SlideShare uma empresa Scribd logo

CIO Vietnam Talkshow 40th

Phuc (Peter) Huynh
Phuc (Peter) Huynh

In CIO Vietnam Talkshow 40 Mr. Jim Fitzsimmons gave an interesting presentation about IT Security in Vietnam. There are some facts that are really bad. Jim also proposed some framework of actions that will help fix the IT Security in businesses. In the event, audience and speaker also discussed a lot about the trend in using online services such as email, server, application, etc and the matter of security when use these services. Thank Jim and all the audience very much. We look forward to seeing you in the upcoming event Link to download the presentation below

Tecnologia
1 de 12
Baixar para ler offline
The Failure of IT Security in Vietnam And How an IT Compliance Program Can Help Companies Fix Their Problems
Internet users: 41 million 44% of the population online #18 in the world for number of internet users #124 in the world for % of population online copyright 2014 MF8 International, all rights reserved VIETNAM & THE INTERNET stats source: Internet World Stats 10.2014 VN image from Free Vector Maps Total population: 93.4 million #7 in selected Asia countries for % of population online #5 in selected Asian countries for number of internet users #121 in UN Human Development Index, a Medium Human Development country
copyright 2014 MF8 International, all rights reserved DIGITAL CITIES ONLINE NATIONS FUTURE STATES source: Internet World Stats
#6 for email harvesting dictionary attacks (projecthoneypot.org) #3 source of spam in the world (spamrankings. net) VNPT #2 network in world #3 source of zombified botnet computers (botnet-tracker.blogspot.com) #8 in the world for Gameover Zues infections (shadowserver.org) VNPT #5 network in world copyright 2014 MF8 International, all rights reserved VIETNAM & INTERNET SECURITY & THE OTHER FUTURE STATES #13 in the world for spam servers (projecthoneypot.org) #1 in the world for unpatched Stuxnet vulnerability (kaspersky labs) #1 in the world for active XP PCs (kaspersky labs) #18 source of DDOS attacks (akamai) #8 in last 24 hours 15/10/2014 THAILAND (20 MILLION ONLINE) IS SIGNIFICANTLY LOWER IN ALL LISTS THE PHILIPPINES (44 MILLION ONLINE) HARDLY SHOWS UP IN THE SAME RANKINGS INDONESIA (70 MILLION ONLINE) HAS PROBLEMS, BUT NOTHING LIKE IN VIETNAM
copyright 2014 MF8 International, all rights reserved VIETNAM TELNET PORT 23 COMMAND LINE REMOTE ACCESS SHOULD NEVER BE USED OVER A PUBLIC NETWORK 14,591 PHILIPPINES NETBIOS PORT 139 WINDOWS FILE SHARES COMMON ATTACK TARGET AND SHOULD NEVER BE ACCESSIBLE ON A PUBLIC NETWORK 721 VNC PORT 5900 FULL SCREEN REMOTE ACCESS TO A SERVER REMOTE ACCESS ONLY IF STRICTLY NECESSARY AND WITH VPN, STRONG AUTHENTICATION IN PLACE 160 RDP PORT 3889 FULL SCREEN REMOTE ACCESS TO A WINDOWS SERVER REMOTE ACCESS ONLY IF STRICTLY NECESSARY AND WITH VPN, STRONG AUTHENTICATION IN PLACE 50 MSSQL PORT 1433 MICROSOFT SQL SERVER ACCESS SHOULD NEVER BE REMOTELY ACCESSIBLE 380 TELNET PORT 23 COMMAND LINE REMOTE ACCESS 2,094 NETBIOS PORT 139 WINDOWS FILE SHARES 1,299 VNC PORT 5900 FULL SCREEN REMOTE ACCESS TO A SERVER 165 RDP PORT 3889 FULL REMOTE ACCESS TO A WINDOWS SERVER 94 MSSQL PORT 1433 MICROSOFT SQL SERVER ACCESS 195
copyright 2014 MF8 International, all rights reserved WHY VIETNAM? WHAT ARE THE ROOT CAUSES? NO ONE, INCLUDING IT DEPARTMENTS, KNOW WHAT IS GOING ON WITH THEIR PCs & NETWORKS SYSTEMS ARE NOT CONFIGURED CORRECTLY NO ONE BOTHERS TO UPDATE OLD & UNLICENSED SOFTWARE LACK OF STANDARDS FOR IT STAFF MEANS A FAILURE IN SYSTEMS ADMINISTRATION
copyright 2014 MF8 International, all rights reserved HOW ARE VIETNAMESE BUSINESSES AFFECTED? LOWER STAFF PRODUCTIVITY WITH TIME LOST DUE TO SLOW OR FAILED COMPUTERS & APPLICATIONS IT INVESTMENTS WASTED AS SYSTEMS DO NOT PERFORM WELL IT DEPARTMENTS HAVE TROUBLE SHOWING VALUE TO THE BUSINESS COMPROMISED COMPUTERS MEAN THAT NO DATA IS SECURE
Organize your IT team into roles & responsibilities Use policies to define the right technical and administrative controls for your data Develop a management plan to tie every policy requirement to a role Define compliance measurements for both technology and the people responsible for it copyright 2014 MF8 International, all rights reserved FIXING THIS IS MORE ABOUT MANAGEMENT, NOT JUST TECHNOLOGY THROWING MORE PEOPLE AT THE PROBLEM WONφT FIX IT Understand and document the information that you need to manage & secure and which business stakeholder owns it Train IT staff to policy requirements Work with HR to tie compliance accountability to staff performance Audit quarterly until results consistently demonstrate compliance HOW DO BUSINESSES START TO FIX THE PROBLEM? 12345678
PLANNING AN IT COMPLIANCE PROGRAM copyright 2014 MF8 International, all rights reserved Information inventory & ownership Team roles & responsibilities Assess if existing technology meet policies Develop policies Resolve technology & policy gaps Train team on policies Match roles to policies Develop reporting to information owners Link compliance to HR performance assessment Establish measurements for policies Publish policies 1st internal audit Publish results to information owners Information owners to review & approve policies
jim@mf8international.com THANK YOU
copyright 2014 MF8 International, all rights reserved Harvester projecthoneypot.org A harvester is a computer program that surfs the internet looking for email addresses. Harvesting email addresses from the Internet is the primary way spammers build their lists. Spam Server projecthoneypot.org A spam server is the computer used by a spammer in order to send messages. Many do not belong to the spammers themselves, but instead are "zombies" compromised by viruses or other malware. Comment Spammer projecthoneypot.org Comment spammers do not send email spam. Instead, comment spammers post to blogs and forums. These posts typically include links to sites being promoted by the comment spammer. Dictionary Attacker projecthoneypot.org A dictionary attack involves making up a number of email addresses, sending mail to them, and seeing what is delivered. Spamrankings.net August 2014 VNPT #2 source in the world Botnet-Tracker botnet-tracker. blogspot.com September 2014 data Top 25 w/ suspected botnet IPs VNPT #5 in the world, Viettel #13 Gameover Zeus Infections Shadowserver.org VNPT #5 in world Stuxnet Vulnerability From Kaspersky, known systems vulnerable to infamous stuxnet attack, presumed to because they run Windows XP VN has 38.79% of the world’s active XP computers Source of DDOS Attacks prolexic.com All time data (last 24 hours on 15.10.2014) Targets in USA VN 13 6 3 3 8 1 18 (8) TH 16 23 20 38 10 8 12 (13) PI 35 (28) HK 20 38 (27) SG 64 (43) JN 15 7 3 3 (9) KO 16 7 28 9 9 (3) TW 19 17 14 15 19 1 19 (6) MY 14 18 32 (24) IN 23 15 7 2 17 (18)
copyright 2014 MF8 International, all rights reserved Symantec Malicious Activity by source 2012-13 symantec spam zombies 2012-13 Symantec bot 2012- 13 Symantec web attack origins 2012-13 Symantec network attack origins Symantec top 10 bot by lifespan 2012-13 Symantec top 10 source of botnet spam by location 2013 Countries most affected by online banking malware 2Q 2014 TrendMicro Top spam sending countries 2Q 2014 TrendMicro Vietnam 6 6 10 5 7 Thailand Philippine s 8 HK Singapore Japan 5 6 6 10 1 South Korea 7 Taiwan 4 4 Malaysia 9 Indonesia 4 2 7

Recomendados

One of the most destructive botnets can now spread to nearby Wi-Fi networks
One of the most destructive botnets can now spread to nearby Wi-Fi networksOne of the most destructive botnets can now spread to nearby Wi-Fi networks
One of the most destructive botnets can now spread to nearby Wi-Fi networksAbaram Network Solutions
 
Malware
MalwareMalware
Malwaregalaxy201
 
BotNet Attacks
BotNet AttacksBotNet Attacks
BotNet AttacksRangana lakmal
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection TechniquesTeam Firefly
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsAlexander Decker
 
A Survey of Botnet Detection Techniques
A Survey of Botnet Detection TechniquesA Survey of Botnet Detection Techniques
A Survey of Botnet Detection Techniquesijsrd.com
 
Botnet
BotnetBotnet
BotnetJoshin Gomez
 
Study on Botnet Architecture
Study on Botnet ArchitectureStudy on Botnet Architecture
Study on Botnet ArchitectureBini Bs
 

Recomendados

One of the most destructive botnets can now spread to nearby Wi-Fi networks
One of the most destructive botnets can now spread to nearby Wi-Fi networksOne of the most destructive botnets can now spread to nearby Wi-Fi networks
One of the most destructive botnets can now spread to nearby Wi-Fi networksAbaram Network Solutions
 
Malware
MalwareMalware
Malwaregalaxy201
 
BotNet Attacks
BotNet AttacksBotNet Attacks
BotNet AttacksRangana lakmal
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection TechniquesTeam Firefly
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsAlexander Decker
 
A Survey of Botnet Detection Techniques
A Survey of Botnet Detection TechniquesA Survey of Botnet Detection Techniques
A Survey of Botnet Detection Techniquesijsrd.com
 
Botnet
BotnetBotnet
BotnetJoshin Gomez
 
Study on Botnet Architecture
Study on Botnet ArchitectureStudy on Botnet Architecture
Study on Botnet ArchitectureBini Bs
 
Security Risks of Uneducated Employees
Security Risks of Uneducated EmployeesSecurity Risks of Uneducated Employees
Security Risks of Uneducated EmployeesOriginIT
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesSejahtera Affif
 
Botnet
Botnet Botnet
Botnet PriyanKa Harjai
 
Botnets
BotnetsBotnets
BotnetsVishwadeep Badgujar
 
Stu w25 b
Stu w25 bStu w25 b
Stu w25 bSelectedPresentations
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd Iaetsd
 
Cybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle EastCybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle EastMohamed N. El-Guindy
 
technical disaster
technical disastertechnical disaster
technical disasterkaushik_sutariya_
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Botnet Architecture
Botnet ArchitectureBotnet Architecture
Botnet ArchitectureBhagath Singh Jayaprakasam
 
BOTNET
BOTNETBOTNET
BOTNETArjo Ghosh
 
Cyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastCyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastMohamed N. El-Guindy
 
cyber crime and laws
cyber crime and laws cyber crime and laws
cyber crime and laws Aman Bhargava
 
Security Requirements for IVC Network
Security Requirements for IVC Network Security Requirements for IVC Network
Security Requirements for IVC Network IRJET Journal
 
A Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior AnalysisA Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior Analysisidescitation
 
Global Botnet Detector
Global Botnet DetectorGlobal Botnet Detector
Global Botnet DetectorBrenton Mallen
 
Importance of Electronic Surveillance in Criminal Investigation
Importance of Electronic Surveillance in Criminal InvestigationImportance of Electronic Surveillance in Criminal Investigation
Importance of Electronic Surveillance in Criminal InvestigationIRJET Journal
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of LaptoInfosec Europe
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ckNarinrit Prem-apiwathanokul
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnetyogendra singh chahar
 
Havenstad Media Brochure
Havenstad Media BrochureHavenstad Media Brochure
Havenstad Media BrochureDirk van Nieuwpoort
 
Juega y aprende
Juega y aprendeJuega y aprende
Juega y aprendeademir corimaya
 

Mais conteúdo relacionado

Mais procurados

Security Risks of Uneducated Employees
Security Risks of Uneducated EmployeesSecurity Risks of Uneducated Employees
Security Risks of Uneducated EmployeesOriginIT
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesSejahtera Affif
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd Iaetsd
 
Cybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle EastCybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle EastMohamed N. El-Guindy
 
Cyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastCyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastMohamed N. El-Guindy
 
cyber crime and laws
cyber crime and laws cyber crime and laws
cyber crime and laws Aman Bhargava
 
Security Requirements for IVC Network
Security Requirements for IVC Network Security Requirements for IVC Network
Security Requirements for IVC Network IRJET Journal
 
A Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior AnalysisA Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior Analysisidescitation
 
Global Botnet Detector
Global Botnet DetectorGlobal Botnet Detector
Global Botnet DetectorBrenton Mallen
 
Importance of Electronic Surveillance in Criminal Investigation
Importance of Electronic Surveillance in Criminal InvestigationImportance of Electronic Surveillance in Criminal Investigation
Importance of Electronic Surveillance in Criminal InvestigationIRJET Journal
 

Mais procurados (20)

Security Risks of Uneducated Employees
Security Risks of Uneducated EmployeesSecurity Risks of Uneducated Employees
Security Risks of Uneducated Employees
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antiviruses
 
Botnet
Botnet Botnet
Botnet
 
Botnets
BotnetsBotnets
Botnets
 
Stu w25 b
Stu w25 bStu w25 b
Stu w25 b
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
 
Cybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle EastCybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle East
 
technical disaster
technical disastertechnical disaster
technical disaster
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
 
Botnet Architecture
Botnet ArchitectureBotnet Architecture
Botnet Architecture
 
BOTNET
BOTNETBOTNET
BOTNET
 
Cyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastCyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle East
 
cyber crime and laws
cyber crime and laws cyber crime and laws
cyber crime and laws
 
Security Requirements for IVC Network
Security Requirements for IVC Network Security Requirements for IVC Network
Security Requirements for IVC Network
 
A Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior AnalysisA Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior Analysis
 
Global Botnet Detector
Global Botnet DetectorGlobal Botnet Detector
Global Botnet Detector
 
Importance of Electronic Surveillance in Criminal Investigation
Importance of Electronic Surveillance in Criminal InvestigationImportance of Electronic Surveillance in Criminal Investigation
Importance of Electronic Surveillance in Criminal Investigation
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of Lapto
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ck
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnet
 

Destaque

CIO Talkshow 15: Hành Trinh Từ CIO đến CEO - Thạc Sỹ Lê Tấn Lộc, Nguyên Tổng ...
CIO Talkshow 15: Hành Trinh Từ CIO đến CEO - Thạc Sỹ Lê Tấn Lộc, Nguyên Tổng ...CIO Talkshow 15: Hành Trinh Từ CIO đến CEO - Thạc Sỹ Lê Tấn Lộc, Nguyên Tổng ...
CIO Talkshow 15: Hành Trinh Từ CIO đến CEO - Thạc Sỹ Lê Tấn Lộc, Nguyên Tổng ...Phuc (Peter) Huynh
 
Report chef the_ultimate_list_of_slack_communities_2 (1)
Report chef the_ultimate_list_of_slack_communities_2 (1)Report chef the_ultimate_list_of_slack_communities_2 (1)
Report chef the_ultimate_list_of_slack_communities_2 (1)Dmitry Yanin
 
Evenementenmodule en Inschrijvingsmodule - verbondsraad 5 oktober
Evenementenmodule en Inschrijvingsmodule - verbondsraad 5 oktoberEvenementenmodule en Inschrijvingsmodule - verbondsraad 5 oktober
Evenementenmodule en Inschrijvingsmodule - verbondsraad 5 oktoberPieter-Jan Maesen
 
Passive intermediate language practice
Passive intermediate language practicePassive intermediate language practice
Passive intermediate language practiceguest003aec
 
Clear Presentation April 2010
Clear Presentation April 2010Clear Presentation April 2010
Clear Presentation April 2010Nick Washington
 
The infernal comedy script
The infernal comedy scriptThe infernal comedy script
The infernal comedy scriptguest003aec
 
Bản tin nội bộ CIO Viet Nam số 1
Bản tin nội bộ CIO Viet Nam số 1Bản tin nội bộ CIO Viet Nam số 1
Bản tin nội bộ CIO Viet Nam số 1Phuc (Peter) Huynh
 
Web 4.0 (or The importance of R&D)
Web 4.0 (or The importance of R&D)Web 4.0 (or The importance of R&D)
Web 4.0 (or The importance of R&D)Russell Cavell
 
CIO Talkshow : Manage IT as a Business - Vu Mai Tung CIO of OCB
CIO Talkshow : Manage IT as a Business - Vu Mai Tung CIO of OCBCIO Talkshow : Manage IT as a Business - Vu Mai Tung CIO of OCB
CIO Talkshow : Manage IT as a Business - Vu Mai Tung CIO of OCBPhuc (Peter) Huynh
 
Cisco io t for vietnam cio community 2 apr 2015 - split
Cisco io t for vietnam cio community 2 apr 2015 - splitCisco io t for vietnam cio community 2 apr 2015 - split
Cisco io t for vietnam cio community 2 apr 2015 - splitPhuc (Peter) Huynh
 
CIO Talkshow 34: Strategic Vision of IT - Phan Công Chính - CEO ò GESO
CIO Talkshow 34: Strategic Vision of IT - Phan Công Chính - CEO ò GESOCIO Talkshow 34: Strategic Vision of IT - Phan Công Chính - CEO ò GESO
CIO Talkshow 34: Strategic Vision of IT - Phan Công Chính - CEO ò GESOPhuc (Peter) Huynh
 

Destaque (17)

Havenstad Media Brochure
Havenstad Media BrochureHavenstad Media Brochure
Havenstad Media Brochure
 
Juega y aprende
Juega y aprendeJuega y aprende
Juega y aprende
 
CIO Talkshow 15: Hành Trinh Từ CIO đến CEO - Thạc Sỹ Lê Tấn Lộc, Nguyên Tổng ...
CIO Talkshow 15: Hành Trinh Từ CIO đến CEO - Thạc Sỹ Lê Tấn Lộc, Nguyên Tổng ...CIO Talkshow 15: Hành Trinh Từ CIO đến CEO - Thạc Sỹ Lê Tấn Lộc, Nguyên Tổng ...
CIO Talkshow 15: Hành Trinh Từ CIO đến CEO - Thạc Sỹ Lê Tấn Lộc, Nguyên Tổng ...
 
Report chef the_ultimate_list_of_slack_communities_2 (1)
Report chef the_ultimate_list_of_slack_communities_2 (1)Report chef the_ultimate_list_of_slack_communities_2 (1)
Report chef the_ultimate_list_of_slack_communities_2 (1)
 
Evenementenmodule en Inschrijvingsmodule - verbondsraad 5 oktober
Evenementenmodule en Inschrijvingsmodule - verbondsraad 5 oktoberEvenementenmodule en Inschrijvingsmodule - verbondsraad 5 oktober
Evenementenmodule en Inschrijvingsmodule - verbondsraad 5 oktober
 
Passive intermediate language practice
Passive intermediate language practicePassive intermediate language practice
Passive intermediate language practice
 
Success
SuccessSuccess
Success
 
Why we do Agile
Why we do AgileWhy we do Agile
Why we do Agile
 
Clear Presentation April 2010
Clear Presentation April 2010Clear Presentation April 2010
Clear Presentation April 2010
 
Juega y aprende
Juega y aprendeJuega y aprende
Juega y aprende
 
The infernal comedy script
The infernal comedy scriptThe infernal comedy script
The infernal comedy script
 
Bản tin nội bộ CIO Viet Nam số 1
Bản tin nội bộ CIO Viet Nam số 1Bản tin nội bộ CIO Viet Nam số 1
Bản tin nội bộ CIO Viet Nam số 1
 
Web 4.0 (or The importance of R&D)
Web 4.0 (or The importance of R&D)Web 4.0 (or The importance of R&D)
Web 4.0 (or The importance of R&D)
 
CIO Talkshow : Manage IT as a Business - Vu Mai Tung CIO of OCB
CIO Talkshow : Manage IT as a Business - Vu Mai Tung CIO of OCBCIO Talkshow : Manage IT as a Business - Vu Mai Tung CIO of OCB
CIO Talkshow : Manage IT as a Business - Vu Mai Tung CIO of OCB
 
Cisco io t for vietnam cio community 2 apr 2015 - split
Cisco io t for vietnam cio community 2 apr 2015 - splitCisco io t for vietnam cio community 2 apr 2015 - split
Cisco io t for vietnam cio community 2 apr 2015 - split
 
Curriculum Vitae
Curriculum VitaeCurriculum Vitae
Curriculum Vitae
 
CIO Talkshow 34: Strategic Vision of IT - Phan Công Chính - CEO ò GESO
CIO Talkshow 34: Strategic Vision of IT - Phan Công Chính - CEO ò GESOCIO Talkshow 34: Strategic Vision of IT - Phan Công Chính - CEO ò GESO
CIO Talkshow 34: Strategic Vision of IT - Phan Công Chính - CEO ò GESO
 

Semelhante a CIO Vietnam Talkshow 40th

Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014David Berkelmans
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security reportMarco Antonio Agnese
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityDistil Networks
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfLucaMartins7
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII studentsAkiumi Hasegawa
 
LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014Ashlie Steele
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesAlireza Ghahrood
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Week 13 ch14 c
Week 13 ch14 cWeek 13 ch14 c
Week 13 ch14 cZahir Reza
 
Balancing Your Internet Cyber-Life with Privacy and Security
Balancing Your Internet Cyber-Life with Privacy and SecurityBalancing Your Internet Cyber-Life with Privacy and Security
Balancing Your Internet Cyber-Life with Privacy and Securityevolutionaryit
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Ransomware attacks reveton
Ransomware attacks revetonRansomware attacks reveton
Ransomware attacks revetonMumbere Joab
 
2008 Trends
2008 Trends2008 Trends
2008 TrendsTBledsoe
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 

Semelhante a CIO Vietnam Talkshow 40th (20)

Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security report
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII students
 
LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antiviruses
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Week 13 ch14 c
Week 13 ch14 cWeek 13 ch14 c
Week 13 ch14 c
 
Balancing Your Internet Cyber-Life with Privacy and Security
Balancing Your Internet Cyber-Life with Privacy and SecurityBalancing Your Internet Cyber-Life with Privacy and Security
Balancing Your Internet Cyber-Life with Privacy and Security
 
Internet as media
Internet as mediaInternet as media
Internet as media
 
Security tools
Security toolsSecurity tools
Security tools
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits Attack
 
C3
C3C3
C3
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
Ransomware attacks reveton
Ransomware attacks revetonRansomware attacks reveton
Ransomware attacks reveton
 
2008 Trends
2008 Trends2008 Trends
2008 Trends
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 

Último

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

CIO Vietnam Talkshow 40th

  • 1. The Failure of IT Security in Vietnam And How an IT Compliance Program Can Help Companies Fix Their Problems
  • 2. Internet users: 41 million 44% of the population online #18 in the world for number of internet users #124 in the world for % of population online copyright 2014 MF8 International, all rights reserved VIETNAM & THE INTERNET stats source: Internet World Stats 10.2014 VN image from Free Vector Maps Total population: 93.4 million #7 in selected Asia countries for % of population online #5 in selected Asian countries for number of internet users #121 in UN Human Development Index, a Medium Human Development country
  • 3. copyright 2014 MF8 International, all rights reserved DIGITAL CITIES ONLINE NATIONS FUTURE STATES source: Internet World Stats
  • 4. #6 for email harvesting dictionary attacks (projecthoneypot.org) #3 source of spam in the world (spamrankings. net) VNPT #2 network in world #3 source of zombified botnet computers (botnet-tracker.blogspot.com) #8 in the world for Gameover Zues infections (shadowserver.org) VNPT #5 network in world copyright 2014 MF8 International, all rights reserved VIETNAM & INTERNET SECURITY & THE OTHER FUTURE STATES #13 in the world for spam servers (projecthoneypot.org) #1 in the world for unpatched Stuxnet vulnerability (kaspersky labs) #1 in the world for active XP PCs (kaspersky labs) #18 source of DDOS attacks (akamai) #8 in last 24 hours 15/10/2014 THAILAND (20 MILLION ONLINE) IS SIGNIFICANTLY LOWER IN ALL LISTS THE PHILIPPINES (44 MILLION ONLINE) HARDLY SHOWS UP IN THE SAME RANKINGS INDONESIA (70 MILLION ONLINE) HAS PROBLEMS, BUT NOTHING LIKE IN VIETNAM
  • 5. copyright 2014 MF8 International, all rights reserved VIETNAM TELNET PORT 23 COMMAND LINE REMOTE ACCESS SHOULD NEVER BE USED OVER A PUBLIC NETWORK 14,591 PHILIPPINES NETBIOS PORT 139 WINDOWS FILE SHARES COMMON ATTACK TARGET AND SHOULD NEVER BE ACCESSIBLE ON A PUBLIC NETWORK 721 VNC PORT 5900 FULL SCREEN REMOTE ACCESS TO A SERVER REMOTE ACCESS ONLY IF STRICTLY NECESSARY AND WITH VPN, STRONG AUTHENTICATION IN PLACE 160 RDP PORT 3889 FULL SCREEN REMOTE ACCESS TO A WINDOWS SERVER REMOTE ACCESS ONLY IF STRICTLY NECESSARY AND WITH VPN, STRONG AUTHENTICATION IN PLACE 50 MSSQL PORT 1433 MICROSOFT SQL SERVER ACCESS SHOULD NEVER BE REMOTELY ACCESSIBLE 380 TELNET PORT 23 COMMAND LINE REMOTE ACCESS 2,094 NETBIOS PORT 139 WINDOWS FILE SHARES 1,299 VNC PORT 5900 FULL SCREEN REMOTE ACCESS TO A SERVER 165 RDP PORT 3889 FULL REMOTE ACCESS TO A WINDOWS SERVER 94 MSSQL PORT 1433 MICROSOFT SQL SERVER ACCESS 195
  • 6. copyright 2014 MF8 International, all rights reserved WHY VIETNAM? WHAT ARE THE ROOT CAUSES? NO ONE, INCLUDING IT DEPARTMENTS, KNOW WHAT IS GOING ON WITH THEIR PCs & NETWORKS SYSTEMS ARE NOT CONFIGURED CORRECTLY NO ONE BOTHERS TO UPDATE OLD & UNLICENSED SOFTWARE LACK OF STANDARDS FOR IT STAFF MEANS A FAILURE IN SYSTEMS ADMINISTRATION
  • 7. copyright 2014 MF8 International, all rights reserved HOW ARE VIETNAMESE BUSINESSES AFFECTED? LOWER STAFF PRODUCTIVITY WITH TIME LOST DUE TO SLOW OR FAILED COMPUTERS & APPLICATIONS IT INVESTMENTS WASTED AS SYSTEMS DO NOT PERFORM WELL IT DEPARTMENTS HAVE TROUBLE SHOWING VALUE TO THE BUSINESS COMPROMISED COMPUTERS MEAN THAT NO DATA IS SECURE
  • 8. Organize your IT team into roles & responsibilities Use policies to define the right technical and administrative controls for your data Develop a management plan to tie every policy requirement to a role Define compliance measurements for both technology and the people responsible for it copyright 2014 MF8 International, all rights reserved FIXING THIS IS MORE ABOUT MANAGEMENT, NOT JUST TECHNOLOGY THROWING MORE PEOPLE AT THE PROBLEM WONφT FIX IT Understand and document the information that you need to manage & secure and which business stakeholder owns it Train IT staff to policy requirements Work with HR to tie compliance accountability to staff performance Audit quarterly until results consistently demonstrate compliance HOW DO BUSINESSES START TO FIX THE PROBLEM? 12345678
  • 9. PLANNING AN IT COMPLIANCE PROGRAM copyright 2014 MF8 International, all rights reserved Information inventory & ownership Team roles & responsibilities Assess if existing technology meet policies Develop policies Resolve technology & policy gaps Train team on policies Match roles to policies Develop reporting to information owners Link compliance to HR performance assessment Establish measurements for policies Publish policies 1st internal audit Publish results to information owners Information owners to review & approve policies
  • 11. copyright 2014 MF8 International, all rights reserved Harvester projecthoneypot.org A harvester is a computer program that surfs the internet looking for email addresses. Harvesting email addresses from the Internet is the primary way spammers build their lists. Spam Server projecthoneypot.org A spam server is the computer used by a spammer in order to send messages. Many do not belong to the spammers themselves, but instead are "zombies" compromised by viruses or other malware. Comment Spammer projecthoneypot.org Comment spammers do not send email spam. Instead, comment spammers post to blogs and forums. These posts typically include links to sites being promoted by the comment spammer. Dictionary Attacker projecthoneypot.org A dictionary attack involves making up a number of email addresses, sending mail to them, and seeing what is delivered. Spamrankings.net August 2014 VNPT #2 source in the world Botnet-Tracker botnet-tracker. blogspot.com September 2014 data Top 25 w/ suspected botnet IPs VNPT #5 in the world, Viettel #13 Gameover Zeus Infections Shadowserver.org VNPT #5 in world Stuxnet Vulnerability From Kaspersky, known systems vulnerable to infamous stuxnet attack, presumed to because they run Windows XP VN has 38.79% of the world’s active XP computers Source of DDOS Attacks prolexic.com All time data (last 24 hours on 15.10.2014) Targets in USA VN 13 6 3 3 8 1 18 (8) TH 16 23 20 38 10 8 12 (13) PI 35 (28) HK 20 38 (27) SG 64 (43) JN 15 7 3 3 (9) KO 16 7 28 9 9 (3) TW 19 17 14 15 19 1 19 (6) MY 14 18 32 (24) IN 23 15 7 2 17 (18)
  • 12. copyright 2014 MF8 International, all rights reserved Symantec Malicious Activity by source 2012-13 symantec spam zombies 2012-13 Symantec bot 2012- 13 Symantec web attack origins 2012-13 Symantec network attack origins Symantec top 10 bot by lifespan 2012-13 Symantec top 10 source of botnet spam by location 2013 Countries most affected by online banking malware 2Q 2014 TrendMicro Top spam sending countries 2Q 2014 TrendMicro Vietnam 6 6 10 5 7 Thailand Philippine s 8 HK Singapore Japan 5 6 6 10 1 South Korea 7 Taiwan 4 4 Malaysia 9 Indonesia 4 2 7