Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Information Security & Cybercrime status and way forward Sherif El-Kassas CTO SecureMisr

advertisement 
Information Security & Cybercrime
status and way forward
(writing on the wall)
Sherif El-Kassas
CTO SecureMisr
December 20, 2011
2011/12/20
1
Outline
• Information Security Overview
• Technology and Trust
(local perspective)
• Way forward:
– Societal directions
– R&D directions
2011/12/20
2
Cybercrime
2011/12/20
3
http://news.bbc.co.uk/2/hi/business/davos/7862549.stm
2011/12/20
4
http://blogs.zdnet.com/security/?p=2868&tag=nl.e539
2011/12/20
5
http://www.privacydigest.com/2009/03/13/cybercrime+service+takes
2011/12/20
6
Information Security News
Our Region
2011/12/20
7
http://www.itp.net/579360-egypt-and-saudi-snared-in-dangerous-botnet
2011/12/20
8
http://www.zdnet.com/
2011/12/20
9
Egyptian DA orders the arrest of “Internet Pirates”
http://www.akhbarelyom.org.eg/elakhbar/issues/18076/detailze3fad.html
2011/12/20
10
http://www.arabianbusiness.com/512710-thousands-hit-by-card-fraud
2011/12/20
11
Security Trends & News
in the region
Countries Generating Most Online
fraud
Nir Kshetri, “The Simple
Economics of Cybercrimes,” IEEE
Security & Privacy,
January/February 2006
2011/12/20
12
Elsewhere
2011/12/20
13
2011/12/20
14
http://www.almasryalyoum.com/node/481121
2011/12/20
15
2011/12/20
16
2011/12/20
http://www.wired.com/threatlevel/2010/07/atms-jackpotted/
17
2011/12/20
18
http://www.reuters.com/article/technologyNews/idUSTRE5584CA20090609
2011/12/20
19
http://news.bbc.co.uk/2/hi/technology/7990997.stm
2011/12/20
20
http://www.bbc.co.uk/news/technology-15817335
2011/12/20
21
http://www.bbc.co.uk/news/technology-15529930
2011/12/20
22
Hackers Broke Into Brazil Grid Last Thursday
http://news.slashdot.org/story/09/11/17/2245241/Hackers-Broke-Into-Brazil-Grid-Last-Thursday
2011/12/20
23
2011/12/20
http://www.itp.net/584600-new-malware-targeting-iranian-government
24
http://www.fco.gov.uk/en/global-issues/london-conferencecyberspace/cyber-crime/case-studies/cyber-attacks-cabo
2011/12/20
25
“on trusting trust”
a local perspective
2011/12/20
26
Conspiracy Theories!
2011/12/20
27
http://www.f-secure.com/weblog/archives/00002226.html
NationState
2011/12/20
Lockheed-martin
RSA secureID
28
http://news.cnet.com/8301-27080_3-20068836-245/chinalinked-to-new-breaches-tied-to-rsa/
2011/12/20
29
http://www.bbc.co.uk/news/technology-12473809
2011/12/20
30
http://www.bbc.co.uk/news/technology-13078297
2011/12/20
31
http://newsworldwide.wordpress.com/2008/05/02/microsoft-discloses-governmentbackdoor-on-windows-operating-systems/
2011/12/20
32
http://vincentarnold.com/blog/chinesebackdoors-hidden-in-router-firmware/
2011/12/20
33
www.spectrum.ieee.org/may08/6171
2011/12/20
34
2011/12/20
http://www.iwm.org.uk/online/enigma/eni-intro.htm
35
People!
2011/12/20
36
employee1
employee2
Hacker
2011/12/20
37
employee2
employee1
Hacker
2011/12/20
38
Seeking answers
2011/12/20
39
Some Perspective
2011/12/20
40
cert.org
2011/12/20
41
Security is
Socio-technical & Physical!
Security ≠ Technological Security
2011/12/20
42
Business Risks
Security Risks
Networks
Technological
Systems
Applications
Data & Information
People
2011/12/20
43
research agenda
2011/12/20
44
2011/12/20
http://www.cra.org/
45
http://www.cra.org/
2011/12/20
46
development agenda
2011/12/20
47
• The need for trustworthy technology
– One possible approach
• Build your own
• Start from OSS to save time
• Strong certification program to ensure quality
• Invest in people
– The true asset
• Standards to ensure no short cuts are taken
2011/12/20
48
Conclusions
• Information Security is a huge challenge
• Appears to be a loosing battle at the moment
• We need to education ourselves and
understand the significance of infosec
• Trustworthy technology and people at the
right place
• Invest in R&D
2011/12/20
49
Thank you
Question?
2011/12/20
50
The bot-net trade
2011/12/20
51
http://en.wikipedia.org/wiki/File:Botnet.svg
2011/12/20
52
Types of attacks
2011/12/20
53
Types of Threats & Attacks
• Technical
– Using technological means to break into an
organization's network and systems
• Physical
– Physically access and attack the enterprise
• Social
– Social engineering attacks
simple technical attacks
field experience
How easy is it?
2011/12/20
55
2011/12/20
56
2011/12/20
57
2011/12/20
58
2011/12/20
59
2011/12/20
60
2011/12/20
61
2011/12/20
62
2011/12/20
63
2011/12/20
64
name=sk
pass=Linux4ever
2011/12/20
65
More field experience
Google is a friend!
2011/12/20
66
Google for:
site:XYZ.eg
2011/12/20
inurl:code= filetype:asp
67
Programming 101: Check inputs!
2011/12/20
68
Direct from the Database!
2011/12/20
69
More field experience:
Phishing
2011/12/20
70
Email & Phishing
2011/12/20
71
Email & Phishing
2011/12/20
72
physical attacks
2011/12/20
73
http://www.answers.com/topic/keystroke-logger?cat=technology
2011/12/20
74
http://www.linuxdevices.com/articles/AT2016997232.html
2011/12/20
75
Related documents
Equal Opportunities statement
Equal Opportunities statement
2009 Powerpoint Presentation
2009 Powerpoint Presentation
BBC Question Time Debut Students at OSH enjoyed a politics
BBC Question Time Debut Students at OSH enjoyed a politics
Document10850657 10850657
Document10850657 10850657
Download
advertisement