SECURITATEA SISTEMELOR INFORMATICE ŞI DE COMUNICAŢII Bucharest, September, 21, 2004 ATHENEE PALACE HILTON, Sala Le Diplomate Quo Vadis Information Security.

Slides:



Advertisements
Similar presentations
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
Advertisements

Steps towards E-Government in Syria
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
Chapter 17 Controls and Security Measures
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Public Key Infrastructure Ammar Hasayen ….
Key Action II - Objectives Support the development and adoption of novel IST solutions for eCommerce & eWork aimed at enhancing: Support the development.
IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Strengthening the Strategic Cooperation between the EU and Western Balkan Region in the field of ICT Research Regional ICT R&D priorities, Jelena Pantelic,
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
Joseph Ferracin Director IT Security Solutions Managing Security.
Internet Security for Small & Medium Business Week 6
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
An Investigation into E-Commerce Frauds and their Security Implications By Kevin Boardman Supervisor: John Ebden 29 July 2004.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
TRUST & SECURITY ISSUES IN FP6: Towards a global dependability and security framework Aniyan VARGHESE European Commission DG Information Society - Unit.
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
Slide 1 E-commerce strategies: The basic elements of an enabling environment for e-commerce Geneva 11 July 2002 EU Perspectives on Electronic Commerce.
Cybersecurity: Think Globally, Act Locally Dr. Peter Freeman NSF Assistant Director for CISE Educause Net2003 April 30, 2003.
Peter Johnston European Commission, DG Information Society Impacts of RTD in the IST key action on “New methods of work and eCommerce” on EU policy File:PDJ.
Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,
Frederic Maduraud European Commission DG Information Society OECD Workshop on Broadband Seoul, June 2002 “Exploiting the Broadband.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
E-Health concept in Romania Sofia, 7 th of June 2005.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 ICT and E-Business Strategies For Development Geneva, October.
1 Policy Frameworks for the Knowledge-based Economy ICTs, Innovation and Human Resources Brasilia September 2002 Session 2.2. ICTs and e-business.
David A. Olive General Manager, Fujitsu Limited WITSA Public Policy Chairman WITSA Public Policy Meeting Athens, Greece May 15, 2005 Global Public Policy.
Part V Electronic Commerce Security Online Security Issues Overview Managing Risk Computer Security Classifications. Security.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Action Plan e Europe 2005: Information Society for all E. Filos Ljubljana, Slovenia 24 October 2002 E. Filos Ljubljana, Slovenia 24 October 2002.
Presentation by the Chief Negotiator Petras Auštrevičius “EU Integration and Information Society Development in Lithuania” The 4 th International Conference.
International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Infrastructure Security: The impact on Telecommunications.
Security Mindset Lesson Introduction Why is cyber security important?
Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Online Security Myths & Challenges HIGHER COLLEGES OF TECHNOLOGY Abeer Nijmeh Account Manager April 14, 2002.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Information Management System Ali Saeed Khan 29 th April, 2016.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.
8 Building Blocks of National Cyber Strategies
Opportunities in Horizon2020 in Cybersecurity call for proposals
The Strategic View of the Accession Countries
Community of Users.
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

SECURITATEA SISTEMELOR INFORMATICE ŞI DE COMUNICAŢII Bucharest, September, 21, 2004 ATHENEE PALACE HILTON, Sala Le Diplomate Quo Vadis Information Security Professor Dr. Victor-Valeriu PATRICIU Military Technical Academy Bucharest, ROMANIA

Prof.Dr.Victor PATRICIU, ROMANIA2 Cybersecuriy = Trust in Network & Information Infrastructures Information system’s vulnerabilities affect 3 levels of society activities: personal security (privacy) companies/organization security national security. Communications Security- COMSEC. Computer Security- COMPUSEC. Information Systems Security- INFOSEC. “Security” had been so closely associated with providing confidentiality to information, it was adopted the term INFORMATION ASSURANCE -the five security services: Confidentiality- protection against unauthorized disclosure Integrity -protection against unauthorized modification of information Availability - protection against denial-of-service attacks. Authenticity -Identification/authentication, of parties to an e-transaction. Non-repudiation -Parties to a transaction cannot deny their participation.

Prof.Dr.Victor PATRICIU, ROMANIA3 Network & Information Security in States Policy Agenda Several factors push information security to the top of state’s policy agenda: Internet as a key driver in the productivity of states economies. Economies and citizens are dependent on the effective working of networks. Internet reduced the costs of accessing economic information for remote attackers. Viruses - destroy information & denying access to the Net- spread across countries. Action Plan eEurope Europe should have: Modern on-line public services: e-government e-learning services e-health services. Dynamic e-business environment, and, as an enabler for these: widespread availability of broadband access at competitive prices a secure information infrastructure. European Network and Information Security Agency-ENISA will play a key role for the security of Europe's digital economy

Prof.Dr.Victor PATRICIU, ROMANIA4 Network & Information Security Key Trends Public information and education campaign. Countires should promote use of best practice in security -ISO Countires should review their CERT system - strengthening equipment and competence. Countires should actively promote the use of ‘pluggable’ strong encryption products; must be available as an alternative to embedded in operating systems. Standardisation organisations must accelerate the work on interoperable and secure products and services (CC & Accreditation Bodies) States will support the use of electronic signatures: implementation of interoperable PKI solutions & electronic signatures in online public services. Education systems should give more emphasis on courses focused on security. - body of knowledge, topics, and concepts. Universities must offer graduate and undergraduate programs in information security. Certification standards for information security professionals -professional societies currently offer certification for security professionals.

Prof.Dr.Victor PATRICIU, ROMANIA5 Network & Information Security R&D Trends Creation of an interoperable authentication system deployed widely. The typical approach used is a public-key-infrastructure (PKI) system with a smart card that contains your cyber credentials. A national/international PKI system is required that allows for strong authentication in cyberspace. Cybersecurity with effective cyber-border protection- different technologies: firewall, encrypted tunnels (VPN’s), IDS Improve the way we write software & Automated patch management system. Enhance attack identification methods. & Attack attribution. That is the capability to geo-locate & identify the source of attacks on the Internet. Resilient systems -build systems that can continue to operate even under attack. Coordinate information during a cyberattack. Eliminate malicious code in software applications & OS Secure Open Platforms (NGSCB) Configure these systems to be as secure as possible “right out of box”

Prof.Dr.Victor PATRICIU, ROMANIA6 Cyberspace is becoming less secure because of the increasing complexity of technology "Digital Pearl Harbor" is not a critical threat today; cyber-crime is a much more critical threat. Those that can improve cybersecurity (the companies that build computer hardware and write computer software) aren't motivated to do so !?! Expose computer hardware, software, and networks to liabilities. The major reason companies don't worry about the externalities of their security decisions, the effects of their insecure products and networks on others, is that there is no real liability for their actions. Liability will immediately change the cost/benefit equation for companies, because they will have to bear financial responsibility for risks borne by others as a result of their actions. Secure government networks. Fund programs to secure government networks, both internal and publicly accessible networks. Only buy secure hardware and software products. Use buying power to drive increased security. Invest in security research & education. As the market starts demanding real security, companies will need to figure out how to supply it. Research and education are critical to improving the security of computers and networks.