SIVANATHAN SUBRAMANIAM SIVANATHAN
SUBRAMANIAM CISSP, GCFA, MSc
CISSP GCFA MSc
Manager, Global Response Centre
ITU‐T SG17 Meeting in Geneva, April 2010
Non-profit
f organisation
F
d on ““upper end
d off cyber
b th
t ”
Focused
threats”
International & multilateral in nature
Public-private
Public
private partnership
Global HQ – Cyberjaya, Malaysia
Staffed byy international team of experts
p
Industry
Experts
A d i
Academia
IInternational
t
ti
l
Bodies
Think
Tank
191
Partner
Countries
No.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Confirmed Partner Countries
Afghanistan
Andorra
Bulgaria
Burkina Faso
Cape Verde
Costa Rica
Côte d'Ivoire
Democratic Republic of Congo
Ghana
Italy
Kenya
Lao PDR
Malaysia
Mauritius
Moldova
Montenegro
Morocco
Nepal
Nigeria
Philippines
Poland
Romania
Saudi Arabia
Serbia
Seychelles
Sudan
Switzerland
Syrian Arab Republic
Tanzania
Uganda
UAE
Zambia
Gabon
Austria
Israel
Vatican
Egypt
Eugene Kaspersky – Founder and CEO of Kaspersky Lab
Dr. Hamadoun
d
Touré
é – Secretary Generall off Internationall
Telecommunications Union (ITU)
Mikko Hypponen – Chief Research Officer of F-Secure
St
Steve
Ch
Chang – Founder
F
d and
d Chairman
Ch i
off Trend
T d Micro
Mi
Ayman Hariri – Chairman of Oger Systems
John W. Thompson – Chairman of Symantec Corporation
Prof. Fred Piper – Cryptologist, Founder of the Information
Security Group at Royal Holloway,
Holloway University of London
5
 IMPACT to operationalise UN’s global
cybersecurity
b
it initiatives
i iti ti
th
through
h ITU.
ITU
 MOU with ITU in 2008 – IMPACT HQ in
C b j
Cyberjaya
will
ill be
b the
th new physical
h i l home
h
f
for
ITU’s Global Cybersecurity Agenda
(GCA)
 GCA – framework for international
cooperation aimed at enhancing confidence
and
d security
i in
i the
h information
i f
i society
i
 The GCA has fostered initiatives such as the
Child Online
O li
P t ti
Protection
(COP) and
d through
th
h
its partnership with IMPACT and with the
support of leading global players is
currently deploying cybersecurity solutions
to countries around the world.
 The Child Online Protection (COP) initiative
aims to tackle cybersecurity holistically
addressing legal, technical, organisational and
procedural issues as well as capacity building
and international cooperation.
 COP’s key objectives are:
– Identify key risks and vulnerabilities to children in
cyberspace;
– Create awareness of the risks and issues through
multiple channels;
governments
– Develop practical tools to help governments,
organizations, industry and educators minimize risk;
– Share knowledge and experience while facilitating
international strategic partnerships to define and
implement these concrete goals.
Building the largest
repository of Child
Online Protection
materials
Creating
awareness
through
partners
Promoting
capacity
p
y
building
IMPACT-ITU to
formulate
policies
International Organisations
Industry Partners
Internet / Cyber Security Org
Academia
Over 225 universities in
IMPACT’s network
.. and many more
Global Response
Centre
Training & Skills
Development
• Incident response coordination, reporting & analysis
• Network early warning system (NEWS)
• Collaborative platform for experts (ESCAPE)
• IMPACT GRC Sensor Networks (IGSN)
• International certification programs (SANS, EC-Council, (ISC)2)
• Specialised skill trainings
• Specialised seminars, workshops & conferences
Security
Assurance &
Research
• IMPACT Government Security Scorecard (IGSS)
• Computer Incident Response Team – CIRT-Lite
• Security audits, international best practices
• IMPACT Research Online Network (IRON), joint research efforts
Policy &
International
Cooperation
• Formulation of policies
• Advisory services on policy and regulatory to partner countries
• Cooperation
C
ti & collaborations
ll b ti
• Child Online Protection (COP)
ESCAPE Features
Additional
Features
ea u es
More
Features
ea u es
Member
g
Profiling
Multiple
Language s
Rating
Event
Management
ESCAPE
–
Industry
Calendars
Group
Management
Tags
IRON Academia
C
Chat
Enhanced
Security
ESCAPE Countries
Polls
Collaboration
Forums
Site
statistics
Document
Upload
Multimedia
support
Bl
Blogs
Cluster
Maps
Search
NEWS Features
IMPACT GRC Sensor Networks
IMPACT CIRT-Lite Architecture
CIRT-Lite Database
IMPACT IGSS Architecture
Define
REGULATIONS
FRAMEWORKS
Control
STANDARDS
CORPORATE POLICIES
Govern
IT CONTROL CHECKS
MEASURE
REPORT
COSO
Internal policies
Operating
p
g Systems
y
HIPAA
COBIT
PCI-DSS
Databases
GLBA
ISO17799
CIS
Applications
FISMA
NIST
NIST
Directories
NSA
People
SOX
Basel ll
Determine risk and develop
appropriate policies
Monitor compliance and
remediate problems
RECORD
Demonstrate due care
and optimize controls
IMPACT Government Security Scorecard (IGSS) System
Some Key
y Activities by
y Division
Global Response Centre
Afghanistan
Mission
Incident
Response
Coordination
for Partner
Countries
Dissemination
IMPACT GRC
of Threat
Sensor
Information to
Networks pilot
Partner
projects
Countries
Honeynet
Project
Workshop
ISO/IEC
27037 (Coeditor)
Some Key
y Activities by
y Division ((cont…))
Training & Skills Development
IMPACT
Network
Investigation
for Law
Enforcement
Training
IMPACTSANS
Trainings
IMPACT
Developed
Network
IMPACT
Cybersecurity
Forensics & SecurityCore
Training
Investigations
Trainings
Roadmap
Training
Some Key
y Activities by
y Division ((cont…))
Security Assurance & Research
IGSS Pilot
Project for
Malaysian
Government
MoU Signing
with
Universities &
Colleges
ISO/IEC
27001
Certification
(ISMS)
PacCERT
Establishment
Project
CIRT-Lite
Deployment
Some Key
y Activities by
y Division ((cont…))
Policy & International Cooperation
IMPACTIndustry
Partner
Media
Roundtable
IMPACTIMPACT
Microsoft
Critical
Information
Infrastructure
Protection
Seminar
IMPACTK
Kaspersky
k
Seminar on
Formulating
Effective
Global
CounterPhishing
Efforts
IMPACT
IMPACTTrend Micro
Seminar –
IMPACT
The Botnet
Quarterly
Storm:
Report to ITU
Challenges &
Global
C
Cooperation
ti
IMPACT
Jalan IMPACT,
63000 Cyberjaya
Malaysia.
Tel: +60 (3) 8313 2020
Fax: +60 (3) 8319 2020
Email: contactus@impact-alliance.org
22