SlideShare uma empresa Scribd logo

1 - HKT Reporting.pdf

E
eLearning Consortium 電子學習聯盟

7 July 2021 - Cybersecurity & Safeguards in Schools IV

Educação
1 de 22
Baixar para ler offline
學校網絡安全漏洞的評估分享, 管理挑戰及趨勢
Cyber Security and the Trend for Security Management in School Sector Agenda 1. Introduction 2. Assessment Result Sharing and Insight 3. Challenges in Security Management 4. Trends in Security Management 5. Q &A
Introduction School IT Security Risk Assessment
HKT Web Vulnerability Assessment Service Assessment lifecycle Vulnerability Analysis Manual Review Report and Recommendations Information Gathering Scheduled Scanning Week 1 Automated Scanning Week 2-3 Manual Review Week 4 Report & Debriefing Estimated Lead Time
HKT Web Vulnerability Assessment Service Vulnerability Assessment Service is performed by a group of security certified engineers
Web Services Scanning Host Discovery: 59 ; Web Services: 15 (Around 25% has Web Page Services) Average Risk Score is 54 4 schools Risk Score over average value (around 66% School’s Risk Score is above average Domain Vulnerability Result: 31% risk is in High Risk or above. Application Vulnerability Result: 33% risk is in High Risk Level. There are 283 high risk find in total 849 vulnerability records. 25% 66% 32% HKT’s Web Vulnerability Assessment Summary Duration: Mar,2020 to Dec,2020 Participates: 6 Schools Application Vulnerability Scanning result
Ongoing Support Result Highlights 33% of Vulnerabilities are in Critical / High Categories Low 11% Medium 58% High 27% Critical 5% Low Medium High Critical Domain Host Vulnerability Scanning Distribution 0 20 40 60 80 School 1 School 2 School 3 School 4 School 5 School 6 60 45 78 65 55 20 Risk Score Risk Score Average Score Highest Score Lowest Score 54 78 20
Ongoing Support Top Security Impact Vulnerabilities Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - SSL/TLS version - OS version - PHP version - Apache version …etc 26% 40% 86% Among the ~15 systems scanned, we find Percentage get the below Vulnerability…… 6.9% of total attacks belongs to this category. 32% of total attacks belongs to this category. 4.7% of total attacks belongs to this category.
Ongoing Support Security Risk Impact Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities - Data Leakage / Loss - Content Defacement - Malicious code injection - Malware / Ransomware Infection - Black Listing ➔ Affect SCHOOL OPERATON / REPUTATION The vulnerability may impact your system, result in
10+ years ago Challenges in Security Management IT Support
Nowadays IT Support More User Touch Point More System More Data (More Security Risk) Challenges in Security Management
Ongoing Support Challenges in Security Management Investment spending in Cyber Security Success factors that can strengthen your organization’s cybersecurity posture in the next three years 0% 10% 20% 30% 40% 50% Improvement in technologies Improvement in staffing Increase in funding Cyber intelligence improvements Improvement in threat sharing Reduction in the compliance burden Ability to minimize employee-related risk Reduction in complexity Increase in C-level support Cybersecurity leadership Other Complexity Recruitment $$ Ponemon Institute Research Report, 2018
Trends in Security Management How to Survive in the challenging Security Management? You CANNOT do it all by yourself, find a TRUSTED PARTNER for Security Management
Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access VIRUS / MALWARE INTRUSION RANSOMWARE / Email SPAM / Email Spoofing DoS / Intrusion DDoS / Malicious Website Potential Security Threat is everywhere!!
Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access -- Separate Network -- -- Separate Network -- -- Separate Network -- Cloud-Based Firewall / Web Filtering UTM Firewall Email Security / Application Server EDR NGAV Multi-Dimension Security Protection
Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access DDoS / Malicious Website 1. Centralized Security Log collection and monitoring 2. Automation of security alert and incident recording 3. Remote support for incident recording and assist Security Management Comprehensive Managed Security Service
Ongoing Support Key components on Security Management People Technology Process Secure Connectivity DDoS Protection HKT Internet Platform HKT Private Network Network Security System Security Endpoint Protection Application Control Secure On-Premises Solution HKT School HelpDesk / Security Operation Center
Security Operation Center Tier 1 Tier 2 Tier 3 SOC Manager - Security Expert - Security Intelligence - Security Management Tools and Practice
• Occurred on 12-May-2017 (Friday night) • Take action to disable related firewall TCP ports (139 & 445) in ALL school wifi circuits • Completed all school wifi circuits (400+) on 15-May-2017 (Monday) • Informed schools that HKT already take action to block the TCP ports via Phone & Email • Prepare user guide / preventive actions and sent to schools for them to take action on school’s ITED network School Helpdesk
- Security Risk will keep EVOLVING Key Takeaways - PERIODIC Security Risk Assessment is important - You CANNOT do it all by yourself - Find a TRUTSED PARTNER for security management
Any Questions?
Thank You

Recomendados

3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdfeLearning Consortium 電子學習聯盟
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awarenessTerranovatraining
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification courseJeyaprakashG6
 
Executive Information Security Training
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security TrainingAngela Samuels
 
It security training
It security trainingIt security training
It security traininggethumamaravi
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)Cyber Security Infotech
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 

Recomendados

3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdfeLearning Consortium 電子學習聯盟
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awarenessTerranovatraining
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification courseJeyaprakashG6
 
Executive Information Security Training
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security TrainingAngela Samuels
 
It security training
It security trainingIt security training
It security traininggethumamaravi
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)Cyber Security Infotech
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-bBbAOC
 
IBM Cybersecurity Analyst
IBM Cybersecurity AnalystIBM Cybersecurity Analyst
IBM Cybersecurity AnalystMustafa TOPÇU
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurityHays Recruitment North America
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_doolyzdooly
 
Cyber security and safety
Cyber security and safetyCyber security and safety
Cyber security and safetyDooremoore
 
Infosec
InfosecInfosec
InfosecIsmaila Gassama
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyoneYasir Nafees
 
Cyber Security Awareness Program
Cyber Security Awareness ProgramCyber Security Awareness Program
Cyber Security Awareness ProgramJohn Rocco
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
Education slides_MMPL
Education slides_MMPLEducation slides_MMPL
Education slides_MMPLMedley India Infosolution Pvt Ltd
 
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Avantika University
 
Discovery Home S B Chapter 8
Discovery Home S B Chapter 8Discovery Home S B Chapter 8
Discovery Home S B Chapter 8tinwerf
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNeha Gupta
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017Sustainable Resources Management
 
Introduction to cyber security by cyber security infotech(csi)
Introduction to cyber security by cyber security infotech(csi)Introduction to cyber security by cyber security infotech(csi)
Introduction to cyber security by cyber security infotech(csi)Cyber Security Infotech
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)Cyber Security Infotech
 
Network security
Network securityNetwork security
Network securityWilliam hendric
 
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。eLearning Consortium 電子學習聯盟
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 

Mais conteúdo relacionado

Mais procurados

Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-bBbAOC
 
IBM Cybersecurity Analyst
IBM Cybersecurity AnalystIBM Cybersecurity Analyst
IBM Cybersecurity AnalystMustafa TOPÇU
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_doolyzdooly
 
Cyber security and safety
Cyber security and safetyCyber security and safety
Cyber security and safetyDooremoore
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyoneYasir Nafees
 
Cyber Security Awareness Program
Cyber Security Awareness ProgramCyber Security Awareness Program
Cyber Security Awareness ProgramJohn Rocco
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Avantika University
 
Discovery Home S B Chapter 8
Discovery Home S B Chapter 8Discovery Home S B Chapter 8
Discovery Home S B Chapter 8tinwerf
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNeha Gupta
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Introduction to cyber security by cyber security infotech(csi)
Introduction to cyber security by cyber security infotech(csi)Introduction to cyber security by cyber security infotech(csi)
Introduction to cyber security by cyber security infotech(csi)Cyber Security Infotech
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)Cyber Security Infotech
 

Mais procurados (20)

Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
 
IBM Cybersecurity Analyst
IBM Cybersecurity AnalystIBM Cybersecurity Analyst
IBM Cybersecurity Analyst
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurity
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_dooly
 
Cyber security and safety
Cyber security and safetyCyber security and safety
Cyber security and safety
 
Infosec
InfosecInfosec
Infosec
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
 
Cyber Security Awareness Program
Cyber Security Awareness ProgramCyber Security Awareness Program
Cyber Security Awareness Program
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Education slides_MMPL
Education slides_MMPLEducation slides_MMPL
Education slides_MMPL
 
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
 
Discovery Home S B Chapter 8
Discovery Home S B Chapter 8Discovery Home S B Chapter 8
Discovery Home S B Chapter 8
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017
 
Introduction to cyber security by cyber security infotech(csi)
Introduction to cyber security by cyber security infotech(csi)Introduction to cyber security by cyber security infotech(csi)
Introduction to cyber security by cyber security infotech(csi)
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)
 
Network security
Network securityNetwork security
Network security
 

Semelhante a 1 - HKT Reporting.pdf

II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Eoin Keary
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRhys A. Mossom
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...Netpluz Asia Pte Ltd
 
Mitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsMitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsBeyondTrust
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environmentsamiable_indian
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseLumension
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09technext1
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learningBryan Fendley
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingYogeshIJTSRD
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)PT Datacomm Diangraha
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data LeakagePatty Buckley
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
 

Semelhante a 1 - HKT Reporting.pdf (20)

02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
 
Level3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation SnapshotLevel3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation Snapshot
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolio
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
 
Mitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsMitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT Systems
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
 

Mais de eLearning Consortium 電子學習聯盟

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位eLearning Consortium 電子學習聯盟
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?eLearning Consortium 電子學習聯盟
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and PrinterseLearning Consortium 電子學習聯盟
 

Mais de eLearning Consortium 電子學習聯盟 (20)

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
 
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
 
1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
 
HKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
 
How Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
 
5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf
 
4-Herbal ID.pdf
4-Herbal ID.pdf4-Herbal ID.pdf
4-Herbal ID.pdf
 
3-VisualSonic.pdf
3-VisualSonic.pdf3-VisualSonic.pdf
3-VisualSonic.pdf
 
2-kNOw Touch.pdf
2-kNOw Touch.pdf2-kNOw Touch.pdf
2-kNOw Touch.pdf
 
1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
 
2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
 
07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士
 
06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛
 
04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
 
03 學校網絡安全與防衛
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
 
Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)
 

Último

Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...DhatriParmar
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research DiscourseAnita GoswamiGiri
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxkarenfajardo43
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1GloryAnnCastre1
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 

Último (20)

Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Profession
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research Discourse
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
 

1 - HKT Reporting.pdf

  • 2. Cyber Security and the Trend for Security Management in School Sector Agenda 1. Introduction 2. Assessment Result Sharing and Insight 3. Challenges in Security Management 4. Trends in Security Management 5. Q &A
  • 4. HKT Web Vulnerability Assessment Service Assessment lifecycle Vulnerability Analysis Manual Review Report and Recommendations Information Gathering Scheduled Scanning Week 1 Automated Scanning Week 2-3 Manual Review Week 4 Report & Debriefing Estimated Lead Time
  • 5. HKT Web Vulnerability Assessment Service Vulnerability Assessment Service is performed by a group of security certified engineers
  • 6. Web Services Scanning Host Discovery: 59 ; Web Services: 15 (Around 25% has Web Page Services) Average Risk Score is 54 4 schools Risk Score over average value (around 66% School’s Risk Score is above average Domain Vulnerability Result: 31% risk is in High Risk or above. Application Vulnerability Result: 33% risk is in High Risk Level. There are 283 high risk find in total 849 vulnerability records. 25% 66% 32% HKT’s Web Vulnerability Assessment Summary Duration: Mar,2020 to Dec,2020 Participates: 6 Schools Application Vulnerability Scanning result
  • 7. Ongoing Support Result Highlights 33% of Vulnerabilities are in Critical / High Categories Low 11% Medium 58% High 27% Critical 5% Low Medium High Critical Domain Host Vulnerability Scanning Distribution 0 20 40 60 80 School 1 School 2 School 3 School 4 School 5 School 6 60 45 78 65 55 20 Risk Score Risk Score Average Score Highest Score Lowest Score 54 78 20
  • 8. Ongoing Support Top Security Impact Vulnerabilities Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - SSL/TLS version - OS version - PHP version - Apache version …etc 26% 40% 86% Among the ~15 systems scanned, we find Percentage get the below Vulnerability…… 6.9% of total attacks belongs to this category. 32% of total attacks belongs to this category. 4.7% of total attacks belongs to this category.
  • 9. Ongoing Support Security Risk Impact Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities - Data Leakage / Loss - Content Defacement - Malicious code injection - Malware / Ransomware Infection - Black Listing ➔ Affect SCHOOL OPERATON / REPUTATION The vulnerability may impact your system, result in
  • 10. 10+ years ago Challenges in Security Management IT Support
  • 11. Nowadays IT Support More User Touch Point More System More Data (More Security Risk) Challenges in Security Management
  • 12. Ongoing Support Challenges in Security Management Investment spending in Cyber Security Success factors that can strengthen your organization’s cybersecurity posture in the next three years 0% 10% 20% 30% 40% 50% Improvement in technologies Improvement in staffing Increase in funding Cyber intelligence improvements Improvement in threat sharing Reduction in the compliance burden Ability to minimize employee-related risk Reduction in complexity Increase in C-level support Cybersecurity leadership Other Complexity Recruitment $$ Ponemon Institute Research Report, 2018
  • 13. Trends in Security Management How to Survive in the challenging Security Management? You CANNOT do it all by yourself, find a TRUSTED PARTNER for Security Management
  • 14. Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access VIRUS / MALWARE INTRUSION RANSOMWARE / Email SPAM / Email Spoofing DoS / Intrusion DDoS / Malicious Website Potential Security Threat is everywhere!!
  • 15. Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access -- Separate Network -- -- Separate Network -- -- Separate Network -- Cloud-Based Firewall / Web Filtering UTM Firewall Email Security / Application Server EDR NGAV Multi-Dimension Security Protection
  • 16. Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access DDoS / Malicious Website 1. Centralized Security Log collection and monitoring 2. Automation of security alert and incident recording 3. Remote support for incident recording and assist Security Management Comprehensive Managed Security Service
  • 17. Ongoing Support Key components on Security Management People Technology Process Secure Connectivity DDoS Protection HKT Internet Platform HKT Private Network Network Security System Security Endpoint Protection Application Control Secure On-Premises Solution HKT School HelpDesk / Security Operation Center
  • 18. Security Operation Center Tier 1 Tier 2 Tier 3 SOC Manager - Security Expert - Security Intelligence - Security Management Tools and Practice
  • 19. • Occurred on 12-May-2017 (Friday night) • Take action to disable related firewall TCP ports (139 & 445) in ALL school wifi circuits • Completed all school wifi circuits (400+) on 15-May-2017 (Monday) • Informed schools that HKT already take action to block the TCP ports via Phone & Email • Prepare user guide / preventive actions and sent to schools for them to take action on school’s ITED network School Helpdesk
  • 20. - Security Risk will keep EVOLVING Key Takeaways - PERIODIC Security Risk Assessment is important - You CANNOT do it all by yourself - Find a TRUTSED PARTNER for security management