Mais conteúdo relacionado Semelhante a Information Security Challenges & Opportunities (20) Mais de Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master (10) Information Security Challenges & Opportunities1. 1
Information Security
Challenges and Opportunities
M. Faisal Naqvi, CISSP, CISA
MS (E-Com) Gold (PU), CMA inter (ICMA)
27001 A (IRCA, UK), 27001 Implr (IT Gov, UK)
Associate Member of Business Continuity Institute
Senior Consultant – Information Security
2. © 2008 NetSol Technologies, Inc. All rights reserved
Information Security (A-I-C)
Availability
Integrity
Confidentiality
3. © 2008 NetSol Technologies, Inc. All rights reserved
Dependence on IT
Almost every Government Department
Banks including ATM network, Stock
Exchanges & Brokers
Telecommunication & Mobile Companies
Electronic and Print Media
Software houses and Call centers
Other Private companies including MNCs
4. © 2008 NetSol Technologies, Inc. All rights reserved
Challenges to Information
Availability
ATM Network/Credit Card
Mobile Network/Mobile Card Charging Sys
Call Centers
TV Channels
Internet Service Provider
Stock Exchange Application
5. © 2008 NetSol Technologies, Inc. All rights reserved
Attacks on Availability of
Information
Denial of Service (DoS) Attacks
Distributed DoS (D-DoS) Attacks
Malicious act by disgruntled employee
Power Failure
Natural/Man-made Disasters like Fire,
Flood, Storm, Earthquake, Strike and
Terrorism
6. © 2008 NetSol Technologies, Inc. All rights reserved
Challenges to Information Integrity
Balance of Rs.9,000/- in bank is changed to
Rs.9,000,000/-
Tempering of NADRA records
Changing CSS exam results
Changing ownership of Vehicle / Land in E-Records
Tempering Share Prices of Stock
Phishing
Electronic Stalking
Salami Attacks
7. © 2008 NetSol Technologies, Inc. All rights reserved
Attacks on Information Integrity
Hacking
SQL injection
Insiders / Employees
Weak cryptographic algorithms
Buffer overflow
Malicious Code
8. © 2008 NetSol Technologies, Inc. All rights reserved
Challenges to Confidentiality of
Information
Source Code/Trade Secret Theft
Tenders Quotation Disclosure
Clients Information Stealing
Govt. Sensitive Information Leakage
Mobile Usage and Personal Information
Online Bank Account Password
ATM Pins
9. © 2008 NetSol Technologies, Inc. All rights reserved
Attacks on Confidentiality of
Information
Employees
Social Engineering
Hacking
SQL Injection
Key Loggers (software/hardware)
10. © 2008 NetSol Technologies, Inc. All rights reserved
Getting ATM cards & pins
11. © 2008 NetSol Technologies, Inc. All rights reserved
Getting ATM cards & pins (cont…)
12. © 2008 NetSol Technologies, Inc. All rights reserved
Getting ATM cards & pins (cont…)
13. © 2008 NetSol Technologies, Inc. All rights reserved
Getting ATM cards & pins (cont…)
14. © 2008 NetSol Technologies, Inc. All rights reserved
Getting ATM cards & pins (cont…)
15. © 2008 NetSol Technologies, Inc. All rights reserved
How to Overcome these challenges
Pro-active approach rather than Reactive
Preventive Controls rather than Corrective
16. © 2008 NetSol Technologies, Inc. All rights reserved
Opportunities to ensure Availability
of Information
Firewalls
Intrusion Detection Systems
Intrusion Prevention Systems
Anomaly Detection Systems
Antivirus
Business Continuity Management
Disaster Recovery Planning
17. © 2008 NetSol Technologies, Inc. All rights reserved
Opportunities to ensure Integrity of
Information
Application Security
Segregation and Rotation of Duties
Strong Cryptography
Access Control
Application Vulnerability Assessment
Application Penetration Testing
18. © 2008 NetSol Technologies, Inc. All rights reserved
Opportunities to ensure
Confidentiality of Information
Access Control
Training and Awareness
Anti spy ware
Extrusion Prevention Systems
19. © 2008 NetSol Technologies, Inc. All rights reserved
Opportunities to ensure overall
Information Security
Strength of overall Information Security is not
more than one weakest element
Need for a system which can ensure the A-I-C in
a comprehensive manner
ISO-27001 Information Security Management
System (ISMS)
ISMS 133 countermeasures to control all
possible Threats and Vulnerabilities
20. © 2008 NetSol Technologies, Inc. All rights reserved
Opportunities to ensure overall
Information Security
Periodic Audits and Assessments through
independent neutral organizations
Vulnerability Assessments
Penetration Tests through Ethical Hackers
21. © 2008 NetSol Technologies, Inc. All rights reserved
Opportunities to ensure overall
Information Security by Govt.
Electronic Transaction Ordinance (ETO), 2002
Prevention of Electronic Crime Ordinance
(PECO) 2007
National Response Centre for Cyber Crimes
(NR3C), FIA
Information & Communication Technology (ICT)
Tribunals
22. © 2008 NetSol Technologies, Inc. All rights reserved
Electronic Transaction Ordinance
36. Violation of privacy of information
Protects Confidentiality
37. Damage to information system, etc.
Protects Integrity and Availability
23. © 2008 NetSol Technologies, Inc. All rights reserved
Prevention of Electronic Crime
Ordinance (Crimes)
3. Criminal Access
4. Criminal Data Access
5. Data Damage
6. System Damage
7. Electronic Fraud
8. Electronic Forgery
9. Misuse of Electronic System or Device
10. Unauthorized access to code
24. © 2008 NetSol Technologies, Inc. All rights reserved
Prevention of Electronic Crime
Ordinance
11. Misuse of Encryption
12. Malicious Code
15. Cyber Stalking
16. Spamming
17. Spoofing
18. Unauthorized interception
19. Cyber Terrorism
20. Enhanced punishment for offences involving
electronic systems
26. © 2008 NetSol Technologies, Inc. All rights reserved
Thank
You