Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security Assurance Management of Network and User Behavior Budi Rahardjo INDOCISC - ID-CERT -

Published byJoey Eaker Modified over 10 years ago

Similar presentations

Presentation on theme: "IT Security Assurance Management of Network and User Behavior Budi Rahardjo INDOCISC - ID-CERT -"— Presentation transcript:

1 IT Security Assurance Management of Network and User Behavior Budi Rahardjo INDOCISC - ID-CERT budi@indocisc.com - budi@cert.or.id http://budi.insan.co.id

2 2 Holistic approach PEOPLE PROCESS TECHNOLOGY awareness, skill... security as part of business process... implementation...

3 3 Topology of Security Holes www.bank.co.id Internet Web Siteuser ISP Sniffed flood spoof Virus, Trojan horse - Applications (database, Web server) attacked - OS attacked 1.Network 2.OS 3.Apps. / database Security Holes Userid, Password, PIN, credit card # Sniffed flood spoof

4 4 Why Network Security? More companies are connected to the Internet More attacks are peformed over network. No physical boundary Question: –how to manage network security? –Can it detect anomalous behaviors?

5 5 Rule of thumb: layered protection an example Web server(s) Firewal protect access to web server Firewall protect access to SQL Internet banking gateway core banking applications Internet Customer (with authentication device) IDS detect intrusions

6 6 Management Tools There are plethora of security management tools, but are –not integrated –still difficult to use –still at their infancy stage But its better than nothing, so use the tools!

7 7 People Threats are coming from –Outside –Inside 1999 CSI/FBI Computer Crime Survey Disgruntled workers86% Independent hackers74% US Competitors53% Foreign corp30% Forign gov.21%

8 8 People There must be a security culture from top to bottom –CEO, C* –… –even janitor! Awareness is important

9 9 Everybody must know the DOs and the DONTs DO –Change password regularly –… DONT –Share password –… This is part of policy and procedures

10 10 Incident Response Team There should be an IRT in the company –Handles incidents –Users know that they are responsible for their behaviors –Provides security trends in the company to executives –Q: Where should IRT report to?

11 11 Still missing in this slides... Process –Companys business process? –Policy & procedures?

12 12 Concluding Remarks Security is a continuous process Manage your network and users SECURITY LIFECYCLE

Download ppt "IT Security Assurance Management of Network and User Behavior Budi Rahardjo INDOCISC - ID-CERT -"

Similar presentations

© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
CS5038 The Electronic Society

CS5038 The Electronic Society
Information Security Management Chapter 12. 12-2 “We Have to Design It for Privacy and Security.” Copyright © 2014 Pearson Education, Inc. Publishing.

Information Security Management Chapter “We Have to Design It for Privacy and Security.” Copyright © 2014 Pearson Education, Inc. Publishing.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Information Security Management Chapter 12. 12-2 “We Have to Design It for Privacy and Security. ” Tension between Maggie and Ajit regarding terminology.

Information Security Management Chapter “We Have to Design It for Privacy and Security. ” Tension between Maggie and Ajit regarding terminology.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.

SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Trusting the Trust Budi Rahardjo Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009.

Trusting the Trust Budi Rahardjo Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems

Similar presentations

Ads by Google