Information and Network Security
ITU Regional Workshop on Bridging the Standardization Gap
Presentation by Philip Victor & Shahbaz Khan
Nadi, Fiji
4th – 6th July 2011
About ITU-IMPACT
ITU-IMPACT
Global Coalition
The International Multilateral Partnership Against Cyber Threats (IMPACT) is the
cybersecurity executing arm of the United Nations’ (UN) specialised agency - the
International Telecommunication Union (ITU) - bringing together
governments, academia and industry experts to enhance the global community’s
capabilities in dealing with cyber threats.
3
ITU’s Global Cybersecurity Agenda (GCA)
Framework for International Cooperation
 ITU’s Global Cybersecurity Agenda (GCA) – UN backed framework to enhance
confidence and security in the information society.
Capacity
Building
International
Cooperation
Legal Measures
Global Cybersecurity
Agenda
Technical &
Procedural
Measures
Organisational
Structure
4
Operationalising the Global Cybersecurity Agenda
5
Global Coalition
Industry
Experts
Academia
International
Bodies
Think
Tank
IMPACT’s Global Alliances
192
Partner Countries
UN
System
6
Cybersecurity Services Deployed
134 countries have joined the ITU-IMPACT coalition
7
ITU-IMPACT Milestones
2009 - 2011
1. Global Response Centre
a) Deployed cybersecurity services across 100 over countries globally
b) Incident remediation coordination by the Global Response Centre for various governments globally
c) Conducted cybersecurity assessments/workshops for 24 countries globally
2.
Centre for Training & Skills Development
a)
b)
c)
3.
Centre for Policy & International Cooperation
a)
b)
c)
4.
Trained over 200 cybersecurity professionals and practitioners in 2010
Deployed 180 scholarships to 31 partner countries globally (SANS & EC-Council)
Trained 50 law enforcement officers globally on Network Investigation
Conducted 7 high level briefings with industry partners for over 300 participants from partner
countries
ITU-IMPACT Partner Forum – participation from 7 global industry partners
IMPACT collaborated with the US Department of Defense to sponsor the international category
winners for the DC3 Forensics challenge in 2009 and 2010
Centre for Research and Security Assurance
a)
Successfully implemented IMPACT Government Security Scorecard (IGSS) for Malaysian
Administration and Modernisation Planning Unit (MAMPU), Prime Minister’s Department, Malaysia
8
Information & Network Security
Introduction - Information Security
Technology Trend
Stone
Iron
Industry
Age!
Information
The world has now moved from
NATURAL RESOURCES to INFORMATION ECONOMY
Today, information is a key asset of almost every organization and
individual!
10
Intro. - Information Security
Information Security Space
Basic Idea
CIA
11
Information Security – Key Areas
Security Scenarios (Confidentiality)
•
Once spying was person against person, country against country.
•
Today, cyber criminals sit on fiber-optic cables and our Wi-Fi
networks.
•
They steal data and information without breaking any glass.
•
Keeping data confidential is one core mission of information security
12
Information Security – Key Areas
Incorrect Information (Integrity)
•
Wrong information is worse than no information.
•
When users of information lose confidence that the information is
accurate, they’ll never rely on it.
•
Maintaining data integrity is also a core mission of information
security.
13
Information Security – Key Areas
Inaccessible Information (Availability)
•
Information security doesn’t mean locking everything down.
•
If people don’t have the information they need, they can’t do
their jobs.
•
Information security professionals must be able to balance
access to information and the risk of damage.
•
A third core mission of Information Security is making
information available when needed.
14
Information Security
How to start?
15
Things to do
16
17
18
19
Security tasks
Human Capacity
Building
Vulnerability
Assessment
Data Leakage
Protection
Penetration Testing
Proactive
Services
Web Application
Assessment
Reactive Services
20
Vulnerability Assessment
Internet
21
Vulnerability Assessment
Internet
External Scanner
Internal Scanner
22
Penetration Testing
Internet
23
Penetration Testing
Internet
External Hacker
24
Penetration Testing
Internet
Internal Attacker
25
Web Application Assessment
Attacker
(Browser)
HTTP/HTTPS
(Transport Layer)
IIS, APACHE, etc.
(Middle Tier)
MSSQL. MYSQL, etc.
(Database Tier)
Identify security vulnerabilities and exploitable elements residing
within the web applications.
26
Reactive Services
27
Proactive Services
Internet
28
Data Leakage Prevention
Internet
29
Human Capacity Building
Provide quality and current information security trainings
30
Things to do - Summary
31
Thank you
www.facebook.com/impactalliance
IMPACT
Jalan IMPACT
63000 Cyberjaya
Malaysia
T +60 (3) 8313 2020
F +60 (3) 8319 2020
E contactus@impact-alliance.org
impact-alliance.org
© Copyright 2011 IMPACT. All Rights Reserved.