Information Security Challenges & Opportunities
-
Upload
muhammad-faisal-naqvi-cissp-cisa-iso27k-a-amp-i-ambci -
Category
Technology
-
view
642 -
download
0
description
Transcript of Information Security Challenges & Opportunities
![Page 1: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/1.jpg)
1
Information SecurityChallenges and Opportunities
M. Faisal Naqvi, CISSP, CISAMS (E-Com) Gold (PU), CMA inter (ICMA)
27001 A (IRCA, UK), 27001 Implr (IT Gov, UK)Associate Member of Business Continuity Institute
Senior Consultant – Information Security
![Page 2: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/2.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved2
Information Security (A-I-C)
Availability Integrity Confidentiality
![Page 3: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/3.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved3
Dependence on IT
Almost every Government Department Banks including ATM network, Stock
Exchanges & Brokers Telecommunication & Mobile Companies Electronic and Print Media Software houses and Call centers Other Private companies including MNCs
![Page 4: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/4.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved4
Challenges to Information Availability ATM Network/Credit Card Mobile Network/Mobile Card Charging Sys Call Centers TV Channels Internet Service Provider Stock Exchange Application
![Page 5: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/5.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved5
Attacks on Availability of Information Denial of Service (DoS) Attacks Distributed DoS (D-DoS) Attacks Malicious act by disgruntled employee Power Failure Natural/Man-made Disasters like Fire,
Flood, Storm, Earthquake, Strike and Terrorism
![Page 6: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/6.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved6
Challenges to Information Integrity
Balance of Rs.9,000/- in bank is changed to Rs.9,000,000/-
Tempering of NADRA records Changing CSS exam results Changing ownership of Vehicle / Land in E-
Records Tempering Share Prices of Stock Phishing Electronic Stalking Salami Attacks
![Page 7: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/7.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved7
Attacks on Information Integrity
Hacking SQL injection Insiders / Employees Weak cryptographic algorithms Buffer overflow Malicious Code
![Page 8: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/8.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved8
Challenges to Confidentiality of Information Source Code/Trade Secret Theft Tenders Quotation Disclosure Clients Information Stealing Govt. Sensitive Information Leakage Mobile Usage and Personal Information Online Bank Account Password ATM Pins
![Page 9: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/9.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved9
Attacks on Confidentiality of Information Employees Social Engineering Hacking SQL Injection Key Loggers (software/hardware)
![Page 10: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/10.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved10
Getting ATM cards & pins
![Page 11: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/11.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved11
Getting ATM cards & pins (cont…)
![Page 12: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/12.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved12
Getting ATM cards & pins (cont…)
![Page 13: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/13.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved13
Getting ATM cards & pins (cont…)
![Page 14: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/14.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved14
Getting ATM cards & pins (cont…)
![Page 15: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/15.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved15
How to Overcome these challenges
Pro-active approach rather than Reactive Preventive Controls rather than Corrective
![Page 16: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/16.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved16
Opportunities to ensure Availability of Information Firewalls Intrusion Detection Systems Intrusion Prevention Systems Anomaly Detection Systems Antivirus Business Continuity Management Disaster Recovery Planning
![Page 17: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/17.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved17
Opportunities to ensure Integrity of Information Application Security Segregation and Rotation of Duties Strong Cryptography Access Control Application Vulnerability Assessment Application Penetration Testing
![Page 18: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/18.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved18
Opportunities to ensure Confidentiality of Information Access Control Training and Awareness Anti spy ware Extrusion Prevention Systems
![Page 19: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/19.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved19
Opportunities to ensure overall Information Security Strength of overall Information Security is not
more than one weakest element Need for a system which can ensure the A-I-C in
a comprehensive manner ISO-27001 Information Security Management
System (ISMS) ISMS 133 countermeasures to control all
possible Threats and Vulnerabilities
![Page 20: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/20.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved20
Opportunities to ensure overall Information Security Periodic Audits and Assessments through
independent neutral organizations Vulnerability Assessments Penetration Tests through Ethical Hackers
![Page 21: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/21.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved21
Opportunities to ensure overall Information Security by Govt. Electronic Transaction Ordinance (ETO), 2002 Prevention of Electronic Crime Ordinance
(PECO) 2007 National Response Centre for Cyber Crimes
(NR3C), FIA Information & Communication Technology (ICT)
Tribunals
![Page 22: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/22.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved22
Electronic Transaction Ordinance
36. Violation of privacy of information
Protects Confidentiality
37. Damage to information system, etc.
Protects Integrity and Availability
![Page 23: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/23.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved23
Prevention of Electronic Crime Ordinance (Crimes)3. Criminal Access4. Criminal Data Access5. Data Damage6. System Damage7. Electronic Fraud8. Electronic Forgery9. Misuse of Electronic System or Device 10. Unauthorized access to code
![Page 24: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/24.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved24
Prevention of Electronic Crime Ordinance11. Misuse of Encryption12. Malicious Code13. Cyber Stalking14. Spamming15. Spoofing16. Unauthorized interception17. Cyber Terrorism18. Enhanced punishment for offences involving
electronic systems
![Page 25: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/25.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved25
?
![Page 26: Information Security Challenges & Opportunities](https://reader037.fdocuments.in/reader037/viewer/2022110302/54701d20af7959e0148b4714/html5/thumbnails/26.jpg)
© 2008 NetSol Technologies, Inc. All rights reserved26
Thank You