased revenue generation and eliminate redundancies.
She has a zeal for adding value and increasing revenue for organizations. Moji is very passionate about Data Privacy and its application in business and consumer rights.
Hardeep Mehrotara has 20+ years of senior leadership experience in Information Technology and Cyber Security working for public and private organizations building security programs from the ground up. He has been featured on Canadian television as a cyber expert and provided advice to various communities on implementing cybersecurity strategy, best practices and controls. He has been a co-author on numerous leading industry security control frameworks, technical benchmarks and industry best practice standards.
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/aQcS5-RFIEY
Website link: https://pecb.com/
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
The document discusses information and communication technology (ICT) supply chain security risks, existing practices for managing these risks, and emerging standards and frameworks. It notes risks like intentional insertion of malware, use of counterfeit components, and poor security practices in supplier networks. Additionally, it outlines government and industry efforts to develop guidelines and best practices for ICT supply chain risk management.
ACS Talk (Melbourne) - The future of securitysiswarren
This document summarizes a presentation on the future of information security. It discusses trends that will impact security such as increased network speeds, wireless devices, cloud computing and the internet of things. It also covers issues like the decline of traditional computers, increased cyber attacks, the importance of online identity, hacktivism, and the need for improved security training and qualifications. The document concludes that the complexity of security will continue growing and attacks will have greater potential impacts, making security an even more important issue going forward.
106 Threat defense and information security development trendsSsendiSamuel
This document discusses information security trends and the importance of security awareness. It covers three key topics: security threat defense, information security awareness, and information security development trends. Regarding security awareness, the document emphasizes that people are the weakest link in security and discusses how to foster awareness, such as by remaining vigilant online and thinking like a detective. For future trends, it predicts security as a service, the increasing importance of endpoint detection, moving from IP to application-based traffic control, and software-defined security solutions.
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
The document provides an overview of cybersecurity strategy and recommendations for implementation from Jim Rutt, CTO of the Dana Foundation. It discusses that defense in depth alone is not enough given cloud computing and smartphones. It recommends justifying investments with metrics, focusing on user education, and preparing for tools that will be available in 1-3 years. Broad types of security incidents and why cybersecurity is more than an IT problem are outlined. A strategy for program management includes reviewing legislation, gaining executive support, choosing a framework, organizing implementation, risk assessment, and defensive measures and training.
This document provides an overview of the KTH Applied Information Security Lab at NUST in Islamabad, Pakistan. It discusses the lab's vision and focus on bridging research and solving cybersecurity problems. It outlines the lab's achievements, including organized workshops and seminars for students, and funded/non-funded research projects in domains like cloud security and digital forensics. It also profiles the lab's faculty and staff and describes some of their current and past funded projects, industrial collaborations, and events.
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
Over 10,000 new cybersecurity technologies are developed each year yet we do not see a correlating decrease in cybersecurity threats. This is because cybersecurity isn’t a mere computer science problem. The most vulnerable part in the security chain is humans. But humans are also a valuable asset in countering cybersecurity threats. A kaleidoscope is constantly changing pattern or sequence of elements. In cyber we need to shake the kaleidoscope to create new ways of both identifying and solving problems.
This presentation will be somewhat unorthodox. Maurushat will weave a story through the thread of human behaviour and cybersecurity with the primary objective of making sense out of chaos. What do Mars Bars, Perestroika, Carrots, Transylvania, Robin Hood, Talin, Majong, Anti-Vaccination, the Mayor of Montreal, Tails and Pineapples have to do with cybersecurity?
In her presentation, Professor Maurushat encapsulates key human behaviour issues in cybersecurity based on 17 years of experience and research in ethical hacking, vulnerability markets, cybercrime investigations and cybersecurity policy consultation with governments and intelligence agencies.
There are no easy answers to cybersecurity challenges. However, this presentation will stimulate thinking about how to use the power of human behaviour to improve cybersecurity through emerging fields of behaviour data engineering, artificial intelligence, behavioural economics and neuro-diversity as evolution.
This document discusses cyber security and provides information on various cyber security domains and threats. It begins with an introduction to cyber security and defines what cyber security is. It then outlines five main cyber security domains: 1) critical infrastructure security, 2) network security, 3) application security and cloud security & information security, 4) storage security & mobile security, and 5) information security. For each domain, it provides details on what they involve and examples. The document also discusses common cyber threats, dangerous cyber security myths, and provides dos and don'ts for cyber security.
This slide is a small introduction for cyber security.
What is cyber security?
Why do we need cyber security?
What are the benefits of cybersecurity?
Types of cyber security threats
How to prevent the breaches?
Some real attacks
Cyber crimes are on the rise and especially prevalent during the global pandemic where hackers leverage the vulnerabilities of organisations for new opportunities through technology.
Hospitals, for instance, are more likely to pay ransoms to restore access to their servers. Similarly, criminals may believe that corporations grappling with economic turmoil or logistical crises will be similarly easy to manipulate.
1. The document discusses cybersecurity risks from the consumer perspective based on lessons learned during the COVID-19 pandemic.
2. It outlines increased internet usage and cyber threats during the pandemic such as ransomware, malware, and phishing scams.
3. The document recommends cybersecurity best practices for organizations like user training, latest antivirus and patches, cloud security, digital signatures, and network security investments to mitigate risks from remote work and increased online activity.
This document discusses several major cybersecurity challenges including ransomware evolution, blockchain revolution, IoT threats, AI expansion, and serverless app vulnerabilities. It emphasizes that with the rise in cyber attacks, all organizations need security analysts and strategies to properly secure their data and systems. New technologies like blockchain, AI, and serverless apps present both opportunities and risks that security professionals must navigate.
EMEA10: Trepidation in Moving to the CloudCompTIA UK
Today’s buzz centres on cloud computing. What is it exactly? Will it dent your revenues or does it have potential to add capabilities to your business? How do you deliver value when you don’t “install” anything? Learn how to use this new approach to delivering IT services in your business, what to consider and where it makes sense – and where it doesn’t! Dave Sobel, CEO of Evolve Technologies, talks to you about how to develop cloud offerings and how you position your business for growth around online services. Strategies come from real life experience, industry data, and collaboration with other solution providers to give you the best way to take on the big, bad cloud.
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
The document discusses the risks posed by increased digital connectivity and cybersecurity issues in an interdependent global economy. It notes that while advancements have benefits, they also introduce new risks like cyber crimes, warfare, and espionage. The top global risks identified are income disparity, extreme weather events, unemployment, climate change, and cyber attacks. To address cyber risks, coordinated efforts are needed from individuals, technology users, providers, governments, and through global cooperation. This includes following security best practices, information sharing, developing legal norms, and collaborating across jurisdictions.
This document discusses a potential cybersecurity assessment for a customer by a SAM and cloud partner. It provides an overview of what a cybersecurity assessment entails and the benefits it could provide to both partners and customers. For partners, it is an opportunity to strengthen relationships with customers and discuss additional cloud and software opportunities. For customers, an assessment establishes good security practices, prepares their environment to respond to threats, and helps minimize cyber risks and their related costs. The document then outlines UnifyCloud's tools and services that can help customers assess, remediate, and monitor their environment as they migrate workloads to the cloud with Microsoft solutions like Office 365 and Azure.
Jason Smith shared cyber security trends from 2018 into the beginning of 2019 at the SCTBA Convention, how the threat actor model has changed, and what businesses should do.
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
The document discusses securing payment transactions in the cloud. It discusses common myths about cloud security, including that the cloud is not secure, trusted, or compliant. However, it argues that following best practices like PCI guidelines and using a managed cloud solution can securely decouple payment data. It provides an example of a utility company that processes millions of transactions securely in the cloud each month and discusses how to evaluate cloud vendors to find one that can help mitigate risks and address compliance needs.
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 14 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Cyber Security is: “Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.”
This document discusses cybersecurity risks and strategies for insurers. It notes that as cyber threats have increased, insurers must gain a deeper understanding of cyber risks to develop effective cyber liability policies. Insurers need to maintain the confidentiality, integrity, and availability of systems and data. The document recommends that insurers take proactive approaches to cybersecurity, such as developing long-term security programs, investing in cybersecurity, and integrating cyber risks into enterprise risk management. It also discusses emerging threats, the importance of data integrity, and how technologies like keyless signature infrastructure can help address issues.
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...Prasanna Hegde
The document outlines a proposed product strategy for developing a comprehensive cybersecurity solution for the decentralized future of Web3. It involves conducting market research and a customer analysis to understand needs and trends. The strategy defines the company's goals, highlights opportunities in Web3 security, and proposes a set of core product features to protect blockchain networks, smart contracts, decentralized applications, cryptocurrency transactions, and Web3 identities. These features are aimed at addressing common customer pain points around security, scalability, and ease of use. The strategy also covers pricing, distribution, marketing, and targeting key customer segments in a way that positions the solution as unique in the competitive landscape.
Because IP video cameras are networked, partnering with a technology vendor who knows networking technologies is critical. This is a skill that many traditional video surveillance firms lack thus increasing the reliability of the network security service provider.
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
Presentation from IBM InterConnect 2016 . With growth in the number of business applications and exponential growth in connectivity between applications and systems, it is important to understand not just how to implement security, but why it is important to ensure all parts of the business can appreciate it and apply the right levels of security to their messaging system use. - jointly presented by Leif Davidsen and Rob Parker
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
These slides were presented at Interconnect with Leif Davidsen presenting why securing your environment is important and then i presented what security features in IBM MQ can be used to protect your environment.
Here you learn about the Cyber Security - Terminologies and its basics and cbyer security threats as well. Slides covering digital knowledge of internet.After going through the slides you will become aware of cyber security basics.
Similar to Cyber security general perspective a (20)
INDIAN AIR FORCE FIGHTER PLANES LIST.pdfjackson110191
These fighter aircraft have uses outside of traditional combat situations. They are essential in defending India's territorial integrity, averting dangers, and delivering aid to those in need during natural calamities. Additionally, the IAF improves its interoperability and fortifies international military alliances by working together and conducting joint exercises with other air forces.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
Details of description part II: Describing images in practice - Tech Forum 2024BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and transcript: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
How to Avoid Learning the Linux-Kernel Memory ModelScyllaDB
The Linux-kernel memory model (LKMM) is a powerful tool for developing highly concurrent Linux-kernel code, but it also has a steep learning curve. Wouldn't it be great to get most of LKMM's benefits without the learning curve?
This talk will describe how to do exactly that by using the standard Linux-kernel APIs (locking, reference counting, RCU) along with a simple rules of thumb, thus gaining most of LKMM's power with less learning. And the full LKMM is always there when you need it!
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
Implementations of Fused Deposition Modeling in real worldEmerging Tech
The presentation showcases the diverse real-world applications of Fused Deposition Modeling (FDM) across multiple industries:
1. **Manufacturing**: FDM is utilized in manufacturing for rapid prototyping, creating custom tools and fixtures, and producing functional end-use parts. Companies leverage its cost-effectiveness and flexibility to streamline production processes.
2. **Medical**: In the medical field, FDM is used to create patient-specific anatomical models, surgical guides, and prosthetics. Its ability to produce precise and biocompatible parts supports advancements in personalized healthcare solutions.
3. **Education**: FDM plays a crucial role in education by enabling students to learn about design and engineering through hands-on 3D printing projects. It promotes innovation and practical skill development in STEM disciplines.
4. **Science**: Researchers use FDM to prototype equipment for scientific experiments, build custom laboratory tools, and create models for visualization and testing purposes. It facilitates rapid iteration and customization in scientific endeavors.
5. **Automotive**: Automotive manufacturers employ FDM for prototyping vehicle components, tooling for assembly lines, and customized parts. It speeds up the design validation process and enhances efficiency in automotive engineering.
6. **Consumer Electronics**: FDM is utilized in consumer electronics for designing and prototyping product enclosures, casings, and internal components. It enables rapid iteration and customization to meet evolving consumer demands.
7. **Robotics**: Robotics engineers leverage FDM to prototype robot parts, create lightweight and durable components, and customize robot designs for specific applications. It supports innovation and optimization in robotic systems.
8. **Aerospace**: In aerospace, FDM is used to manufacture lightweight parts, complex geometries, and prototypes of aircraft components. It contributes to cost reduction, faster production cycles, and weight savings in aerospace engineering.
9. **Architecture**: Architects utilize FDM for creating detailed architectural models, prototypes of building components, and intricate designs. It aids in visualizing concepts, testing structural integrity, and communicating design ideas effectively.
Each industry example demonstrates how FDM enhances innovation, accelerates product development, and addresses specific challenges through advanced manufacturing capabilities.
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
What's Next Web Development Trends to Watch.pdfSeasiaInfotech2
Explore the latest advancements and upcoming innovations in web development with our guide to the trends shaping the future of digital experiences. Read our article today for more information.
7 Most Powerful Solar Storms in the History of Earth.pdfEnterprise Wired
Solar Storms (Geo Magnetic Storms) are the motion of accelerated charged particles in the solar environment with high velocities due to the coronal mass ejection (CME).
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Cookies program to display the information though cookie creation
Cyber security general perspective a
1. 1
Cyber Security General Perspective
1
Towards a Secure Digital Future
Zimbabwe , June 2015
Dr. Whisper Rukanda
wr@mornipac.co.za
This report is solely for the use at CSZ presentation. No part of it may be circulated, quoted, or reproduced for distribution outside the client
organization without prior written approval from MorniPac Consultants This material was used by MorniPac Consultants during an oral presentation; it
is not a complete record of the discussion.
Computer Society of Zimbabwe
Business School
2. PAST, PRESENT
Cyber security is a young and immature field
The attackers are more innovative than defenders
Defenders are mired in FUD (fear, uncertainty and doubt) and
fairy tales
Attack back is illegal or classified
FUTURE
Cyber security will become a scientific discipline
Cyber security will be application and technology centric
Cyber security will never be “solved” but will be “managed”
Attack back will be a integral part of cyber security
3. Cyber Security Objectives
CONFIDENTIALITY
disclosure
3
CONFIDENTIALITY
disclosure
USAGE
purpose
CONFIDENTIALITY
disclosure
USAGE AVAILABILITY
access
INTEGRITY
authenticity
USAGE
purpose
Security Objectives:
Black-and-white to shades
of grey
Attackers:
Innovative beyond belief
Defenders:
Need new doctrine
Major Innovations
Botnets,
Robust underground economy and supply chain
Targeted attacks , Stealthy attacks
Some Examples
Drive by downloads
Scareware, Doctored online statements
Long-lived stealth attacks
Status
Attackers have sizable inventory of known
but unused or rarely used tricks
Innovation will continue
4. Web Sites (WWW)
1993 Web Invented and implemented
130 Nos. web sites
1994 2738 Nos.
1995 23500 Nos.
2007 550 Million Nos.
2008 850 Million Nos.
Web Evolution
6. Innovation fostering the Growth of NGNs
• Smart devices
– Television
– Computers
– PDA
– Mobile Phone
(Single device to provide an end-to-end, seamlessly secure access)
• Application Simplicity
– Preference of single, simple and secure interface to access
applications or content
– Ubiquitous interface - web browser
• Flexible Infrastructure
Because of these areas of evolution, today’s NGNs are defined
more by the services they support than by traditional demarcation
of Physical Infrastructure.
7. The Emergence of NGNs
• The communication network operating two years ago
are father’s telecommunication Network.
• NGNs are teenager’s Network.
• No longer consumer and business accept the
limitation of single-use device or network.
• Both individuals and Business want the ability to
communicate, work and be entertained over any
device, any time, anywhere.
• The demand of these services coupled with innovation
in technology is advancing traditional
telecommunication far outside its original purpose.
8. 8
The Complexity of Today’s Network
Changes Brought in IT
• Large network as backbone for
connectivity across the country
• Multiple Service providers for
providing links – BSNL, MTNL,
Reliance, TATA, Rail Tel
• Multiple Technologies to support
network infrastructure CDMA, VSAT,
DSL
• Multiple Applications
Router
Internet
Intranet
`
Unmanaged
Device
New PC
Internet
Perimeter
Network
Branch
Offices
Remote Workers
Home Users
Unmanaged
Devices
Router
RouterRouter
Router
` ` `
` ` `
Branch
Offices
Desktops
Laptops
Servers
Extranet Servers
Router
Network
Infrastructure
Unmanaged
Devices
Perimeter Network
Servers
Trends shaping the
future
• Ubiquitous computing, networking
and mobility
• Embedded Computing
• Security
• IPv6
• VoIP
9. Challenges for Network Operator
• Business challenges include new Pricing
Structure, new relationship and new competitors.
• Technical challenges include migrating and
integrating with new advances in technologies
from fibre optics, installation of Wi-Fi support.
• Developing a comprehensive Security Policy and
architecture in support of NGN services.
10. To Reap Benefits
• To reap benefits of NGN, the operator must
address
– Technology
– Risk
– Security
– Efficiency
11. NGN Architecture
Identify Layer
Compromises of end users owned by a telecom or a
third-party service provider accessing services using
devices like PC, PDA or mobile phone, to connect to
the Internet
Service Layer
Hosts service applications and provides a
framework for the creation of customer-focused
services provided by either operator or a third-party
service provider
Network Layer
Performs service execution, service management,
network management and media control functions
Connects with the backbone network
InternetThird-Party
Application
Untrusted
Web Tier
Service Provider
Application
Service
Delivery
Platform
(Service
Provider )
Service Delivery Platform
Common Framework
Backbone Network
Partly
Trusted
12. 12
Growing Concern
• Computing Technology has turned against us
• Exponential growth in security incidents
– Pentagon, US in 2007
– Estonia in April 2007
– Computer System of German Chancellory and three Ministries
– Highly classified computer network in New Zealand &
Australia
• Complex and target oriented software
• Common computing technologies and systems
• Constant probing and mapping of network systems
13. Cyber Threat Evolution
Virus
Breaking
Web Sites
Malicious
Code
(Melissa)
Advanced Worm /
Trojan (I LOVE
YOU)
Identity Theft
(Phishing)
Organised Crime
Data Theft, DoS /
DDoS
1995 2000 2003-04 2005-06 2007-081977
14. Cyber attacks being observed
• Web defacement
• Spam
• Spoofing
• Proxy Scan
• Denial of Service
• Distributed Denial of Service
• Malicious Codes
– Virus
– Bots
• Data Theft and Data Manipulation
– Identity Theft
– Financial Frauds
• Social engineering Scams
16. Trends of Incidents
• Sophisticated attacks
– Attackers are refining their methods and consolidating assets to
create global networks that support coordinated criminal
activity
• Rise of Cyber Spying and Targeted attacks
– Mapping of network, probing for weakness/vulnerabilities
• Malware propagation through Website intrusion
– Large scale SQL Injection attacks like Asprox Botnet
• Malware propagation through Spam on the rise
– Storm worm, which is one of the most notorious malware
programs seen during 2007-08, circulates through spam
17. Trends of Incidents
• Phishing
– Increase in cases of fast-flux phishing and rock-phish
– Domain name phishing and Registrar impersonation
• Crimeware
– Targeting personal information for financial frauds
• Information Stealing through social networking sites
• Rise in Attack toolkits
– Toolkits like Mpack and Neospolit can launch exploits for
browser and client-side vulnerabilities against users who
visit a malicious or compromised sites
20. 20
Three faces of cyber crime
• Organised Crime
• Terrorist Groups
• Nation States
21. Security of Information Assets
• Security of information & information assets is becoming a
major area of concern
• With every new application, newer vulnerabilities crop up,
posing immense challenges to those who are mandated to
protect the IT assets
• Coupled with this host of legal requirements and
international business compliance requirements on data
protection and privacy place a huge demand on
IT/ITES/BPO service organizations
• We need to generate ‘Trust & Confidence’
23. Model Followed Internationally
• Internationally, the general approach has been to
have legal drivers supported by suitable
verification mechanism.
• For example, in USA Legal drivers have been
– SOX
– HIPPA
– GLBA
– FISMA etc.
• In Europe, the legal driver has been the “Data
Protection Act” supported by ISO27001 ISMS.
24. 24
Confidentiality
INFORMATION SECURITY
Integrity Availability Authenticity
Security Policy
People
Process
Technology
Regulatory Compliance
Access Control
Security Audit
User Awareness Program
Incident Response
Firewall, IPS/IDS
Encryption, PKI
Antivirus
Information Security Management
25. Cyber Security Strategy – India
• Security Policy, Compliance and Assurance – Legal Framework
– IT Act, 2000
– IT (Amendment) Bill, 2006 – Data Protection & Computer crimes
– Best Practice ISO 27001
– Security Assurance Framework- IT/ITES/BPO Companies
• Security Incident – Early Warning & Response
– CERT-In National Cyber Alert System
– Information Exchange with international CERTs
• Capacity building
– Skill & Competence development
– Training of law enforcement agencies and judicial officials in the collection and analysis of digital
evidence
– Training in the area of implementing information security in collaboration with Specialised
Organisations in US
• Setting up Digital Forensics Centres
– Domain Specific training – Cyber Forensics
• Research and Development
– Network Monitoring
– Biometric Authentication
– Network Security
• International Collaboration
26. Status of security and quality compliance
in India
• Quality and Security
– Large number of companies in India have aligned their
internal process and practices to international standards
such as
• ISO 9000
• CMM
• Six Sigma
• Total Quality Management
– Some Indian companies have won special recognition for
excellence in quality out of 18 Deming Prize winners for
Total Quality Management in the last five years, six are
Indian companies.
27. ISO 27001/BS7799 Information Security
Management
• Government has mandated implementation of
ISO27001 ISMS by all critical sectors
• ISMS 27001 has mainly three components
– Technology
– Process
– Incident reporting and monitoring
• 296 certificates issued in India out of 7735
certificates issued worldwide
• Majority of certificates issued in India belong to
IT/ITES/BPO sector
29. CERT-In Work Process
Department of
Information
Technology
Detection Analysis Dissemination & Support
Analysis
Recovery
Detect
Dissemination
ISP Hot Liners
Press & TV /
Radio
Home Users
Private Sectors
Major ISPs
Foreign Ptns
31. PC & End User Security: Auto Security Patch Update
Windows Security Patch Auto Update
`
`
`
No. of Download ActiveX: 18 Million
Internet
Microsoft Download Ctr.
ActiveX DL Server
Sec. Patch ActiveX Site
32. Incident Response Help Desk
PC & End User Security
Internet
PSTN
• Make a call using 1800 – 11 - 4949
• Send fax using 1800 – 11 - 6969
• Communicate through email at incident@cert-in.org.in
• Number of security incidents handled during 2008 (till Oct): 1425
• Vulnerability Assessment Service
33. Int’l Co-op: Cyber Security Drill
Joint International Incident Handling Coordination Drill
• Participated APCERT International Incident
Handling Drill 2006
• Participants: 13 APCERT Members and New
Zealand, Vietnam including 5 major Korean
ISPs
• Scenario: Countermeasure against Malicious
Code and relevant infringement as DDoS attack
• Participated APCERT International Incident
Handling Drill 2007
• Participants: 13 APCERT Members + Korean
ISPs
• Scenario: DDoS and Malicious Code Injection
• To be Model: World Wide Cyber Security
Incidents Drill among security agencies