SlideShare uma empresa Scribd logo

OWASP Iceland - Hvert er þroskastig netöryggismála á Íslandi? - April 2014

Svavar Ingi Hermannsson
Svavar Ingi Hermannsson

Ég fann glærur frá fyrirlestri sem ég hélt fyrir OWASP á Íslandi í apríl 2014 og ákvað að skella þeim hérna á slideshare. Glærurnar er einnig hægt að nálgast af vefsíðu OWASP: https://www.owasp.org/images/6/64/OWASP_april_2014.pdf

Tecnologia
1 de 29
Baixar para ler offline
Hvert er þroskastig netöryggismála á Íslandi? OWASP Iceland – apríl 2014 Svavar Ingi Hermannsson KPMG, Ráðgjafarsvið
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 1 Dagskrá Kynning Tilgangur Heildarmynd – Almennar forsendur Netið skoðað – Aðferðir – Niðurstöður Varnarþættir – Eftirlitsþættir Yfirlit
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 2 Hver er ég? Svavar Ingi Hermannsson hefur sérhæft sig í tölvuöryggi síðustu 15 ár og hefur gengt ýmsum störfum tengt forritun og ráðgjöf í tölvuöryggi (innbrotsprófanir, veikleikagreiningar, kóðarýni, stjórnun upplýsingaöryggis (þar á meðal ISO/IEC 27001 og PCI DSS)). Svavar hefur kennt við Háskóla Íslands og Háskólann í Reykjavik, auk þess að hafa haldið námskeið fyrir viðskiptavini KPMG. Svavar var formaður faghóps um öryggismál hjá Skýrslutæknifélaginu frá 2007 til 2012. Svavar er með ýmsar gráður, meðal annars: CISSP, CISA, CISM. Kynning
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 3 Tilgangur rannsóknarinnar? KPMG hafði áhuga á að vita þroskastig upplýsinga og netöryggismála á íslandi. Spurning; Hvernig er netöryggi á Íslandi háttað? Við fundum engar rannsóknir sem gáfu heildaryfirlit yfir núverandi stöðu mála. Takmarkað af upplýsingum til staðar. Margar spurningar, fá svör
Púslum raðað saman
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 5 Rannsókn – Almennar forsendur – Menntun / Vitund Ýmsir þættir sem hafa áhrif á netöryggi: Menntun / Vitund Þáttaka stjórnenda / Fjárhagslegir þættir Símenntun / Upplýsinga- öryggisvottanir Mennta kerfið Netöryggi Á háskóla stigi: -Ef boðið hefur verið upp á kúrsa í tölvuöryggi þá hafa þeir verið valkúrsar. -Margir tölvuöryggiskúrsar í gegnum tíðina hafa lagt áherslu á dulkóðun. Hvernig styður núverandi menntakerfi við Vitundarvakningu í upplýsingaöryggi? Á grunnskóla / gagnfræðiskólastigi? - Það eru tækifæri til að byrja þar - Öryggisvitund snemma
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 6 Rannsókn – Almennar forsendur – Upplýsingaöryggisgráður Ýmsir þættir sem hafa áhrif á netöryggi: Upplýsingaöryggisgráður Þáttaka stjórnenda / Fjárhagslegir þættir Menntakerfið Netöryggi What security certifications is the industry using? 15 CEH 16 CISA 6 CISSP 4 CISM Source: (https://www.isaca.org/) Source: (https://www.eccouncil.org) Source: (https://www.isc2.org) Símenntun / Upplýsinga- öryggisvottanir
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 7 Rannsókn – Almennar forsendur – Aðgengilegar upplýsingar Fjöldi ISO/IEC 27001 vottaðra fyrirtækja á Íslandi Fjöldi tilkynntra afskræmdra vefsíðna á íslenskum lénum fyrir árið 2013, dagsetning 10.09.2013 (zone-h.org) #fjöldi skráðra .is léna 45.201 # tilkynntar afskræmingar 823 Það er tilhneiging að gera lítið úr afhausunum vefsíðna Það sem þau halda að það sé! Það sem við vitum að það er! 20
Netið skoðað
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 9 Netið skoðað – Allir vinir í skóginum Við vildum prófa allt… hinsvegar Við framkvæmdum ekki veikleikagreiningu á netunum sem við skönnuðum. Áhættan var talin of mikil!
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 10 Hvað var skoðað? ? Ísland (port skönnun) Netupplýsingar aðgengilegar almenningi (570 aðilar) IPv4 Opin port Keyrandi þjónustur Vefmiðlarar WCMS DNS Tveir stærstu þættir rannsóknarinnar
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 11 Aðferðir? ? ? Allar IPv4 úthlutaðar til Íslands skannaðar, 770.000 IP tölur í heildina Reykjavik Internet Exchange – RIX This is a list of Autonomous System Numbers that are, to the best of our knowledge, registered to Icelandic entities and are in use in Iceland. From the networks originated by these AS numbers we derive a list of IP networks in use in Iceland. Please note that this is not a geo-location service, as there are always networks in use in Iceland that are originated by external AS numbers or by AS numbers registered to foreign or international service providers. Some networks, registered to Icelandic entities, are in use abroad, partially or totally. When we refer to Icelandic AS-numbers or networks, please bear this in mind. Rannsóknin spannaði júní – ágúst 2013. Notast við •ADSL tengingu •Port skanna •Sérsniðin skönnunar og greiningar tól •Landið skannað: 100 port Source: (http://www.rix.is/english/is-as-nets-en.html)
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 12 Rannsókn – Skönnun á IP tölum Íslands Skönnun á öllum IPv4 sem tilheyra Íslandi, Í heildina 770.000 IP tölur Open ports 37.970 Http 13.924 Https 1949 Telnet 9670 POP3 1383 FTP 6021 2026 CISCO CISCO Telnet 755 Honey pots = 2
Lénin skoðuð
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 14 Rannsókn – Lénin Uppbygging rannsóknarinnar og umfang fyrir íslensku lénin. 300 stærstu Stærstu 300 fyrirtækin byggt á veltu fyrir árið 2012 Í heildina var notast við 570 lén í rannsókninni Sérvaldir aðilar Ýmsir aðilar úr fjármála og opinbera atvinnugeiranum Á þessari kynningu munum við einbeita okkur að heildinni auk þess sem eftirfarandi þrjár atvinnugreinar eru skoðaðar: Public – Financial - Healthcare Atvinnu- greinar Flokkað í 37 atvinnugreinar
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 15 Niðurstöður – Vefmiðlarar • Rannsóknin skoðaði vefmiðlarana sem hýstu 570 lénin • Áhætta er skilgreind sem mikil eða lítil 34,5% 36% Low Risk High Risk Heildar niðurstöður 29,5% Information not available 22% 41% 38% 33% 35% 41% 25% 33% 36% 41% 30% 36% 35% 37% 58% 47% 42% 17% 33% 30% 29% 22% 17% 20% 0% 20% 40% 60% 80% 100% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Atvinnugeiri Webserver niðurstöður eftir atvinnugeirum Low Risk High Risk Not known
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 16 Niðurstöður – Web Content Management Systems (WCMS) • Rannsóknin skoðaði WCMS í notkun hjá 570 lénunum. • Áhætta er skilgreind sem mikil eða lág. 8% 12% Low Risk High Risk 80% Information not available Heildar niðurstöður 2% 12% 8% 6% 6% 15% 4% 7% 5% 15% 18% 3% 10% 15% 33% 7% 93% 73% 75% 91% 84% 70% 63% 87% 0% 20% 40% 60% 80% 100% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Atvinnugeiri WebCMS niðurstöður eftir atvinnugeirum Low Risk High Risk Not known
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 17 Niðurstöður – Web Content Management Systems (WCMS) - framhald • Hversu mörg óþekkt WCMS voru Íslensk af þessum 570? Íslensk WCMS: 40,7% WCMS - A WCMS - B WCMS - C Dreifing 15,9 % 11 % 11 % Dreifing WCMS 68% 27% 58% 21% 19% 22% 21% 53% 0% 20% 40% 60% 80% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Hlutfall Atvinnugeiri Hlutfall íslenskra vefja eftir atvinnugeirum
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 18 Niðurstöður – DNS • Hvernig er dreifingin á DNS skráningu? • Fjöldi DNS miðlara fyrir 570 lénin: 309 SP A SP B SP C Dreifing léna 16,9 % 11,5 % 9 % Stærstu DNS miðlararnir Bind Microsoft Unknown / hidden Hlutdeild 32 % 5,2 % 61,5 % DNS útgáfur Bind sem lekur upplýsingum um stýrikerfi: 46
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 19 Niðurstöður – TLS/SSL • Hversu margar einstakar IP tölur voru fyrir 570 lénin? 342 IP tölur • Hversu margar af þessum 342 IP tölum bjóða upp á TLS/SSL? 188 (55%) Weak Cipher SSLv2 MD5 Veikleikar sem fundust 96,3 % 39,4 % 4,8 % Veikleikar skoðaðir: Self signed Expired Veikleikar sem fundust 16,5 % 15,4 % Aðrir þættir:
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 20 Niðurstöður – FTP • Hversu margar af 342 IP tölunum bjóða upp á FTP? 152 • Hversu margar af þessum 152 auglýsa TLS/SSL stuðning? 21 (13,8%) Microsoft Vsftpd Proftpd Hlutdeild 26,3 % 17,1 % 14,5 % Dreifing milli tegunda
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 21 Niðurstöður – Dreifing á IP tölur • Hvernig er dreifingunni háttað fyrir þessar 342 IP tölur með tilliti til 570 l? • Hversu stór hluti léna er á umfangsmestu IP tölurnar? 34 umfangsmestu IP tölur Aðrar IP tölur Teknar eru fyrir 34 stærstu af 342 38 % 62 % Dreifing léna á IP tölur 5 5 5 5 5 5 6 6 6 7 8 8 10 11 12 14 16 32 0 10 20 30 40 rrr.rrr.rrr qqq.qqq.qqq ppp.ppp.ppp ooo.ooo.ooo nnn.nnn.nnn mmm.mmm.mmm lll.lll.lll kkk.kkk.kkk jjj.jjj.jjj iii.iii.iii hhh.hhh.hhh ggg.ggg.ggg fff.fff.fff eee.eee.eee ddd.ddd.ddd ccc.ccc.ccc bbb.bbb.bbb aaa.aaa.aaa Lén IPtölur Fjöldi síðna á hverja IP tölu
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 22 Niðurstöður – Dreifing milli þjónustuaðila • Hvernig var dreifingin milli þjónustuaðila fyrir þessi 570 lén? SP A SP B SP C Hlutdeild 7,3 % 5,3 % 4,9 % Dreifing Þjónustuaðila Þj. 1 9% Þj 2 9% Þj. 3 8% Þj. 4 7% Þj. 5 7% Þj. 6 6%Þj. 7 5% Þj. 8 6% Þj. 9 6% Aðrir 37% Dreifing á lénum milli þjónustuaðila Dreifing þar sem Þjónustuaðilar eru þekktir:
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 23 Niðurstöður – Umfang og frávik nafnamiðlara • Hverjir eru stærstu nafnamiðlararnir? • Hversu mikið frávik eru á milli stærstu og minnstu nafnamiðlara hjá hverjum þjónustuaðila? 7 7 7 8 10 10 10 10 12 13 15 16 24 24 26 40 52 66 97 0 20 40 60 80 100 120 Nafnamiðlari 19 Nafnamiðlari 18 Nafnamiðlari 17 Nafnamiðlari 16 Nafnamiðlari 15 Nafnamiðlari 14 Nafnamiðlari 13 Nafnamiðlari 12 Nafnamiðlari 11 Nafnamiðlari 10 Nafnamiðlari 9 Nafnamiðlari 8 Nafnamiðlari 7 Nafnamiðlari 6 Nafnamiðlari 5 Nafnamiðlari 4 Nafnamiðlari 3 Nafnamiðlari 2 Nafnamiðlari 1 Lén Þjónustuaðili Umfang nafnamiðlara hjá þjónustuaðila 0% 0% 0% 0% 0% 0% 0% 0% 0% 6% 10% 14% 20% 42% 46% 50% 50% 71% 88% 0% 20% 40% 60% 80% 100% Nafnamiðlari 19 Nafnamiðlari 15 Nafnamiðlari 14 Nafnamiðlari 11 Nafnamiðlari 10 Nafnamiðlari 9 Nafnamiðlari 7 Nafnamiðlari 5 Nafnamiðlari 2 Nafnamiðlari 1 Nafnamiðlari 13 Nafnamiðlari 18 Nafnamiðlari 12 Nafnamiðlari 6 Nafnamiðlari 3 Nafnamiðlari 16 Nafnamiðlari 4 Nafnamiðlari 17 Nafnamiðlari 8 Frávik (munur á stærsta og lægsta nafnamiðlara) Þjónustuaðili Frávik á nafnamiðlurum þjónustuaðila
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 24 Varnarþættir
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 25 Hvaða fyrirbyggjandi stýringar og eftirlitsþættir eru í boði? Australian Government – Department of Defense “At least 85% of the targeted cyber intrusions that Defense Signals Directorate (DSD) responds to in 2011 could be prevented by following the Top 4 mitigation strategies listed in our Strategies to Mitigate Targeted Cyber Intrusions” Helstu 35 eftirlitsþættirnir og stýringarnar http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 26 Helstu 35 eftirlitsþættirnir og stýringarnar http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
Stóra spurningin / Yfirlit Hvert er þroskastig netöryggismála á Íslandi?
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we Endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. kpmg.com/socialmedia Spurningar? shermannsson@kpmg.is

Recomendados

EU data protection laws and impacts on healthcare applications and health data
EU data protection laws and impacts on healthcare applications and health dataEU data protection laws and impacts on healthcare applications and health data
EU data protection laws and impacts on healthcare applications and health data
Speck&Tech
 
WatchU Company Profile
WatchU Company ProfileWatchU Company Profile
WatchU Company Profile
Justin Fisher
 
Data Quality Challenges to Big Data_Practical Insights_KPMG Presentation 20.4...
Data Quality Challenges to Big Data_Practical Insights_KPMG Presentation 20.4...Data Quality Challenges to Big Data_Practical Insights_KPMG Presentation 20.4...
Data Quality Challenges to Big Data_Practical Insights_KPMG Presentation 20.4...
Hugo van Hoogstraten
 
Astral Corporate Profile
Astral Corporate ProfileAstral Corporate Profile
Astral Corporate Profile
guest7daa00a
 
2013 10-09 oneia what’s next with sr&ed
2013 10-09 oneia what’s next with sr&ed2013 10-09 oneia what’s next with sr&ed
2013 10-09 oneia what’s next with sr&ed
ONEIA
 
IBPS SSC Govt Jobs News
IBPS SSC Govt Jobs NewsIBPS SSC Govt Jobs News
IBPS SSC Govt Jobs News
MPUP School
 
UPPLÝSINGAÖRYGGI OG OPINBERIR VEFIR
UPPLÝSINGAÖRYGGI OG OPINBERIR VEFIRUPPLÝSINGAÖRYGGI OG OPINBERIR VEFIR
UPPLÝSINGAÖRYGGI OG OPINBERIR VEFIR
Svavar Ingi Hermannsson
 
Pharmacology
PharmacologyPharmacology
Pharmacology
Tetraponera Rufonigra
 

Recomendados

EU data protection laws and impacts on healthcare applications and health data
EU data protection laws and impacts on healthcare applications and health dataEU data protection laws and impacts on healthcare applications and health data
EU data protection laws and impacts on healthcare applications and health data
Speck&Tech
 
WatchU Company Profile
WatchU Company ProfileWatchU Company Profile
WatchU Company Profile
Justin Fisher
 
Data Quality Challenges to Big Data_Practical Insights_KPMG Presentation 20.4...
Data Quality Challenges to Big Data_Practical Insights_KPMG Presentation 20.4...Data Quality Challenges to Big Data_Practical Insights_KPMG Presentation 20.4...
Data Quality Challenges to Big Data_Practical Insights_KPMG Presentation 20.4...
Hugo van Hoogstraten
 
Astral Corporate Profile
Astral Corporate ProfileAstral Corporate Profile
Astral Corporate Profile
guest7daa00a
 
2013 10-09 oneia what’s next with sr&ed
2013 10-09 oneia what’s next with sr&ed2013 10-09 oneia what’s next with sr&ed
2013 10-09 oneia what’s next with sr&ed
ONEIA
 
IBPS SSC Govt Jobs News
IBPS SSC Govt Jobs NewsIBPS SSC Govt Jobs News
IBPS SSC Govt Jobs News
MPUP School
 
UPPLÝSINGAÖRYGGI OG OPINBERIR VEFIR
UPPLÝSINGAÖRYGGI OG OPINBERIR VEFIRUPPLÝSINGAÖRYGGI OG OPINBERIR VEFIR
UPPLÝSINGAÖRYGGI OG OPINBERIR VEFIR
Svavar Ingi Hermannsson
 
Pharmacology
PharmacologyPharmacology
Pharmacology
Tetraponera Rufonigra
 
Engaging Citizens in a Digital World: What Citizens Really Want from Digital ...
Engaging Citizens in a Digital World: What Citizens Really Want from Digital ...Engaging Citizens in a Digital World: What Citizens Really Want from Digital ...
Engaging Citizens in a Digital World: What Citizens Really Want from Digital ...
Andrea Frazier
 
Iapi.a
Iapi.aIapi.a
Iapi.a
Putri Khayalan
 
South Padre
South Padre South Padre
South Padre
kq569
 
Kehoachbaiday
KehoachbaidayKehoachbaiday
Kehoachbaiday
Ngọc Hiếu
 
Nos vamos de viaje
Nos vamos de viajeNos vamos de viaje
Nos vamos de viaje
Frank Pozo
 
Engaging citizens in a Digital World
Engaging citizens in a Digital WorldEngaging citizens in a Digital World
Engaging citizens in a Digital World
Andrea Frazier
 
Spektrofotometri adalah cabang dari spektroskopi
Spektrofotometri adalah cabang dari spektroskopiSpektrofotometri adalah cabang dari spektroskopi
Spektrofotometri adalah cabang dari spektroskopi
Fadhly M S
 
West Las Vegas Middle School Yearbook title page
West Las Vegas Middle School Yearbook title pageWest Las Vegas Middle School Yearbook title page
West Las Vegas Middle School Yearbook title page
veronicamorris
 
Efek Panas- Thermodinamika
Efek Panas- ThermodinamikaEfek Panas- Thermodinamika
Efek Panas- Thermodinamika
Fadhly M S
 
Deepwater: Business Ethics Simulation
Deepwater: Business Ethics SimulationDeepwater: Business Ethics Simulation
Deepwater: Business Ethics Simulation
waynebuck
 
metodologi penelitian kuantitatif bab 1 & 2
metodologi penelitian kuantitatif bab 1 & 2metodologi penelitian kuantitatif bab 1 & 2
metodologi penelitian kuantitatif bab 1 & 2
Fadhly M S
 
Manual karuna master.doc111111
Manual karuna master.doc111111Manual karuna master.doc111111
Manual karuna master.doc111111
Dkmshk Dkm Shk
 
Future of corporate sustainability reporting
Future of corporate sustainability reportingFuture of corporate sustainability reporting
Future of corporate sustainability reporting
UCLA Institute of the Environment and Sustainability
 
Content Development in a Digital World
Content Development in a Digital WorldContent Development in a Digital World
Content Development in a Digital World
TIAA-CREF via Accrue Partners
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
Prathan Phongthiproek
 
Audit process presentation
Audit process presentationAudit process presentation
Audit process presentation
Mostafa Kamal
 
Odi privacy v0.3
Odi privacy v0.3Odi privacy v0.3
Odi privacy v0.3
odileeds
 
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtPeter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Infosecurity2010
 
The Voyage to EU MDR Compliance
The Voyage to EU MDR ComplianceThe Voyage to EU MDR Compliance
The Voyage to EU MDR Compliance
Greenlight Guru
 
Daryl Pereira(Compliance & Regulations Stream) Learning From The Expert – Mo...
Daryl Pereira(Compliance & Regulations Stream) Learning From The Expert – Mo...Daryl Pereira(Compliance & Regulations Stream) Learning From The Expert – Mo...
Daryl Pereira(Compliance & Regulations Stream) Learning From The Expert – Mo...
Knowledge Group
 
ProIndústria 2017 - A09a - Inovação nos modelos de negócios para novos valore...
ProIndústria 2017 - A09a - Inovação nos modelos de negócios para novos valore...ProIndústria 2017 - A09a - Inovação nos modelos de negócios para novos valore...
ProIndústria 2017 - A09a - Inovação nos modelos de negócios para novos valore...
CADWARE-TECHNOLOGY
 
Ironwood Broucher- Version 1
Ironwood Broucher- Version 1Ironwood Broucher- Version 1
Ironwood Broucher- Version 1
Rajesh Ponnan
 

Mais conteúdo relacionado

Destaque

Nos vamos de viaje
Nos vamos de viajeNos vamos de viaje
Nos vamos de viaje
Frank Pozo
 
Spektrofotometri adalah cabang dari spektroskopi
Spektrofotometri adalah cabang dari spektroskopiSpektrofotometri adalah cabang dari spektroskopi
Spektrofotometri adalah cabang dari spektroskopi
Fadhly M S
 
Efek Panas- Thermodinamika
Efek Panas- ThermodinamikaEfek Panas- Thermodinamika
Efek Panas- Thermodinamika
Fadhly M S
 
Manual karuna master.doc111111
Manual karuna master.doc111111Manual karuna master.doc111111
Manual karuna master.doc111111
Dkmshk Dkm Shk
 

Destaque (12)

Engaging Citizens in a Digital World: What Citizens Really Want from Digital ...
Engaging Citizens in a Digital World: What Citizens Really Want from Digital ...Engaging Citizens in a Digital World: What Citizens Really Want from Digital ...
Engaging Citizens in a Digital World: What Citizens Really Want from Digital ...
 
Iapi.a
Iapi.aIapi.a
Iapi.a
 
South Padre
South Padre South Padre
South Padre
 
Kehoachbaiday
KehoachbaidayKehoachbaiday
Kehoachbaiday
 
Nos vamos de viaje
Nos vamos de viajeNos vamos de viaje
Nos vamos de viaje
 
Engaging citizens in a Digital World
Engaging citizens in a Digital WorldEngaging citizens in a Digital World
Engaging citizens in a Digital World
 
Spektrofotometri adalah cabang dari spektroskopi
Spektrofotometri adalah cabang dari spektroskopiSpektrofotometri adalah cabang dari spektroskopi
Spektrofotometri adalah cabang dari spektroskopi
 
West Las Vegas Middle School Yearbook title page
West Las Vegas Middle School Yearbook title pageWest Las Vegas Middle School Yearbook title page
West Las Vegas Middle School Yearbook title page
 
Efek Panas- Thermodinamika
Efek Panas- ThermodinamikaEfek Panas- Thermodinamika
Efek Panas- Thermodinamika
 
Deepwater: Business Ethics Simulation
Deepwater: Business Ethics SimulationDeepwater: Business Ethics Simulation
Deepwater: Business Ethics Simulation
 
metodologi penelitian kuantitatif bab 1 & 2
metodologi penelitian kuantitatif bab 1 & 2metodologi penelitian kuantitatif bab 1 & 2
metodologi penelitian kuantitatif bab 1 & 2
 
Manual karuna master.doc111111
Manual karuna master.doc111111Manual karuna master.doc111111
Manual karuna master.doc111111
 

Semelhante a OWASP Iceland - Hvert er þroskastig netöryggismála á Íslandi? - April 2014

Ironwood Broucher- Version 1
Ironwood Broucher- Version 1Ironwood Broucher- Version 1
Ironwood Broucher- Version 1
Rajesh Ponnan
 
Gm prs-0600-fintechenterpriseventurepulsereport-v7highres-160309142941
Gm prs-0600-fintechenterpriseventurepulsereport-v7highres-160309142941Gm prs-0600-fintechenterpriseventurepulsereport-v7highres-160309142941
Gm prs-0600-fintechenterpriseventurepulsereport-v7highres-160309142941
WenRon
 
Increasing content discoverability_LI
Increasing content discoverability_LIIncreasing content discoverability_LI
Increasing content discoverability_LI
Anuschka Van Dijke
 
Sys value corporate presentation - security audits 2013
Sys value corporate presentation - security audits 2013Sys value corporate presentation - security audits 2013
Sys value corporate presentation - security audits 2013
Filipe Rolo
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 

Semelhante a OWASP Iceland - Hvert er þroskastig netöryggismála á Íslandi? - April 2014 (20)

Future of corporate sustainability reporting
Future of corporate sustainability reportingFuture of corporate sustainability reporting
Future of corporate sustainability reporting
 
Content Development in a Digital World
Content Development in a Digital WorldContent Development in a Digital World
Content Development in a Digital World
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
 
Audit process presentation
Audit process presentationAudit process presentation
Audit process presentation
 
Odi privacy v0.3
Odi privacy v0.3Odi privacy v0.3
Odi privacy v0.3
 
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtPeter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
 
The Voyage to EU MDR Compliance
The Voyage to EU MDR ComplianceThe Voyage to EU MDR Compliance
The Voyage to EU MDR Compliance
 
Daryl Pereira(Compliance & Regulations Stream) Learning From The Expert – Mo...
Daryl Pereira(Compliance & Regulations Stream) Learning From The Expert – Mo...Daryl Pereira(Compliance & Regulations Stream) Learning From The Expert – Mo...
Daryl Pereira(Compliance & Regulations Stream) Learning From The Expert – Mo...
 
ProIndústria 2017 - A09a - Inovação nos modelos de negócios para novos valore...
ProIndústria 2017 - A09a - Inovação nos modelos de negócios para novos valore...ProIndústria 2017 - A09a - Inovação nos modelos de negócios para novos valore...
ProIndústria 2017 - A09a - Inovação nos modelos de negócios para novos valore...
 
Ironwood Broucher- Version 1
Ironwood Broucher- Version 1Ironwood Broucher- Version 1
Ironwood Broucher- Version 1
 
Ironwood Legal Solutions- Broucher
Ironwood Legal Solutions- BroucherIronwood Legal Solutions- Broucher
Ironwood Legal Solutions- Broucher
 
Gm prs-0600-fintechenterpriseventurepulsereport-v7highres-160309142941
Gm prs-0600-fintechenterpriseventurepulsereport-v7highres-160309142941Gm prs-0600-fintechenterpriseventurepulsereport-v7highres-160309142941
Gm prs-0600-fintechenterpriseventurepulsereport-v7highres-160309142941
 
Increasing content discoverability_LI
Increasing content discoverability_LIIncreasing content discoverability_LI
Increasing content discoverability_LI
 
Sys value corporate presentation - security audits 2013
Sys value corporate presentation - security audits 2013Sys value corporate presentation - security audits 2013
Sys value corporate presentation - security audits 2013
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
presentation-kpmg-industry-4-0-digital-scm-for-enabling-growt-2019.pdf
presentation-kpmg-industry-4-0-digital-scm-for-enabling-growt-2019.pdfpresentation-kpmg-industry-4-0-digital-scm-for-enabling-growt-2019.pdf
presentation-kpmg-industry-4-0-digital-scm-for-enabling-growt-2019.pdf
 
CC14GMS
CC14GMSCC14GMS
CC14GMS
 
Secure Software Development – COBIT5 Perspective
Secure Software Development – COBIT5 PerspectiveSecure Software Development – COBIT5 Perspective
Secure Software Development – COBIT5 Perspective
 
Cyber security conference 2016 - OpenSphere Overview
Cyber security conference 2016 - OpenSphere OverviewCyber security conference 2016 - OpenSphere Overview
Cyber security conference 2016 - OpenSphere Overview
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and You
 

Último

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Último (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 

OWASP Iceland - Hvert er þroskastig netöryggismála á Íslandi? - April 2014

  • 1. Hvert er þroskastig netöryggismála á Íslandi? OWASP Iceland – apríl 2014 Svavar Ingi Hermannsson KPMG, Ráðgjafarsvið
  • 2. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 1 Dagskrá Kynning Tilgangur Heildarmynd – Almennar forsendur Netið skoðað – Aðferðir – Niðurstöður Varnarþættir – Eftirlitsþættir Yfirlit
  • 3. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 2 Hver er ég? Svavar Ingi Hermannsson hefur sérhæft sig í tölvuöryggi síðustu 15 ár og hefur gengt ýmsum störfum tengt forritun og ráðgjöf í tölvuöryggi (innbrotsprófanir, veikleikagreiningar, kóðarýni, stjórnun upplýsingaöryggis (þar á meðal ISO/IEC 27001 og PCI DSS)). Svavar hefur kennt við Háskóla Íslands og Háskólann í Reykjavik, auk þess að hafa haldið námskeið fyrir viðskiptavini KPMG. Svavar var formaður faghóps um öryggismál hjá Skýrslutæknifélaginu frá 2007 til 2012. Svavar er með ýmsar gráður, meðal annars: CISSP, CISA, CISM. Kynning
  • 4. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 3 Tilgangur rannsóknarinnar? KPMG hafði áhuga á að vita þroskastig upplýsinga og netöryggismála á íslandi. Spurning; Hvernig er netöryggi á Íslandi háttað? Við fundum engar rannsóknir sem gáfu heildaryfirlit yfir núverandi stöðu mála. Takmarkað af upplýsingum til staðar. Margar spurningar, fá svör
  • 6. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 5 Rannsókn – Almennar forsendur – Menntun / Vitund Ýmsir þættir sem hafa áhrif á netöryggi: Menntun / Vitund Þáttaka stjórnenda / Fjárhagslegir þættir Símenntun / Upplýsinga- öryggisvottanir Mennta kerfið Netöryggi Á háskóla stigi: -Ef boðið hefur verið upp á kúrsa í tölvuöryggi þá hafa þeir verið valkúrsar. -Margir tölvuöryggiskúrsar í gegnum tíðina hafa lagt áherslu á dulkóðun. Hvernig styður núverandi menntakerfi við Vitundarvakningu í upplýsingaöryggi? Á grunnskóla / gagnfræðiskólastigi? - Það eru tækifæri til að byrja þar - Öryggisvitund snemma
  • 7. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 6 Rannsókn – Almennar forsendur – Upplýsingaöryggisgráður Ýmsir þættir sem hafa áhrif á netöryggi: Upplýsingaöryggisgráður Þáttaka stjórnenda / Fjárhagslegir þættir Menntakerfið Netöryggi What security certifications is the industry using? 15 CEH 16 CISA 6 CISSP 4 CISM Source: (https://www.isaca.org/) Source: (https://www.eccouncil.org) Source: (https://www.isc2.org) Símenntun / Upplýsinga- öryggisvottanir
  • 8. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 7 Rannsókn – Almennar forsendur – Aðgengilegar upplýsingar Fjöldi ISO/IEC 27001 vottaðra fyrirtækja á Íslandi Fjöldi tilkynntra afskræmdra vefsíðna á íslenskum lénum fyrir árið 2013, dagsetning 10.09.2013 (zone-h.org) #fjöldi skráðra .is léna 45.201 # tilkynntar afskræmingar 823 Það er tilhneiging að gera lítið úr afhausunum vefsíðna Það sem þau halda að það sé! Það sem við vitum að það er! 20
  • 10. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 9 Netið skoðað – Allir vinir í skóginum Við vildum prófa allt… hinsvegar Við framkvæmdum ekki veikleikagreiningu á netunum sem við skönnuðum. Áhættan var talin of mikil!
  • 11. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 10 Hvað var skoðað? ? Ísland (port skönnun) Netupplýsingar aðgengilegar almenningi (570 aðilar) IPv4 Opin port Keyrandi þjónustur Vefmiðlarar WCMS DNS Tveir stærstu þættir rannsóknarinnar
  • 12. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 11 Aðferðir? ? ? Allar IPv4 úthlutaðar til Íslands skannaðar, 770.000 IP tölur í heildina Reykjavik Internet Exchange – RIX This is a list of Autonomous System Numbers that are, to the best of our knowledge, registered to Icelandic entities and are in use in Iceland. From the networks originated by these AS numbers we derive a list of IP networks in use in Iceland. Please note that this is not a geo-location service, as there are always networks in use in Iceland that are originated by external AS numbers or by AS numbers registered to foreign or international service providers. Some networks, registered to Icelandic entities, are in use abroad, partially or totally. When we refer to Icelandic AS-numbers or networks, please bear this in mind. Rannsóknin spannaði júní – ágúst 2013. Notast við •ADSL tengingu •Port skanna •Sérsniðin skönnunar og greiningar tól •Landið skannað: 100 port Source: (http://www.rix.is/english/is-as-nets-en.html)
  • 13. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 12 Rannsókn – Skönnun á IP tölum Íslands Skönnun á öllum IPv4 sem tilheyra Íslandi, Í heildina 770.000 IP tölur Open ports 37.970 Http 13.924 Https 1949 Telnet 9670 POP3 1383 FTP 6021 2026 CISCO CISCO Telnet 755 Honey pots = 2
  • 15. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 14 Rannsókn – Lénin Uppbygging rannsóknarinnar og umfang fyrir íslensku lénin. 300 stærstu Stærstu 300 fyrirtækin byggt á veltu fyrir árið 2012 Í heildina var notast við 570 lén í rannsókninni Sérvaldir aðilar Ýmsir aðilar úr fjármála og opinbera atvinnugeiranum Á þessari kynningu munum við einbeita okkur að heildinni auk þess sem eftirfarandi þrjár atvinnugreinar eru skoðaðar: Public – Financial - Healthcare Atvinnu- greinar Flokkað í 37 atvinnugreinar
  • 16. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 15 Niðurstöður – Vefmiðlarar • Rannsóknin skoðaði vefmiðlarana sem hýstu 570 lénin • Áhætta er skilgreind sem mikil eða lítil 34,5% 36% Low Risk High Risk Heildar niðurstöður 29,5% Information not available 22% 41% 38% 33% 35% 41% 25% 33% 36% 41% 30% 36% 35% 37% 58% 47% 42% 17% 33% 30% 29% 22% 17% 20% 0% 20% 40% 60% 80% 100% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Atvinnugeiri Webserver niðurstöður eftir atvinnugeirum Low Risk High Risk Not known
  • 17. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 16 Niðurstöður – Web Content Management Systems (WCMS) • Rannsóknin skoðaði WCMS í notkun hjá 570 lénunum. • Áhætta er skilgreind sem mikil eða lág. 8% 12% Low Risk High Risk 80% Information not available Heildar niðurstöður 2% 12% 8% 6% 6% 15% 4% 7% 5% 15% 18% 3% 10% 15% 33% 7% 93% 73% 75% 91% 84% 70% 63% 87% 0% 20% 40% 60% 80% 100% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Atvinnugeiri WebCMS niðurstöður eftir atvinnugeirum Low Risk High Risk Not known
  • 18. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 17 Niðurstöður – Web Content Management Systems (WCMS) - framhald • Hversu mörg óþekkt WCMS voru Íslensk af þessum 570? Íslensk WCMS: 40,7% WCMS - A WCMS - B WCMS - C Dreifing 15,9 % 11 % 11 % Dreifing WCMS 68% 27% 58% 21% 19% 22% 21% 53% 0% 20% 40% 60% 80% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Hlutfall Atvinnugeiri Hlutfall íslenskra vefja eftir atvinnugeirum
  • 19. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 18 Niðurstöður – DNS • Hvernig er dreifingin á DNS skráningu? • Fjöldi DNS miðlara fyrir 570 lénin: 309 SP A SP B SP C Dreifing léna 16,9 % 11,5 % 9 % Stærstu DNS miðlararnir Bind Microsoft Unknown / hidden Hlutdeild 32 % 5,2 % 61,5 % DNS útgáfur Bind sem lekur upplýsingum um stýrikerfi: 46
  • 20. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 19 Niðurstöður – TLS/SSL • Hversu margar einstakar IP tölur voru fyrir 570 lénin? 342 IP tölur • Hversu margar af þessum 342 IP tölum bjóða upp á TLS/SSL? 188 (55%) Weak Cipher SSLv2 MD5 Veikleikar sem fundust 96,3 % 39,4 % 4,8 % Veikleikar skoðaðir: Self signed Expired Veikleikar sem fundust 16,5 % 15,4 % Aðrir þættir:
  • 21. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 20 Niðurstöður – FTP • Hversu margar af 342 IP tölunum bjóða upp á FTP? 152 • Hversu margar af þessum 152 auglýsa TLS/SSL stuðning? 21 (13,8%) Microsoft Vsftpd Proftpd Hlutdeild 26,3 % 17,1 % 14,5 % Dreifing milli tegunda
  • 22. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 21 Niðurstöður – Dreifing á IP tölur • Hvernig er dreifingunni háttað fyrir þessar 342 IP tölur með tilliti til 570 l? • Hversu stór hluti léna er á umfangsmestu IP tölurnar? 34 umfangsmestu IP tölur Aðrar IP tölur Teknar eru fyrir 34 stærstu af 342 38 % 62 % Dreifing léna á IP tölur 5 5 5 5 5 5 6 6 6 7 8 8 10 11 12 14 16 32 0 10 20 30 40 rrr.rrr.rrr qqq.qqq.qqq ppp.ppp.ppp ooo.ooo.ooo nnn.nnn.nnn mmm.mmm.mmm lll.lll.lll kkk.kkk.kkk jjj.jjj.jjj iii.iii.iii hhh.hhh.hhh ggg.ggg.ggg fff.fff.fff eee.eee.eee ddd.ddd.ddd ccc.ccc.ccc bbb.bbb.bbb aaa.aaa.aaa Lén IPtölur Fjöldi síðna á hverja IP tölu
  • 23. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 22 Niðurstöður – Dreifing milli þjónustuaðila • Hvernig var dreifingin milli þjónustuaðila fyrir þessi 570 lén? SP A SP B SP C Hlutdeild 7,3 % 5,3 % 4,9 % Dreifing Þjónustuaðila Þj. 1 9% Þj 2 9% Þj. 3 8% Þj. 4 7% Þj. 5 7% Þj. 6 6%Þj. 7 5% Þj. 8 6% Þj. 9 6% Aðrir 37% Dreifing á lénum milli þjónustuaðila Dreifing þar sem Þjónustuaðilar eru þekktir:
  • 24. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 23 Niðurstöður – Umfang og frávik nafnamiðlara • Hverjir eru stærstu nafnamiðlararnir? • Hversu mikið frávik eru á milli stærstu og minnstu nafnamiðlara hjá hverjum þjónustuaðila? 7 7 7 8 10 10 10 10 12 13 15 16 24 24 26 40 52 66 97 0 20 40 60 80 100 120 Nafnamiðlari 19 Nafnamiðlari 18 Nafnamiðlari 17 Nafnamiðlari 16 Nafnamiðlari 15 Nafnamiðlari 14 Nafnamiðlari 13 Nafnamiðlari 12 Nafnamiðlari 11 Nafnamiðlari 10 Nafnamiðlari 9 Nafnamiðlari 8 Nafnamiðlari 7 Nafnamiðlari 6 Nafnamiðlari 5 Nafnamiðlari 4 Nafnamiðlari 3 Nafnamiðlari 2 Nafnamiðlari 1 Lén Þjónustuaðili Umfang nafnamiðlara hjá þjónustuaðila 0% 0% 0% 0% 0% 0% 0% 0% 0% 6% 10% 14% 20% 42% 46% 50% 50% 71% 88% 0% 20% 40% 60% 80% 100% Nafnamiðlari 19 Nafnamiðlari 15 Nafnamiðlari 14 Nafnamiðlari 11 Nafnamiðlari 10 Nafnamiðlari 9 Nafnamiðlari 7 Nafnamiðlari 5 Nafnamiðlari 2 Nafnamiðlari 1 Nafnamiðlari 13 Nafnamiðlari 18 Nafnamiðlari 12 Nafnamiðlari 6 Nafnamiðlari 3 Nafnamiðlari 16 Nafnamiðlari 4 Nafnamiðlari 17 Nafnamiðlari 8 Frávik (munur á stærsta og lægsta nafnamiðlara) Þjónustuaðili Frávik á nafnamiðlurum þjónustuaðila
  • 25. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 24 Varnarþættir
  • 26. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 25 Hvaða fyrirbyggjandi stýringar og eftirlitsþættir eru í boði? Australian Government – Department of Defense “At least 85% of the targeted cyber intrusions that Defense Signals Directorate (DSD) responds to in 2011 could be prevented by following the Top 4 mitigation strategies listed in our Strategies to Mitigate Targeted Cyber Intrusions” Helstu 35 eftirlitsþættirnir og stýringarnar http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
  • 27. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 26 Helstu 35 eftirlitsþættirnir og stýringarnar http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
  • 28. Stóra spurningin / Yfirlit Hvert er þroskastig netöryggismála á Íslandi?
  • 29. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we Endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. kpmg.com/socialmedia Spurningar? shermannsson@kpmg.is