Information Management System Ali Saeed Khan 29 th April, 2016

Lecture Layout Introduction ISF (Information Security Forum) Cyber Security Cyber Attacks/Threats Cyber Defenses/Protective Measures Conclusion

Information Security

Information Security Management

Information Security Management System (ISMS)

ISMS Examples …… Some nations publish and use their own ISMS standards, – e.g. the DoD Information Technology Security Certification and Accreditation Process (DITSCAP) of USA – the German IT baseline protection – ISMS of Japan – ISMS of Korea

CYBER SECURITY ISMS

Cyber Security All feasible measures to protect, – Integrity – Availability – Confidentiality Of – Information – Information system resources (hardware, software, firmware, data and telecommunications)

Three key objectives (the CIA triad) Confidentiality – Data confidentiality: Assures that confidential information is not disclosed to unauthorized individuals – Privacy: Assures that individual control or influence what information may be collected and stored Integrity – Data integrity: assures that information and programs are changed only in a specified and authorized manner – System integrity: Assures that a system performs its operations in unimpaired manner Availability: assure that systems works promptly and service is not denied to authorized users

Cyber Security Authenticity: the property of being genuine and being able to be verified and trusted; confident in the validity of a transmission, or a message, or its originator Accountability: generates the requirement for actions of an entity to be traced uniquely to that individual to support non-repudiation, deference, fault isolation, forensics etc

Global Impact of Cyber Security It’s Personal – Cyber Security issues now impact every individual who uses a computer. It’s no longer science fiction – millions of people worldwide are the victims of cyber-crimes. It’s Business – Every business today is dependent on information and vulnerable to one or more type of Cyber attacks (even those w/o online sites). It’s War – In fact it is already becoming the next Cold War. Cyber operations are also becoming increasing integrated into active conflicts.

Global Impact of Cyber Security

Threats to business include the following: – Financial loss – Legal repercussions – Loss of credibility or competitive edge – Blackmail/industrial espionage – Disclosure of confidential, sensitive or embarrassing information – Sabotage – Corporate espionage – Data theft and ransoming

CYBER ATTACKS ISMS

Virus, Worm, Trojan Can you tell the difference ?

Cyber Attacks ? Types: – Application Layer Attack – Brute Force Attack – DDoS Attack – Network Protocol Attack – Known Vulnerability Attack – Zero day Exploitation – Phishing for credentials – Phishing with malware – Rogue Update Attack – Watering Hole Attack

CYBER DEFENSES ISMS

Cyber Defense Information Security Policy Physical Safe Custody of Assets Access Control Systems Identification Authentication Authorization Single Sign on(SSO) Best Password Practices Antivirus

Cyber Defense Security by design Secure operating systems Secure Databases Firewall (computing) Intrusion detection system Intrusion prevention system Honey Pots & Honey Nets

Cyber Defense Encryption Digital Signature Digital Envelope Activity Logging & Audit Trail Unified Threat Management Products Biometric Devices Penetration Testing

Conclusion Lack of knowledge about the Information security (Cyber security) Lack of use of good practices Shortage of resources

Thank you