Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session 4.2 Creation of national ICT security infrastructure for developing countries Industry-wide approach: Raising awareness for ICT security infrastructure.

Published byPeter Evans Modified over 8 years ago

Similar presentations

Presentation on theme: "Session 4.2 Creation of national ICT security infrastructure for developing countries Industry-wide approach: Raising awareness for ICT security infrastructure."— Presentation transcript:

1

2 Session 4.2 Creation of national ICT security infrastructure for developing countries Industry-wide approach: Raising awareness for ICT security infrastructure Miho Naganuma Little eArth Corporation Rapporteur Q3/17 Information Security Operators Group Japan (ISOG-J) 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

3 Issues in Cybersecurity Together with rapid growth of economies, multi- rateral business relations are expanding and connected. Meanwhile, it also raises issues for the necessity of secure network infrastructures with sophisticated cybersecurity services. 3 Geneva, 6-7 December 2010Addressing security challenges on a global scale We are facing an urgent crisis in a continuing effort to raise awareness of cybersecurity  incident response planning against DDoS attacks, targeted attacks including Advanced Persistent Threat (APT) attacks with practice-based information  fast development of technologies for countermeasures

4 Issues in Cybersecurity (cont.) Key issue : Information exchange  Cybersecurity information exchange and technical collaboration  Wide range of collaboration – International, regional, national level and industry level 4 Geneva, 6-7 December 2010Addressing security challenges on a global scale Developing international recommendation/ standards in Cybersecurity and information exchange industry-wide/unique collaboration by Managed Security Service Providers

5 Information Security Operators Group Japan 5 Geneva, 6-7 December 2010Addressing security challenges on a global scale 1. Support for industry a.Providing guideline for service users b.Research for related legal, regulatory requirements 2 . Communications a.Technical exchange and update b.workshop and seminar Building trust in the community and enhance active collaboration http://www.jnsa.org/isog-j/e/

6 Organisation 6 Geneva, 6-7 December 2010Addressing security challenges on a global scale Active involvement of related parties Government support New WG: Security Operation Information sharing and collaboration

7 Members organisations

8 Security Operation information sharing and collaboration WG Seeking “effective” information sharing and collaboration by  Providing information and analysis methodologies  Review actions with management view  Support actions with research view  Involving SOC Operators/Analyst, specialist for process management etc. Information transmission enjoying the nature of neutrality Consideration on the requirements for cybersecurity operation collaboration  Obstacles toward the collaboration  Criteria of collaborating operations / sharing information  Actions to conquer the obstacles 8 Geneva, 6-7 December 2010Addressing security challenges on a global scale

9 Obstacles for information sharing Differences between free-of-charge information and charged one Differences between contracted users and non- contracted ones Disadvantageous to offer information first? Difficulties to provide information even if the information is wanted Difficulties to acquire information due to separation of operational unit 9 Geneva, 6-7 December 2010Addressing security challenges on a global scale

10 Case 1 Failed to re-utilise the collected information  Failed to find the reason to share the information  Lack of sense of purpose to continue the sharing  Trap of money as a purpose  the information sharing will be terminated when the monetary relationship terminated Failed to invoke any meaningful actions after gaining some information from the logs of the other companies  Value of Information possess 10 Geneva, 6-7 December 2010Addressing security challenges on a global scale

11 Case 2 Collaboration based on personal relationship disappears when the person moves to the other place  The information sharing is difficult if the boss/supervisor is not supportive to the activities  It is difficult to advance the collaboration actively if we cannot get any useful feedback for our customers  When the person in charge move to different department, the hand-over procedure is not good enough  If sharing information itself becomes the objective, the motivation of the operators at field will drop 11 Geneva, 6-7 December 2010Addressing security challenges on a global scale

12 Other obstacles Different view of Technologies, and operations among organizations  best to start from information sharing  collaboration will be next step Internal relations vs External relations Reluctant feeling to share information in Security-industry Question what kind of information we want to share Support from management level and department heads.  How does the information sharing and collaboration lead to the profit of the company?  Merit for each organization need to be considered 12 Geneva, 6-7 December 2010Addressing security challenges on a global scale

13 Advantage of information sharing in ISOG-J Members can  issue incident information with the name of ISOG-J  use both individual company name and ISOG-J name when disclosing information depending on the situation  share the practices of certain incidents among members  share some trend information or some notes on that instead of cybersecurity information itself By disclosing information periodically from ISOG-J such information becomes a reference source From the viewpoint of education, it is beneficial to analyze detection information over certain network collaboratively is a good first step 13 Geneva, 6-7 December 2010Addressing security challenges on a global scale

14 Candidate solutions 1.Issuing threat analysis document for management figures  Information on what kind of threats against IT system we have, and what kind of business continuity risk they pose 2.Starting with sharing statistical information on logs of IDS/IPS, NW appliances, servers etc.  Objective of sharing information and collaboration  Policy of the data handling  Manipulate the log so that sensitive information can be hidden (such as user name)  Log information sharing scheme  Standard log format  With considering how we can take best advantage of the log data of each company 14 Geneva, 6-7 December 2010Addressing security challenges on a global scale

15 Candidate solutions 3.Quantative information of incidents that are detected  Gather incident information collected by SOCs  Member organisations get access to the information 4.Sharing Meta information instead of raw data  Sensitive information including threads information that is difficult to be disclosed can be shared  General information can be shared to customers 15 Geneva, 6-7 December 2010Addressing security challenges on a global scale

16 Highlights for raising awareness Industry–wide approach  Involving related parties for ICT infrastructure security (Gov, Gov. agencies, CIRT, ISP, MSSP, Security Vendors etc.)  “Neutral” organisation/association Communication in industries  Encourage bottom-up approach  Analyse obstacles and make feasible scenarios and candidate solutions  Communication as education 16 Geneva, 6-7 December 2010Addressing security challenges on a global scale

17 Contact: miho.naganuma@lac.co.jp 17 Addressing security challenges on a global scaleGeneva, 6-7 December 2010 Thank you www.jnsa.org/isog-j/en

Download ppt "Session 4.2 Creation of national ICT security infrastructure for developing countries Industry-wide approach: Raising awareness for ICT security infrastructure."

Similar presentations

The IT Staff of the Future: The Importance of IT Business Alignment for Staff Development Katherine Spencer Lee Executive Director Robert Half Technology.

The IT Staff of the Future: The Importance of IT Business Alignment for Staff Development Katherine Spencer Lee Executive Director Robert Half Technology.
Eastern Africa Sub-Regional Meeting on Climate Change Kigali,31 August-3 September 2009.

Eastern Africa Sub-Regional Meeting on Climate Change Kigali,31 August-3 September 2009.
STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION
International Telecommunication Union ITU-D Overview.

International Telecommunication Union ITU-D Overview.
Committed to Connecting the World International Telecommunication Union ITU-D Overview.

Committed to Connecting the World International Telecommunication Union ITU-D Overview.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.

Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.
Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Principles of Marketing Lecture-40. Summary of Lecture-39.

Principles of Marketing Lecture-40. Summary of Lecture-39.
EACO, WORKING GROUP 10 E-WASTE WORKSHOP REPORT

EACO, WORKING GROUP 10 E-WASTE WORKSHOP REPORT
Collaborating with competitors. INTRODUCTION Alliance among competitors have risk One study estimate that U.S. company lost $50 billion a year in 1995.

Collaborating with competitors. INTRODUCTION Alliance among competitors have risk One study estimate that U.S. company lost $50 billion a year in 1995.
MIS 524, Assignment 41 Is Outsourcing IT Like Giving the Store Away?

MIS 524, Assignment 41 Is Outsourcing IT Like Giving the Store Away?
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
Geneva, Switzerland, 15-16 September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
Joel Maloff Phone.com February, 2012.

Joel Maloff Phone.com February, 2012.
 The framework of task-and-authority relationships in a company that coordinates and motivates employees to work together toward a common goal.

 The framework of task-and-authority relationships in a company that coordinates and motivates employees to work together toward a common goal.
The big Data security Analytics Era Is Here Reporter : Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU

The big Data security Analytics Era Is Here Reporter : Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU

Similar presentations

Ads by Google