Presentation on theme: "ITU Regional Workshop on Bridging the Standardization Gap Information and Network Security Presentation by Philip Victor & Shahbaz Khan Nadi, Fiji 4 th."— Presentation transcript:
ITU Regional Workshop on Bridging the Standardization Gap Information and Network Security Presentation by Philip Victor & Shahbaz Khan Nadi, Fiji 4 th – 6 th July 2011
3 Global Coalition ITU-IMPACT The International Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurity executing arm of the United Nations (UN) specialised agency - the International Telecommunication Union (ITU) - bringing together governments, academia and industry experts to enhance the global communitys capabilities in dealing with cyber threats.
4 Framework for International Cooperation ITUs Global Cybersecurity Agenda (GCA) ITUs Global Cybersecurity Agenda (GCA) – UN backed framework to enhance confidence and security in the information society. Global Cybersecurity Agenda
5 Operationalising the Global Cybersecurity Agenda
6 Global Coalition Industry Experts Academia International Bodies 192 Partner Countries Think Tank IMPACTs Global Alliances UNSystem
7 134 countries have joined the ITU-IMPACT coalition Cybersecurity Services Deployed
ITU-IMPACT Milestones 1.Global Response Centre a)Deployed cybersecurity services across 100 over countries globally b)Incident remediation coordination by the Global Response Centre for various governments globally c)Conducted cybersecurity assessments/workshops for 24 countries globally 2.Centre for Training & Skills Development a)Trained over 200 cybersecurity professionals and practitioners in 2010 b)Deployed 180 scholarships to 31 partner countries globally (SANS & EC-Council) c)Trained 50 law enforcement officers globally on Network Investigation 3.Centre for Policy & International Cooperation a)Conducted 7 high level briefings with industry partners for over 300 participants from partner countries b)ITU-IMPACT Partner Forum – participation from 7 global industry partners c)IMPACT collaborated with the US Department of Defense to sponsor the international category winners for the DC3 Forensics challenge in 2009 and Centre for Research and Security Assurance a)Successfully implemented IMPACT Government Security Scorecard (IGSS) for Malaysian Administration and Modernisation Planning Unit (MAMPU), Prime Ministers Department, Malaysia
Information & Network Security
10 Technology Trend Introduction - Information Security StoneIron IndustryInformation Age! The world has now moved from NATURAL RESOURCES to INFORMATION ECONOMY Today, information is a key asset of almost every organization and individual!
11 Information Security Space Intro. - Information Security Basic IdeaCIA
12 Security Scenarios (Confidentiality) Information Security – Key Areas Once spying was person against person, country against country. Today, cyber criminals sit on fiber-optic cables and our Wi-Fi networks. They steal data and information without breaking any glass. Keeping data confidential is one core mission of information security
13 Incorrect Information (Integrity) Information Security – Key Areas Wrong information is worse than no information. When users of information lose confidence that the information is accurate, theyll never rely on it. Maintaining data integrity is also a core mission of information security.
14 Inaccessible Information (Availability) Information Security – Key Areas Information security doesnt mean locking everything down. If people dont have the information they need, they cant do their jobs. Information security professionals must be able to balance access to information and the risk of damage. A third core mission of Information Security is making information available when needed.
15 How to start? Information Security
16 Things to do
20 Security tasks Vulnerability Assessment Penetration Testing Web Application Assessment Reactive Services Proactive Services Data Leakage Protection Human Capacity Building
21 Vulnerability Assessment Internet
22 Vulnerability Assessment Internet External Scanner Internal Scanner
23 Penetration Testing Internet
24 Penetration Testing Internet External Hacker
25 Penetration Testing Internet Internal Attacker
26 Web Application Assessment Attacker (Browser) HTTP/HTTPS (Transport Layer) IIS, APACHE, etc. (Middle Tier) MSSQL. MYSQL, etc. (Database Tier) Identify security vulnerabilities and exploitable elements residing within the web applications.
27 Reactive Services
28 Proactive Services Internet
29 Data Leakage Prevention Internet
30 Human Capacity Building Provide quality and current information security trainings