Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITU Regional Workshop on Bridging the Standardization Gap Information and Network Security Presentation by Philip Victor & Shahbaz Khan Nadi, Fiji 4 th.

Similar presentations


Presentation on theme: "ITU Regional Workshop on Bridging the Standardization Gap Information and Network Security Presentation by Philip Victor & Shahbaz Khan Nadi, Fiji 4 th."— Presentation transcript:

1 ITU Regional Workshop on Bridging the Standardization Gap Information and Network Security Presentation by Philip Victor & Shahbaz Khan Nadi, Fiji 4 th – 6 th July 2011

2 About ITU-IMPACT

3 3 Global Coalition ITU-IMPACT The International Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurity executing arm of the United Nations (UN) specialised agency - the International Telecommunication Union (ITU) - bringing together governments, academia and industry experts to enhance the global communitys capabilities in dealing with cyber threats.

4 4 Framework for International Cooperation ITUs Global Cybersecurity Agenda (GCA) ITUs Global Cybersecurity Agenda (GCA) – UN backed framework to enhance confidence and security in the information society. Global Cybersecurity Agenda

5 5 Operationalising the Global Cybersecurity Agenda

6 6 Global Coalition Industry Experts Academia International Bodies 192 Partner Countries Think Tank IMPACTs Global Alliances UNSystem

7 7 134 countries have joined the ITU-IMPACT coalition Cybersecurity Services Deployed

8 ITU-IMPACT Milestones 1.Global Response Centre a)Deployed cybersecurity services across 100 over countries globally b)Incident remediation coordination by the Global Response Centre for various governments globally c)Conducted cybersecurity assessments/workshops for 24 countries globally 2.Centre for Training & Skills Development a)Trained over 200 cybersecurity professionals and practitioners in 2010 b)Deployed 180 scholarships to 31 partner countries globally (SANS & EC-Council) c)Trained 50 law enforcement officers globally on Network Investigation 3.Centre for Policy & International Cooperation a)Conducted 7 high level briefings with industry partners for over 300 participants from partner countries b)ITU-IMPACT Partner Forum – participation from 7 global industry partners c)IMPACT collaborated with the US Department of Defense to sponsor the international category winners for the DC3 Forensics challenge in 2009 and Centre for Research and Security Assurance a)Successfully implemented IMPACT Government Security Scorecard (IGSS) for Malaysian Administration and Modernisation Planning Unit (MAMPU), Prime Ministers Department, Malaysia

9 Information & Network Security

10 10 Technology Trend Introduction - Information Security StoneIron IndustryInformation Age! The world has now moved from NATURAL RESOURCES to INFORMATION ECONOMY Today, information is a key asset of almost every organization and individual!

11 11 Information Security Space Intro. - Information Security Basic IdeaCIA

12 12 Security Scenarios (Confidentiality) Information Security – Key Areas Once spying was person against person, country against country. Today, cyber criminals sit on fiber-optic cables and our Wi-Fi networks. They steal data and information without breaking any glass. Keeping data confidential is one core mission of information security

13 13 Incorrect Information (Integrity) Information Security – Key Areas Wrong information is worse than no information. When users of information lose confidence that the information is accurate, theyll never rely on it. Maintaining data integrity is also a core mission of information security.

14 14 Inaccessible Information (Availability) Information Security – Key Areas Information security doesnt mean locking everything down. If people dont have the information they need, they cant do their jobs. Information security professionals must be able to balance access to information and the risk of damage. A third core mission of Information Security is making information available when needed.

15 15 How to start? Information Security

16 16 Things to do

17 17

18 18

19 19

20 20 Security tasks Vulnerability Assessment Penetration Testing Web Application Assessment Reactive Services Proactive Services Data Leakage Protection Human Capacity Building

21 21 Vulnerability Assessment Internet

22 22 Vulnerability Assessment Internet External Scanner Internal Scanner

23 23 Penetration Testing Internet

24 24 Penetration Testing Internet External Hacker

25 25 Penetration Testing Internet Internal Attacker

26 26 Web Application Assessment Attacker (Browser) HTTP/HTTPS (Transport Layer) IIS, APACHE, etc. (Middle Tier) MSSQL. MYSQL, etc. (Database Tier) Identify security vulnerabilities and exploitable elements residing within the web applications.

27 27 Reactive Services

28 28 Proactive Services Internet

29 29 Data Leakage Prevention Internet

30 30 Human Capacity Building Provide quality and current information security trainings

31 31 Things to do - Summary

32 IMPACT Jalan IMPACT Cyberjaya Malaysia T +60 (3) F +60 (3) E impact-alliance.org © Copyright 2011 IMPACT. All Rights Reserved. Thank you


Download ppt "ITU Regional Workshop on Bridging the Standardization Gap Information and Network Security Presentation by Philip Victor & Shahbaz Khan Nadi, Fiji 4 th."

Similar presentations


Ads by Google