SlideShare uma empresa Scribd logo

CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses

S.E. CTS CERT-GOV-MD
S.E. CTS CERT-GOV-MD

Denis Sapovalov Information Security Manager, S.E. CTS

Tecnologia
1 de 14
Baixar para ler offline
CYBER SECURITY IN GOVERNMENT: COOPERATIVE TRUST BUILDING MEASURES Center for Special Telecommunications S.E. Cyber Security Center CERT-GOV-MD CHISINĂU, OCTOBER 3rd 2013 DENIS SAPOVALOV
WHO WE ARE?  Cyber Security Center CERT-GOV-MD Governmental Computer Emergency Response Team Republic of Moldova.  The CERT-GOV-MD was created by the Government Decision nr. 746 of 18.08.2010 and primarily deal with incidents that happen in informational and telecommunication system of public administration authorities (AS25319 and AS39279).
OUR MISSION  Provide a single point of contact:   info@cert.gov.md  Assist the constituency and citizens in preventing and handling computer security incidents  Coordinate response to large-scale incidents  Share data and knowledge
HOW CERT WORKS? www.md
QUESTIONNAIRE: AWARENESS 0 5 10 15 20 25 30 35 40 45 Yes No Don't know Credeți că organizația dumneavoastră poate fi ținta unui atac cibernetic în următoarele 6 luni? (%)
QUESTIONNAIRE: WHO TO CALL? Always 60% Frequent 30% Rare 10% În cazul în care organizația dumneavoastră ar fi ținta unui atac cibernetic, cât de probabil este să solicitați suportul CERT-GOV-MD? (%) Always Frequent Rare
CHALLENGES  Lack of national cyber security strategy and legal framework in cyber crime;  No legal enforcement of reporting to coordination contact point exists;  Lack of systematic approach at national level;  Lack of mandatory cyber security baseline system (ISMS) and institutionalized procedures addressing risk management methodology in public authorities;  Weak (none) awareness on cyber security importance, risks, protection methods, risk minimization etc. of the entire variety of target segments in the society.
ATTACKS  Brute Force Attack (Using Password List)  Website Defacement  DDoS Attacks  Phishing  Targeted Email Attack
SOLUTIONS  Alerts & Warnings (Security Advisories)  Guides & Best Practices  Incident Handling  Major Incidents  Monitoring  Network  Email Protection  IPS/IDS – eServices Protection  Risk Mitigation TOP 3 Attack type on eServices: Exploits: MS-SQL: Slammer-Sapphire Worm (25) SipVicious Brute Force SIP Tool (1569) HTTP: Acunetix Security Scanner (220) Reconnaissance : FPSE: author.dll/exe Access (4) IP: Short Time To Live (15443) TCP: Port Scan (90678) Vulnerabilities: HTTP: IIS Extended Unicode Directory Traversal (86) iSCSI: Linux Kernel iSCSI Buffer Overflow Vulnerability (48) DNS: Suspicious Localhost PTR Record Response (132)
CHANGES FOR YOU!
LOCAL & INTERNATIONAL COOPERATION  Cooperation with NATO  Cooperation with other CERTS  Cooperation with security companies  CERT-GOV-MD Listed in Trusted Introducer Database in 2013  CTS became LIR in 2013  Cooperation with Law Enforcement Agencies  Cooperation with SIS  Cooperation with MTIC  Cooperation with ISPs
REPORTING INCIDENTS MATTERS!  You may not be the one affected  Other’s solution may work for you as well  Your solution may work for others  CERT-GOV-MD acts as focal point  Make it possible!
THANK YOU! Questions?

Recomendados

2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity Predictions
PaloAltoNetworks
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Cristian Garcia G.
 
Threats of Public Wi-Fi
Threats of Public Wi-Fi Threats of Public Wi-Fi
Threats of Public Wi-Fi
The TNS Group
 
Tackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & SolutionsTackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & Solutions
CYBERWISER .eu
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security Checklist
Mobeen Khan
 
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
Ivanti
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
Supply Chain Coalition
 

Recomendados

2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity Predictions
PaloAltoNetworks
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Cristian Garcia G.
 
Threats of Public Wi-Fi
Threats of Public Wi-Fi Threats of Public Wi-Fi
Threats of Public Wi-Fi
The TNS Group
 
Tackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & SolutionsTackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & Solutions
CYBERWISER .eu
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security Checklist
Mobeen Khan
 
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
Ivanti
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
Supply Chain Coalition
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
Benoit Callebaut
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Gareth Davies
 
Protecting Against Web Threats
Protecting Against Web ThreatsProtecting Against Web Threats
Protecting Against Web Threats
Kim Jensen
 
A10 presentation overcoming the industrys insecurity complex
A10 presentation overcoming the industrys insecurity complexA10 presentation overcoming the industrys insecurity complex
A10 presentation overcoming the industrys insecurity complex
Dr. Wilfred Lin (Ph.D.)
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4
Carol Montgomery Adams
 
Navigating Cybersecurity
Navigating CybersecurityNavigating Cybersecurity
Navigating Cybersecurity
Segun Ebenezer Olaniyan
 
Cyber security
Cyber securityCyber security
Cyber security
abithajayavel
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
Stephen Lahanas
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
Joey Hernandez
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking Sector
Samvel Gevorgyan
 
5 Top Cyber Threats That Will Ruin Your Business
5 Top Cyber Threats That Will Ruin Your Business5 Top Cyber Threats That Will Ruin Your Business
5 Top Cyber Threats That Will Ruin Your Business
IndusfacePvtLtd
 
Padang IT Security Forum
Padang IT Security ForumPadang IT Security Forum
Padang IT Security Forum
Muhammad Riza Nurtam
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
Netpluz Asia Pte Ltd
 
cyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World Sessioncyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World Session
YasserElsnbary
 
Security tools
Security toolsSecurity tools
Security tools
arfan shahzad
 
Educate Your Users Not To Take The Bait: Introduction To Phishing As A Service
Educate Your Users Not To Take The Bait: Introduction To Phishing As A ServiceEducate Your Users Not To Take The Bait: Introduction To Phishing As A Service
Educate Your Users Not To Take The Bait: Introduction To Phishing As A Service
SecureData Europe
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber Security
Dimitris Chalambalis
 
Knowbe4 presentation
Knowbe4 presentationKnowbe4 presentation
Knowbe4 presentation
Md Mofijul Haque
 
Security is Hard
Security is HardSecurity is Hard
Security is Hard
Mike Murray
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention
Seqrite
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
AbhilashYadav14
 

Mais conteúdo relacionado

Mais procurados

Security is Hard
Security is HardSecurity is Hard
Security is Hard
Mike Murray
 

Mais procurados (20)

The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Protecting Against Web Threats
Protecting Against Web ThreatsProtecting Against Web Threats
Protecting Against Web Threats
 
A10 presentation overcoming the industrys insecurity complex
A10 presentation overcoming the industrys insecurity complexA10 presentation overcoming the industrys insecurity complex
A10 presentation overcoming the industrys insecurity complex
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4
 
Navigating Cybersecurity
Navigating CybersecurityNavigating Cybersecurity
Navigating Cybersecurity
 
Cyber security
Cyber securityCyber security
Cyber security
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking Sector
 
5 Top Cyber Threats That Will Ruin Your Business
5 Top Cyber Threats That Will Ruin Your Business5 Top Cyber Threats That Will Ruin Your Business
5 Top Cyber Threats That Will Ruin Your Business
 
Padang IT Security Forum
Padang IT Security ForumPadang IT Security Forum
Padang IT Security Forum
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
 
cyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World Sessioncyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World Session
 
Security tools
Security toolsSecurity tools
Security tools
 
Educate Your Users Not To Take The Bait: Introduction To Phishing As A Service
Educate Your Users Not To Take The Bait: Introduction To Phishing As A ServiceEducate Your Users Not To Take The Bait: Introduction To Phishing As A Service
Educate Your Users Not To Take The Bait: Introduction To Phishing As A Service
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber Security
 
Knowbe4 presentation
Knowbe4 presentationKnowbe4 presentation
Knowbe4 presentation
 
Security is Hard
Security is HardSecurity is Hard
Security is Hard
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention
 

Semelhante a CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses

NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS
 
DSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital worldDSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital world
Andris Soroka
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention Systems
Alison Hall
 
cyber security guidelines.pdf
cyber security guidelines.pdfcyber security guidelines.pdf
cyber security guidelines.pdf
VarinSingh1
 

Semelhante a CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses (20)

NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
 
Cyber security
Cyber securityCyber security
Cyber security
 
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
 
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
 
CYBER SECURITY final ppt-1.pptx
CYBER SECURITY final ppt-1.pptxCYBER SECURITY final ppt-1.pptx
CYBER SECURITY final ppt-1.pptx
 
How to avoid cyber security attacks in 2024 - CyberHive.pdf
How to avoid cyber security attacks in 2024 - CyberHive.pdfHow to avoid cyber security attacks in 2024 - CyberHive.pdf
How to avoid cyber security attacks in 2024 - CyberHive.pdf
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industry
 
SAHITHI.PPT.pptx
SAHITHI.PPT.pptxSAHITHI.PPT.pptx
SAHITHI.PPT.pptx
 
Insights Into Modern Day Threat Protection
Insights Into Modern Day Threat ProtectionInsights Into Modern Day Threat Protection
Insights Into Modern Day Threat Protection
 
DSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital worldDSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital world
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention Systems
 
Top Cybersecurity Threats For 2023 And How To Protect Your Organization With ...
Top Cybersecurity Threats For 2023 And How To Protect Your Organization With ...Top Cybersecurity Threats For 2023 And How To Protect Your Organization With ...
Top Cybersecurity Threats For 2023 And How To Protect Your Organization With ...
 
cyber security guidelines.pdf
cyber security guidelines.pdfcyber security guidelines.pdf
cyber security guidelines.pdf
 
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
Basics of IT security
Basics of IT securityBasics of IT security
Basics of IT security
 

Mais de S.E. CTS CERT-GOV-MD

Mais de S.E. CTS CERT-GOV-MD (18)

System of security controls
System of security controlsSystem of security controls
System of security controls
 
Symantec (2)
Symantec (2)Symantec (2)
Symantec (2)
 
Symantec (3)
Symantec (3)Symantec (3)
Symantec (3)
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legii
 
SIS PREZENTARE CTS
SIS PREZENTARE CTSSIS PREZENTARE CTS
SIS PREZENTARE CTS
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of view
 
Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)
 
CLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesCLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or Opportunities
 
Operarea md cert în reţea naţională de
Operarea md cert în reţea naţională deOperarea md cert în reţea naţională de
Operarea md cert în reţea naţională de
 
Moldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrMoldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rr
 
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIGESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
 
Киберпреступность отступает?
Киберпреступность отступает?Киберпреступность отступает?
Киберпреступность отступает?
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Cisco Secure X
Cisco Secure XCisco Secure X
Cisco Secure X
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesAare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
 
Symantec
SymantecSymantec
Symantec
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses

  • 1.
  • 2. CYBER SECURITY IN GOVERNMENT: COOPERATIVE TRUST BUILDING MEASURES Center for Special Telecommunications S.E. Cyber Security Center CERT-GOV-MD CHISINĂU, OCTOBER 3rd 2013 DENIS SAPOVALOV
  • 3. WHO WE ARE?  Cyber Security Center CERT-GOV-MD Governmental Computer Emergency Response Team Republic of Moldova.  The CERT-GOV-MD was created by the Government Decision nr. 746 of 18.08.2010 and primarily deal with incidents that happen in informational and telecommunication system of public administration authorities (AS25319 and AS39279).
  • 4. OUR MISSION  Provide a single point of contact:   info@cert.gov.md  Assist the constituency and citizens in preventing and handling computer security incidents  Coordinate response to large-scale incidents  Share data and knowledge
  • 6. QUESTIONNAIRE: AWARENESS 0 5 10 15 20 25 30 35 40 45 Yes No Don't know Credeți că organizația dumneavoastră poate fi ținta unui atac cibernetic în următoarele 6 luni? (%)
  • 7. QUESTIONNAIRE: WHO TO CALL? Always 60% Frequent 30% Rare 10% În cazul în care organizația dumneavoastră ar fi ținta unui atac cibernetic, cât de probabil este să solicitați suportul CERT-GOV-MD? (%) Always Frequent Rare
  • 8. CHALLENGES  Lack of national cyber security strategy and legal framework in cyber crime;  No legal enforcement of reporting to coordination contact point exists;  Lack of systematic approach at national level;  Lack of mandatory cyber security baseline system (ISMS) and institutionalized procedures addressing risk management methodology in public authorities;  Weak (none) awareness on cyber security importance, risks, protection methods, risk minimization etc. of the entire variety of target segments in the society.
  • 9. ATTACKS  Brute Force Attack (Using Password List)  Website Defacement  DDoS Attacks  Phishing  Targeted Email Attack
  • 10. SOLUTIONS  Alerts & Warnings (Security Advisories)  Guides & Best Practices  Incident Handling  Major Incidents  Monitoring  Network  Email Protection  IPS/IDS – eServices Protection  Risk Mitigation TOP 3 Attack type on eServices: Exploits: MS-SQL: Slammer-Sapphire Worm (25) SipVicious Brute Force SIP Tool (1569) HTTP: Acunetix Security Scanner (220) Reconnaissance : FPSE: author.dll/exe Access (4) IP: Short Time To Live (15443) TCP: Port Scan (90678) Vulnerabilities: HTTP: IIS Extended Unicode Directory Traversal (86) iSCSI: Linux Kernel iSCSI Buffer Overflow Vulnerability (48) DNS: Suspicious Localhost PTR Record Response (132)
  • 12. LOCAL & INTERNATIONAL COOPERATION  Cooperation with NATO  Cooperation with other CERTS  Cooperation with security companies  CERT-GOV-MD Listed in Trusted Introducer Database in 2013  CTS became LIR in 2013  Cooperation with Law Enforcement Agencies  Cooperation with SIS  Cooperation with MTIC  Cooperation with ISPs
  • 13. REPORTING INCIDENTS MATTERS!  You may not be the one affected  Other’s solution may work for you as well  Your solution may work for others  CERT-GOV-MD acts as focal point  Make it possible!