ISO/IEC 27001:2013 (ISMS)

133
© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved. ACIS Security Intelligence Prinya Hom - anek CISSP, CSSLP, CISA, CISM, SSCP, CFE, CBCI, CGEIT, CRISC, (ISC)2 Asian Advisory Council Member; ISACA Thailand - Committee, Thailand Information Security Association (TISA) VP & Committee , ACIS Professional Center Co., Ltd. - President and Founder, Cybertron Co., Ltd., CEO We have been certified to standards. ISO 22301:2012 (BCMS) ISO/IEC 27001:2013 (ISMS) ISO/IEC 20000-1:2011 (IT-SMS) ACIS PROFESSIONAL CENTER Cyber is the Modern Battlefield

Transcript of ISO/IEC 27001:2013 (ISMS)

Page 1: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

Prinya Hom-anekCISSP, CSSLP, CISA, CISM, SSCP, CFE, CBCI, CGEIT, CRISC,

(ISC)2 Asian Advisory Council Member; ISACA Thailand - Committee,

Thailand Information Security Association (TISA) – VP & Committee ,

ACIS Professional Center Co., Ltd. - President and Founder, Cybertron Co., Ltd.,

CEO

We have been certified to

standards.

ISO 22301:2012 (BCMS)

ISO/IEC 27001:2013 (ISMS)

ISO/IEC 20000-1:2011 (IT-SMS)

ACIS PROFESSIONAL CENTER

Cyber is the Modern Battlefield

Page 2: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.

การเปลยนแปลงครงยงใหญของแนวความคดความมนคงปลอดภยไซเบอรในยค S M C I(Social, Mobile, Cloud and Information/Big Data)

www.acisonline.net

CISSP, SSCP, CSSLP, CISA, CISM, CRISC, CGEIT, CASP, ITIL Expert

President and Founder, ACIS Professional Center Co., Ltd.

E-mail: [email protected]/prinyah

www.twitter.com/prinyaACIS (@prinyaacis)

About Me, ACIS and Cybertron

Page 3: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

Security intelligence

แนวโนมเทคโนโลยของโลกทก ำลงเขำมำเปลยนแปลงชวตประจ ำวนของชำวโลกในศตวรรษท 21

Page 4: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

The World has Changed

Page 5: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

Internet of Things

Page 6: ISO/IEC 27001:2013 (ISMS)

© ACIS Professional Center Company Limited

Security Intelligence

ACIS

Cybersecurity Environment

Strategic IT-GRC and Cybersecurity Risk Awareness in Digital Economy: Cybersecurity Resilience Framework and Implementation in Action 6

Challenges, Threats, Risks, Opportunities

Page 7: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

Page 8: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

We have been certified to standards.

ISO 22301:2012 (BCMS)

ISO/IEC 27001:2013 (ISMS)

ISO/IEC 20000-1:2011 (IT-SMS)

ACIS PROFESSIONAL CENTER

Page 9: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

We have been certified to standards.

ISO 22301:2012 (BCMS)

ISO/IEC 27001:2013 (ISMS)

ISO/IEC 20000-1:2011 (IT-SMS)

ACIS PROFESSIONAL CENTER

Page 10: ISO/IEC 27001:2013 (ISMS)

“S-M-C-I” Era : The Nexus of Disruptive Forces

"Challenging in Digital Economy : The Nexus between Cybersecurityand Privacy Protection”

10

Page 11: ISO/IEC 27001:2013 (ISMS)

S-M-I-C ERA : Risks vs. Oppotunities

Page 12: ISO/IEC 27001:2013 (ISMS)

© ACIS Professional Center Company Limited

Security Intelligence

ACIS

Cybersecurity Environment

Strategic IT-GRC and Cybersecurity Risk Awareness in Digital Economy: Cybersecurity Resilience Framework and Implementation in Action 12

Challenges, Threats, Risks, Opportunities

Mega IT Trends: Social, Mobile, Cloud, Big Data Analytics

Page 13: ISO/IEC 27001:2013 (ISMS)
Page 14: ISO/IEC 27001:2013 (ISMS)
Page 15: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Security intelligence

Page 16: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Source: Global Risks Report 2016, World Economic Forum

Page 17: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Page 18: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Page 19: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Page 20: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Cyber Attack News Update

Page 21: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Tesco Bank Hacked Cyber Fraudsters Stole Money From 20,000 Accounts

Source : http://thehackernews.com/2016/11/tesco-bank-hack.html

Page 22: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country

Source : http://thehackernews.com/2016/11/ddos-attack-mirai-botnet.html

Page 23: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Danish Payment Processing Firm Suffers Breach 100k Credit Cards Stolen

Source : https://www.hackread.com/danish-payment-processing-data-breach/

Page 24: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Major Ransomware Attack Shuts Down Entire National Health Service System

Source : https://www.hackread.com/ransomware-attack-on-nhs-system/

Page 25: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Red Cross Data Leak; Personal Data of 550,000 Blood Donors Stolen

Source : https://www.hackread.com/red-cross-blood-donors-data-leak/

Page 26: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable

Source : http://thehackernews.com/2016/10/google-windows-zero-day.html?m=1

Page 27: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Millions of Android Devices Vulnerable to DRAMMER Attack

Source : https://www.hackread.com/android-vulnerable-to-drammer-attack/

Page 28: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Mirai Botnet Linked to Massive DDoS Attacks on Dyn DNS

Source : https://www.hackread.com/mirai-botnet-linked-to-dyn-dns-ddos-attacks/

Page 29: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

DDoS attack on Dyn involved 10s of millions of hacked IP addresses

Source : https://www.hackread.com/dyn-ddos-attack-millions-ip-addresses/

Page 30: ISO/IEC 27001:2013 (ISMS)

Chip and Pin Hack spits out cash

Source: http://www.bbc.com/news/technology-36971832

Page 31: ISO/IEC 27001:2013 (ISMS)

An ATM hack and a PIN-pad hack show chip

cards aren’t impervious to fraud

Source: http://arstechnica.com/security/2016/08/an-atm-hack-and-a-pin-pad-hack-show-chip-cards-arent-impervious-to-fraud/

Page 32: ISO/IEC 27001:2013 (ISMS)

Swift Hack Probe Expands to Up to a Dozen

Banks Beyond Bangladesh

Source: http://www.bloomberg.com/news/articles/2016-05-26/swift-hack-probe-expands-to-up-to-dozen-banks-beyond-bangladesh

Page 33: ISO/IEC 27001:2013 (ISMS)

Swift hackers steal $10 millions from

Ukrainian bank

Source: http://thehackernews.com/2016/06/ukrainian-bank-swift-hack.html

Page 34: ISO/IEC 27001:2013 (ISMS)

Source: http://www.bbc.co.uk/news/business-36473912

US warns of hacking threat to interbank

payment network

Page 35: ISO/IEC 27001:2013 (ISMS)

Four Lessons to Learn From the SWIFT Hacks

Source: http://www.infosecurity-magazine.com/opinions/four-lessons-to-learn-from-the/

Page 36: ISO/IEC 27001:2013 (ISMS)

Source: https://www.wired.com/2014/03/bitcoin-exchange/

The Inside Story of Mt. Gox,

Bitcoin’s $460 Million Disaster

Page 37: ISO/IEC 27001:2013 (ISMS)

Hackers Steal $72 Million in Bitcoin

From Hong Kong Exchange

Source: http://gizmodo.com/hackers-steal-72-million-in-bitcoin-from-honk-kong-exc-1784757592

Page 38: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Bitcoin tumbles after HK exchange ‘hacked’

Source : http://www.thestar.com.my/business/business-news/2016/08/03/bitcoin-tanks-after-hong-kong-exchange-hacked/

Page 39: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Bitcoin Price Drops 20% After $72 Million in Bitcoin Stolen from Bitfinex Exchange

Source : http://thehackernews.com/2016/08/bitcoin-exchange-price.html

Page 40: ISO/IEC 27001:2013 (ISMS)

Vitalik Buterin - Founder, Ethereum (Age 22)

Page 41: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

How a $50M hack changed the fate of Ethereum,Bitcoin's closest competitor

Source : http://www.cbc.ca/news/technology/ethereum-hack-blockchain-fork-bitcoin-1.3719009

Page 42: ISO/IEC 27001:2013 (ISMS)

A $50 Million Hack Just Showed That the DAO

Was All Too Human

Source: https://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/

Page 43: ISO/IEC 27001:2013 (ISMS)
Page 44: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Hacked BitcoinTalk.org User Data Goes Up For Sale On Dark Web

Source : https://www.cryptocoinsnews.com/hacked-bitcointalk-org-user-data-goes-up-for-sale-on-dark-web/

Page 45: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

BlockChain.info Domain Hijacked8 Million Bitcoin Wallets Inaccessible

Source : http://thehackernews.com/2016/10/blockchain-bitcoin-website.html

Page 46: ISO/IEC 27001:2013 (ISMS)

Security intelligence360o Cybersecurity : Fraud and Cyber Risks in e-Payment Services

Acknowledgements

Prinya Hom-anekCISSP, SSCP, CSSLP, CISA, CISM, CRISC, CGEIT, CASP, ITIL Expert,

ISACA Cybersecurity Nexus, COBIT 5 implementation, IAPP Foundation

President and Founder, ACIS Professional Center Co., Ltd.

CEO, Cybertron Co., Ltd.

ผอ ำนวยกำรศนยกำรรกษำควำมมนคงปลอดภยทำงไซเบอร มหำวทยำลยรงต

Page 47: ISO/IEC 27001:2013 (ISMS)

© ACIS Professional Center Company Limited

Security Intelligence

Strategic IT-GRC and Cybersecurity Risk-Awareness: Transforming Cybersecurity of Things and Literacy in Digital Economy 47

Page 48: ISO/IEC 27001:2013 (ISMS)

“พบมลแวรและเครอขำยบอทเนตยงคงท ำงำนอยตงแตป พ.ศ. 2557

ในเครองคอมพวเตอรของประเทศไทยกวำหนงแนเครอง

Page 49: ISO/IEC 27001:2013 (ISMS)

49Copyright © 2016, ACIS Professional Center Co., Ltd.

Top 10 Asia under Cyber Attack

Malware Infection Index* for ASEAN for the first quarter of 2015

India remains the most infected country, while Indonesia is no. 5 globally, and China is 8th.

Thailand is number 5 of malware detections in Asia and 11th globally among the top 25 list.

Top ranked malwares in Asia are B106 (Bladabindi/Jenxcus), Conficker, Ramnit, Sireref and Citadel respectively.

Source: Microsoft https://www.facebook.com/MicrosoftDCU/ https://news.microsoft.com/presskits/dcu/

Page 50: ISO/IEC 27001:2013 (ISMS)

50Copyright © 2016, ACIS Professional Center Co., Ltd.

Worldwide Threat AssessmentMicrosoft Security Intelligence Report

Source: [https://www.microsoft.com/security/sir/default.aspx]

Figure F: Average number of Simda-infected devices connecting to the sinkhold each month, April-July, 2015Figure E: Drive-by download pages indexed by Bing at the end of 2Q15 per 1,000 URLs in each country/regionFigure C: Infection rates by country/region in 2Q15 Figure B: Encounter rates by country/region in 2Q15 Figure D: Phishing sites per 1,000 Internet hosts for locations around the world in 1H15Figure A: Malware distribution sites per 1,000 Internet hosts for locations around the world in 1H15

Page 51: ISO/IEC 27001:2013 (ISMS)

51Copyright © 2016, ACIS Professional Center Co., Ltd.

Security Incidents in 2015

Data Breach Investigation Report, Verizon

Source: [https://www.microsoft.com/security/sir/default.aspx]

Page 52: ISO/IEC 27001:2013 (ISMS)

© ACIS Professional Center Company Limited

Security Intelligence

ACIS

Cybersecurity Environment

Strategic IT-GRC and Cybersecurity Risk Awareness in Digital Economy: Cybersecurity Resilience Framework and Implementation in Action 52

Challenges, Threats, Risks, Opportunities

“Shadow IT” : The New IT Problem that comes with “Cloud Computing”

Page 53: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

The World & ASEAN Cybersecurity

Trends and Current Situation

www.acisonline.net

ACIS Professional Center Co., Ltd. CYBERTRON Co., Ltd.

ITG-COBIT5-introduction v1.1 Security Intelligence

Page 54: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

Internet of Things, Internet of Trust

INTERNETOF

THINGS

SECURITY

PRIVACY

TRUST

Source: [“ACIS Top Ten Cybersecurity Threats and Trends”, ACIS-Research, www.acisonline.net]

Page 55: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

Internet of Things, Internet of Trust

Internet of Threats

Internet

of Trust

Internet of Everything

Security of Things

Security-driven architecture

Big Data

Data Science

Internet of Things

Integrated Risk-based

approach

Gen-C

Hackingindustry

Undefined threats

vulnerableSupplier

Identity of Things

PrivacyInformationof Things

Source: [“ACIS Top Ten Cybersecurity Threats and Trends”, ACIS-Research, www.acisonline.net]

Page 56: ISO/IEC 27001:2013 (ISMS)

56Source: “ACIS/Cybertron Top Ten Cybersecurity Trends for 2016”, ACIS Research; www.acisonline.net

1. Emerging Hacking Industry

2. Undefined, Unknown Threats at Risk

3. Security of Things, Internet of Trust

4. Security-driven Architecture

5. Vulnerable Third-party

6. Information of Things and Data Science Revolution

7. The Rise of Generation C : Digital Lifestyle in Digital Economy

8. Cybersecurity Centric and Cyber Resilience in Action

9. Increasing in Cybersecurity Capabilities and Competence Gap

10. Integrated Risk-Based Approach Standards & Best Practices

Page 57: ISO/IEC 27001:2013 (ISMS)

57Source: “ACIS Top IT & Cybersecurity Threats and Trends for 2016”, ACIS Research; www.acisonline.net

10. Integrated Risk-Based Approaches and Standards

9. IT-related & Security Capabilities and Competence Gap

4. Security-driven architecture

3. Security of Thing, Internet of Trust

1. Emerging Hacking Industry

2. Undefined Unknown Threats at Risk

7. C-Generation: Gen-C Lifestyle in Digital Economy

5. Vulnerable Suppliers,

Service Provider

6. Information of Thing and Data Science Revolution

8. Cybersecurity Centric and Resilience in Action

Page 58: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

C-Generation: Gen-C Life StyleGen C คอกำรกำวขำม Demographic ไปส Psychographic

source: K. Nuttaputch

58Source: http://www.zocialinc.com/blog/genc-behavior/ ; http://www.positioningmag.com/content/61576

“CONNECTED”

1. Connection

2. Convenience

3. Creation

4. Curation

5. Community

Page 59: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

C-Generation: Gen-C Life Style

59Source: http://www.zocialinc.com/blog/genc-behavior/ ; http://www.positioningmag.com/content/61576

Page 60: ISO/IEC 27001:2013 (ISMS)

4 Types of Hackers

60

1. Hacktivism

2. Cyber Crime (make $$$)

3. Cyber Espionage (need IP)

4. Cyber Warfare

State-Sponsored Attack

State-Act Attack

Emerging

Hacking

Industry

Source: “Top Cybersecurity Threats and Trends for 2016”, ACIS Research; www.acisonline.net

Page 61: ISO/IEC 27001:2013 (ISMS)

Security intelligence360o Cybersecurity : Fraud and Cyber Risks in e-Payment Services

ISF’s Marketplace of Attacks is Evolving

Information Security Forum Threat Horizon 2014 Priview 61

Page 62: ISO/IEC 27001:2013 (ISMS)

Security intelligence360o Cybersecurity : Fraud and Cyber Risks in e-Payment Services

ISF’s Motives, Impacts, and Adversaries

Information Security Forum Threat Horizon 2014 Priview 62

Page 63: ISO/IEC 27001:2013 (ISMS)

Reconnaiss

ance

Weaponizat

ionDelivery Exploitation Installation C2

Actions on

Intent

Page 64: ISO/IEC 27001:2013 (ISMS)

Top MalWare File Extensions

Page 65: ISO/IEC 27001:2013 (ISMS)

Bahtgrabber: Now It’s Not Just Euro

Mobile MalWare on Android Devices

Real case in Thailand

65© Copyright, ACIS Professional Center Company Limited, All rights reserved

Page 66: ISO/IEC 27001:2013 (ISMS)

21-Nov-1666Source: The Knowledge from Gartner Symposium ITxpo; Top 10 Strategic Technology Trends for 2013

Page 67: ISO/IEC 27001:2013 (ISMS)

21-Nov-1667Source: The Knowledge from Gartner Symposium ITxpo; Top 10 Strategic Technology Trends for 2013

Page 68: ISO/IEC 27001:2013 (ISMS)

68

Page 69: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

ITBN CONF-EXPO

In the August 2008 Russia used DDoS and defacing operations to Georgian news sites and government offices.

USA has a plan for assimilating cyberattack abilities in the military commands as part of every operative plan, and setting up attack groups within these commands.

Beijing’s hackers continue to conduct cyber attacks on government and private networks.

“Cyber warfare is REAL”

Page 70: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

ITBN CONF-EXPO

Who are the cyberwar superpowers?Source : World Economic Forum

Page 71: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

ITBN CONF-EXPO

Who are the cyberwar superpowers?Source : World Economic Forum

Page 72: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

ITBN CONF-EXPO

The best hacking country in the WorldSource : Abbas Naderi,Quora

There are two factors in making nation advanced in cyber crime capabilities

Lawlessness Technological Advancement

The more free of law hackers are in a country, the more practice they get, and the better they become.

The more technological advanced a country is, the more people canbecome hackers.

Page 73: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

ITBN CONF-EXPO

The best hacking country in the WorldSource : Abbas Naderi,Quora

Page 74: ISO/IEC 27001:2013 (ISMS)

74

Traditional IoT hacking by using Shodan

Page 75: ISO/IEC 27001:2013 (ISMS)

75

Shodan – Search for Vulnerable CCTV

Page 76: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.

Security Intelligence

ISF’s Cybersecurity and Cyber Resilience

Paradigm Shift in Cybersecurity 76

Build cyber resilience into your

organisation

• Organisation’s capability to

withstand impacts from threats

meterialising in cyberspace

• Covers all threats – even the

one we don’t know about

• Driven by agile, broader risk

management, linking

information risk to ERM

Source: “Cybersecurity strategies”, Information Security Forum (ISF), www.securityforum.org

Page 77: ISO/IEC 27001:2013 (ISMS)

www.cdicconference.comwww.cdicconference.com 77

Internet of Things - Internet of Threats - Internet of Trust

Cybersecurity Resilience Framework

in Actions

Stage 1 : Information Security

Stage 2 : Cybersecurity

Stage 3 : Cybersecurity Resilience

Research from ACIS/Cybertron Cyber LAB

Page 78: ISO/IEC 27001:2013 (ISMS)

Security Intelligence

© ACIS Professional Center Company Limited. All Right Reserved.ACIS ACIS-Cybertron Cybersecurity Resilience Framework 78

Page 79: ISO/IEC 27001:2013 (ISMS)

Hidden Security and Privacy Threats on Mobile Applications

Research from ACIS/Cybertron Cyber LAB

Page 80: ISO/IEC 27001:2013 (ISMS)

Hidden Behaviors and Processes on Mobile Applicationssource : Pradeo, France

Page 81: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

Bridging into the Underground Threats

Prinya Hom-anek,

CISSP, SSCP, CSSLP, CISA, CISM, CRISC, CGEIT,

CASP, ISACA Cybersecurity Nexus, ITIL Expert, IAPP Foundation

ACIS Professional Center Co., Ltd. & Cybertron Co’, Ltd.

Bangkok, Thailand

www.acisonline.net

ACIS Professional Center Co., Ltd. CYBERTRON Co., Ltd.

ITG-COBIT5-introduction v1.1 Security Intelligence

Page 82: ISO/IEC 27001:2013 (ISMS)

“If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.

If you know neither the enemy nor yourself, you will succumb in every battle.”

Sun Tzu’s Quote, ”The Art of War”

Page 83: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

Understand

Dark Web, Deep Web vs. Surface Web

www.acisonline.net

ACIS Professional Center Co., Ltd. CYBERTRON Co., Ltd.

ITG-COBIT5-introduction v1.1 Security Intelligence

Page 84: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

www.acisonline.net

ACIS Professional Center Co., Ltd. CYBERTRON Co., Ltd.

ITG-COBIT5-introduction v1.1 Security Intelligence

Page 85: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security IntelligenceITG-COBIT5-introduction v1.1 Security Intelligence

Page 86: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security IntelligenceITG-COBIT5-introduction v1.1 Security Intelligence

Page 87: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security IntelligenceITG-COBIT5-introduction v1.1 Security Intelligence

Page 88: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.ACIS

Security Intelligence

Case Study :

“MalWare in the Darknet”

www.acisonline.net

ACIS Professional Center Co., Ltd. CYBERTRON Co., Ltd.

ITG-COBIT5-introduction v1.1 Security Intelligence

Page 89: ISO/IEC 27001:2013 (ISMS)

1. “SkyNet : A Tor Botnet”

Page 90: ISO/IEC 27001:2013 (ISMS)

2. “Atrax Crimekit”

Page 91: ISO/IEC 27001:2013 (ISMS)

3. “Citadel Trojan : Malware-as-service”

Page 92: ISO/IEC 27001:2013 (ISMS)

How to response the undefined threats

www.acisonline.net

ACIS Professional Center Co., Ltd. CYBERTRON Co., Ltd.

ITG-COBIT5-introduction v1.1 Security Intelligence

Page 93: ISO/IEC 27001:2013 (ISMS)

Security Intelligence

© ACIS Professional Center Company Limited. All Right Reserved.ACIS ACIS-Cybertron Cybersecurity Resilience Framework 93

ISF’s Cyber Security and Cyber Resilience

Source: “Cyber Security strategies achieving cyber resilience”, Information Security Forum (ISF), www.securityforum.org

Page 94: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.

Security Intelligence

DHS Cybersecurity Resilience

Paradigm Shift in Cybersecurity 94

Page 95: ISO/IEC 27001:2013 (ISMS)

From The World Real-time Cyber Attack Map

• Cybersecurity is “An Executive-Level Concern”

• Cybersecurity is “A Full Time Activity”

• Cybersecurity is “A Business Imperative”

Page 96: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.

การเปลยนแปลงครงยงใหญของแนวความคดความมนคงปลอดภยไซเบอรในยค S M C I(Social, Mobile, Cloud and Information/Big Data)

www.acisonline.net

Page 97: ISO/IEC 27001:2013 (ISMS)

Security Intelligence

Certified ISO/IEC 27001:2005© Copyright , ACIS Professional Center Company Limited

Paradigm Shift in Cybersecurity

“From preventive to responsive”

Page 98: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.

Security Intelligence

Business Impact and Time

Paradigm Shift in Cybersecurity 98

Page 99: ISO/IEC 27001:2013 (ISMS)

Manage and Mitigate

“REPUTATION RISK”

Page 100: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.

Security Intelligence

Paradigm Shift in Cybersecurity 100

Credit : Responsive Security , Dr. Meng-Chow Kang

Security Factors : Time-based Security Responsive Security

Protective Control

Detective Control

Corrective control

Time

Focus on “Responsiveness Readiness”

Focus on “Protective controls”

From “Time-based Security” to “Responsive Security”

Page 101: ISO/IEC 27001:2013 (ISMS)

© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.

Security Intelligence

Paradigm Shift in Cybersecurity 101

Are we Secure?Are we Ready?

Fortress MentalityResponsive & Readiness Mentality

Credit : Responsive Security , Dr. Meng-Chow Kang

Page 102: ISO/IEC 27001:2013 (ISMS)

President Executive Order ( EO) 13636 “Improving Critical Infrastructure Cybersecurity”, February 2013.

Page 103: ISO/IEC 27001:2013 (ISMS)

© ACIS Professional Center Company Limited

Security Intelligence

ACIS Strategic IT-GRC and Cybersecurity Risk Awareness in Digital Economy: Cybersecurity Resilience Framework and Implementation in Action 103

NIST: Framework for Improving

Critical Infrastructure Cybersecurity

Page 104: ISO/IEC 27001:2013 (ISMS)

© ACIS Professional Center Company Limited

Security Intelligence

ACIS Strategic IT-GRC and Cybersecurity Risk Awareness in Digital Economy: Cybersecurity Resilience Framework and Implementation in Action 104

Cybersecurity Framework

for Critical Infrastructure

Page 105: ISO/IEC 27001:2013 (ISMS)
Page 106: ISO/IEC 27001:2013 (ISMS)
Page 107: ISO/IEC 27001:2013 (ISMS)
Page 108: ISO/IEC 27001:2013 (ISMS)

Cyb

er

911 (

Next

Gen

era

tio

n S

OC

)

Cybersecurity Framework

Identify

Vulnerability Assessment

Penetration Testing

Risk Assessment

Business Impact Analysis

Protect

Cyber Drill & Awareness Training

Critical System Hardening

Detect

Outsource Log Monitoring

IT Audit

Respond

Incident Response

Digital Forensics

Recover BCP & DRP

Page 109: ISO/IEC 27001:2013 (ISMS)

Cybersecurity Resilience Framework Gap Analysis

Page 110: ISO/IEC 27001:2013 (ISMS)

Current State vs Target State

Page 111: ISO/IEC 27001:2013 (ISMS)

Benchmarking between your organization and Industries

012345ID.AM

ID.BEID.GV

ID.RA

ID.RM

PR.AC

PR.AT

PR.DSPR.IP

PR.PTDE.AE

DE.CMDE.DP

RS.CO

RS.AN

RS.MI

RS.IM

RC.RPRC.IM

RC.CO

Oil and Gas

Financial

Regulator

Target

012345Identify

Protect

DetectRespons

e

RecoverOil and Gas

Financial

Regulator

Target

Page 112: ISO/IEC 27001:2013 (ISMS)

CsP-MICS (NexusFour) Model and Cybersecurity Resilience Framework

CYBERSECURITY RESILIENCE FRAMEWORK

Organizational (Business) Perspective Organizational IT-related and Cybersecurity Perspective

Long

-ter

mC

urre

ntT

IME

SECURITY PRIVACY

TRUST

RESILIENCE

SUSTAINABILITY

Cybersecurity Resilience

Cybersecurity Environments[NexusFour: Mobile, Big Data (Information), Cloud, Social]

Cybersecurity Centric

Balancing

SUSTAINABILITY

RESILIENCE

EXCELLENCE

Business Resilience

Organizational Resilience

Integrated GRC

Holistic Conceptual Thinking View

ACIS-Cybertron Cybersecurity Resilience Framework 112

Page 113: ISO/IEC 27001:2013 (ISMS)

CsP-MICS (NexusFour) Model and Cybersecurity Resilience Framework

CYBERSECURITY RESILIENCE FRAMEWORK

Stage 1 : Information Security

Stage 2 : Cybersecurity

Stage 3 : Cyber Resilience

SECURITY PRIVACY

TRUST

RESILIENCE

SUSTAINABILITY

Cybersecurity Resilience

Cybersecurity Environments[NexusFour: Mobile, Big Data (Information), Cloud, Social]

Cybersecurity Centric

Balancing

TRUST

RESILIENCE

SECURITY PRIVACY

Holistic Conceptual Thinking View

ACIS-Cybertron Cybersecurity Resilience Framework 113

Page 114: ISO/IEC 27001:2013 (ISMS)

Security Intelligence

© ACIS Professional Center Company Limited. All Right Reserved.ACIS

Internet of Things - Internet of Threats - Internet of Trust

CsP-MICS (NexusFour)

Cybersecurity Resilience Framework

in Actions

Stage 1 : Information Security

Stage 2 : Cybersecurity

Stage 3 : Cyber Resilience

ACIS-Cybertron Cybersecurity Resilience Framework 114

Page 115: ISO/IEC 27001:2013 (ISMS)

Security Intelligence

© ACIS Professional Center Company Limited. All Right Reserved.ACIS

CsP-MICS (NexusFour) Model and Cybersecurity Resilience Framework

CYBERSECURITY RESILIENCE FRAMEWORK

References

1. ISF : Cyber Security Strategy

2. ISACA : Cyber Security Nexus (CSX)

3. ISO : ISO/IEC 27032:2012, IT -- Security techniques -- Guidelines for Cybersecurity

4. NICE : National Cybersecurity Workforce Framework

5. NIST : NIST Cybersecurity Framework

6. US-CERT : Cyber Resilience Review (CRR)

7. ENISA : National Cyber Security Strategies

8. ITU : National Cyber Security Strategies Guide

9. Book : Time Based Security, Winn Schwartau

10. Book : Responsive Security, Dr. Meng Chow Kang

ACIS-Cybertron Cybersecurity Resilience Framework 115

Page 116: ISO/IEC 27001:2013 (ISMS)

Security Intelligence

© ACIS Professional Center Company Limited. All Right Reserved.ACIS

CsP-MICS (NexusFour) Model and Cybersecurity Resilience Framework

CYBERSECURITY RESILIENCE FRAMEWORK

References

ACIS-Cybertron Cybersecurity Resilience Framework 116

Page 117: ISO/IEC 27001:2013 (ISMS)

Security Intelligence

© ACIS Professional Center Company Limited. All Right Reserved.ACIS

CsP-MICS (NexusFour) Model and Cybersecurity Resilience Framework

Stage 1 : Information Security

Stage 2 : Cybersecurity

Stage 3 : Cyber Resilience

CYBERSECURITY RESILIENCE FRAMEWORK

Determine

Establish

Study

Define

Implement

Exercise

Review

Establish Cybersecurity Programme

Study Cybersecurity Requirements

Define Cybersecurity Controls

and Resilience Strategy

Implement Resilience Solutions

Exercise, Maintain, Evaluate

Review Cybersecurity Assurance

Determine Cybersecurity Environments

Cybersecurity Objectives and Goals

prepared,

be ready to be secured

Identify

Protect

Detect

Respond

Recover

before security incident/data breach

after security incident/data breach

maintain plans for

resilience, restore to normal operations

Core Functions to achieve specific cybersecurity outcomes

ACIS-Cybertron: Cybersecurity Resilience Framework Implementation

ACIS-Cybertron Cybersecurity Resilience Framework 117

Assuranceassure that all related

solutions having executed effectively

Page 118: ISO/IEC 27001:2013 (ISMS)

Security Intelligence

© ACIS Professional Center Company Limited. All Right Reserved.ACIS

CsP-MICS (NexusFour) Model and Cybersecurity Resilience Framework

CYBERSECURITY RESILIENCE FRAMEWORK

ACIS-Cybertron: Cybersecurity Resilience Framework Implementation

ACIS-Cybertron Cybersecurity Resilience Framework 118

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< t = 0 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Identify & Protect (be ready to be secured)

Business Impact Analysis (BIA)

Cybersecurity Gap Analysis/

Cyber Risk Assessment

based on Risk Scenario

Vulnerability Assessment,

Compromised Assessment /

Penetration Testing

Cybersecurity Awareness

Training

Develop Cyber Drill Scenario/

Cyber Incident Response Plan

Exercise Cyber Drill

Detect (t<0) (before security incident

/data breach)

24x7 Managed Next-Gen SOC

Threat Intelligence

Big Data Analytics

Social Listening/Analytics

Advanced APT/

Malware In-Depth Analytics

Pre-Crisis Management

Event Management

Respond (t>0) (after security incident

/data breach)

Incident Response &

Incident Handling

Incident Management/

Problem Management

Digital Forensics and

Investigation

APT/Malware Hunting

Crisis Management

Root Cause Analysis

Post-Respond Report

Law Enforcement Coordination

Page 119: ISO/IEC 27001:2013 (ISMS)
Page 120: ISO/IEC 27001:2013 (ISMS)

ACIS Internal Cyber Drill Result

Page 121: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Are we ready for Digital Economy ?

Page 122: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

National Cybersecurity Capacity Maturity Model (CMM)

Page 123: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Structure of National Cybersecurity Capacity Maturity Model (CMM)

มต มทงหมด 5 มตซ งเปนการจดหมวดหมของขดความสามารถดานความมนคงปลอดภยไซเบอร

ปจจย อธบายความหมายของคณลกษณะของความมนคงปลอดภยไซเบอรในแตละมต

องคประกอบของแตละปจจย เปนองคประกอบทแตกตางกนของแตละปจจย ซงองคประกอบเหลานจะแสดงใหเหนถงตวบงช เปนกลมยอยๆทสามารถเขาใจไดงาย

ระดบวฒภาวะ เปนความกาวหนาการพฒนาระดบวฒภาวะในแตละประเทศทสอดคลองกบปจจยและองคประกอบดานความมนคงปลอดภยไซเบอรของประเทศนนๆ

ตวบงช อธบายขนตอน กระบวนการ ทบงชถงลกษณะเฉพาะเจาะจงของในแตละระดบ ปจจยทเกยวของ และ องคประกอบของแตละปจจยทง 5 มต

Page 124: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

CMM

1. Cybersecurity

Policy and

Strategy

2. Cyber

Culture and

Society

3. Cybersecurity

Education,

Training and

Skills

4. Legal and

Regulatory

Frameworks

5. Standards,

Organizations,

and

Technologies

- National Cybersecurity Strategy

- Incident Response

- Critical Infrastructure (CI) Protection

- Crisis Management

- Cyber Defense Consideration

- Communications Redundancy

- Cybersecurity Mind-set

- Trust and Confidence on the Internet

- User Understanding of Personal Information

Protection Online

- Reporting Mechanisms

- Media and Social Media

- Awareness Raising

- Framework for Education

- Framework for Professional

Training

- Legal Frameworks

- Criminal Justice System

- Formal and Informal Cooperation

Frameworks to Combat Cybercrime

- Adherence to Standards

- Internet Infrastructure Resilience

- Software Quality

- Technical Security Controls

- Cryptographic Controls

- Cybersecurity Marketplace

- Responsible Disclosure Cybercrime

Five Dimensions of CMM

Page 125: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Stages of Maturity

Start-up

Formative

Established

Strategic

Dynamic

เปนระดบทเพงเรมอภปรายเกยวกบการสรางความมนคงปลอดภยไซเบอร แตยงไมมการกระท าทเปนรปธรรม

เปนระดบทมบางองคประกอบของแตละปจจยไดเรมปฏบตกนแลว แตยงอยในข นตอนการสาธต

เปนระดบทองคประกอบตางๆถกน าไปใช มการจดสรรทรพยากร และมคาเสยโอกาสทตองตดสนใจ

เปนระดบทปจจยตางๆขนอยกบระดบชาตหรอสภาวะแวดลอมขององคกร

เปนระดบทมความชดเจนในดานกลไกน าไปส

การเปลยนแปลงกลยทธทข นอยกบภยคกคามไซเบอรทเกดขนจรงในปจจบน

Page 126: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Benefit of CMM

1. Cybersecurity

Policy and

Strategy

2. Cyber

Culture and

Society

3. Cybersecurity

Education,

Training and

Skills

4. Legal and

Regulatory

Frameworks

5. Standards,

Organizations,

and

Technologies

Worldwide capacity acceptance

Your capacity

Gap for Improvement

Page 127: ISO/IEC 27001:2013 (ISMS)

Security Intelligence

© ACIS Professional Center Company Limited. All Right Reserved.ACIS ACIS-Cybertron Cybersecurity Resilience Framework 127

Cybersecurity is “A Full Time Activity”

Cybersecurity is “A Business Imperative”

Cybersecurity is “An Executive-Level Concern”

Source: “Cybersecurity for Executive” book, Gregory J. Touhill and C.Joseph Touhill

The Real Meaning of Cybersecurity

Page 128: ISO/IEC 27001:2013 (ISMS)

Security Intelligence

© ACIS Professional Center Company Limited. All Right Reserved.ACIS

Cyber Warfare is REAL

Page 129: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Collaboration

more powerful than ever to improve cybersecurity

Page 130: ISO/IEC 27001:2013 (ISMS)

Copyright © 2016, ACIS Professional Center Co., Ltd.

Email : [email protected]

Facebook : www.facebook.com/prinyah

Facebook search : prinya hom-anek

Twitter: www.twitter.com/prinyaACIS (@prinyaacis)

www.TISA.or.th ,

Thailand Information Security Association (TISA)

www.cdicconference.com

Cyber Defense Initiative Conference 2015

www.acisonline.net

ACIS Professional Center Co., Ltd.

www.youtube.com/thehackertv

www.youtube.com/thecyber911

The Hacker TV Programme 20:55 Monday-Friday

Page 131: ISO/IEC 27001:2013 (ISMS)

131Copyright © 2016, ACIS Professional Center Co., Ltd.

Update Your Cybersecurity Knowledge

The Hacker ทาง Nation TV ทกวนจนทร – ศกร เวลา 20.50-21:00 น.www.youtube.com/thehackerTV

วทยครอบครวขาว FM 106.00 MHz ทกวนพฤหสบด เวลา 17:30-17:45 น.

รายการทน ไทยพบเอส ชวงคดยกก าลงสอง ทกวนพธ เวลา 21.45 – 22.00 น.

Page 132: ISO/IEC 27001:2013 (ISMS)

21-Nov-16 132

วทยาลยเทคโนโลยสารสนเทศและการสอสาร มหาวทยาลยรงสต

รน 2 : มกราคม 2559

Page 133: ISO/IEC 27001:2013 (ISMS)

Thank you very much

www.acisonline.net

ACIS Professional Center Co., Ltd. CYBERTRON Co., Ltd.

ITG-COBIT5-introduction v1.1 Security Intelligence