R ECOMMENDATION F OR SRI LANKAN ICT POLICY (T RUST A ND S ECURITY )

Slides:

Advertisements

Similar presentations

Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.

Advertisements

Banks and their products VOŠ – 3. ročník – 2. semestr.

A Future with E-cheques Mr. Shu-Pui Li Head, Financial Infrastructure Development Division Financial Infrastructure Department Hong Kong Monetary Authority.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Comergence 3/14/13. What Does Comergence Do? Comergence provides streamlined processing and centralized storage of Correspondent applications nationwide.

1 Compliance Requirements November 27, Client registration & KRA requirements Formalities rationalized (agreements, signatures, documents) Availability.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

18/05/99 FAMO- MODELO /05/99 FAMO- MODELO REGIONAL HIGH-LEVEL WORKSHOP ON ELECTRONIC COMMERCE AND ICT FOR CENTRAL AMERICA AND THE CARIBBEAN.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

The Demand for Audit and Other Assurance Services Chapter 1.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Electronic Data Interchange (EDI)

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Source: Section 2 General Code of Conduct A n t i m o n e y l a u n d e r i n g ( A M L ) i s a t e r m m a i n l y u s e d i n t h e f i n a n c i a.

Digital Signature Technologies & Applications Ed Jensen Fall 2013.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.

Secure Online USB Login System. Everything is going online Social Interactions Banking Transactions Meetings Businesses... including all sorts of crimes.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

GUIDE TO SMALL BUSINESS RECORDKEEPING. CONTENTS INTRODUCTION BASIC CONSIDERATIONS FURTHER CONSIDERATIONS WHAT TO KEEP & FOR HOW LONG SETTING UP YOUR BOOKKEEPING.

1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Computer Legislation The need for computer laws Go to Contents.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

1 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.

Florida Information Protection Act of 2014 (FIPA).

Possible elements of the technical standards Pre-sessional consultations on registries Bonn, 2-3 June 2002 Andrew Howard UNFCCC secretariat

The Sri Lanka Domain Registry - LKNIC The LK Domain Gihan V. Dias LK Domain Registrar APRICOT 2004 – Kuala Lumpur.

New Web Portal for Digital (PKI) Submissions 1. What is PKI? PKI stands for Public Key Infrastructure For the purpose of the Federal Register, it allows.

Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 ：吉露露、吴莹莹、潘韦韦（ CFCA ）

WEEK 1 INTRODUCTION Interpret Financial Information.

ITU Focus Group Digital Financial Services ITU Regional Standardization Forum for Americas (Washington D.C., United States, 21 September 2015) Vijay Mauree,

0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.

E-Government “Get your Level 2 eAuthentication!” Go to:

CLIENT FINANCIAL ADVISOR 3 rd Party A Year in the Life of a Client

 Computer News/Tip  Facebook  Your Computer Problems  Next meeting January 11th  New & website 

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

ITU Activities in Digital Financial Services

1. U2F Case Study Examining the U2F paradox 3 What is Universal 2 nd Factor (U2F)?

SECURITIES MARKET IN BH Sarajevo, January 25, 2005 PETER NICHOLL, CENTRAL BANK OF BOSNIA AND HERZEGOVINA.

Digital Signatures and Digital Certificates Monil Adhikari.

IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP.

PKI Policy Determination Process Input from PKI Decision Process PKI Policy Determination Process Application(s) Workflows Players.

The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.

Using The Technology for Office Efficiency Introduction to Batch Filing The Steps to Batch Filing Using the Calendar Using Instant Messaging Q & A Agenda.

Any criminal action perpetrated primarily through the use of a computer.

On-Line BankCard Center Presentation Cardholder Role During the Presentation click the mouse on this button to move back a slide During the Presentation.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

Digital Disruption, Alfresco, and Digital Signatures Brian LaPointe VP Sales, Americas CoSign by ARX.

Access Account Activation and Electronic Signature Web Application.

Safe Computing Practices. What is behind a cyber attack? 1.

Block Chain 101 May 2017.

The Demand for Audit and Other Assurance Services

The Demand for Audit and Other Assurance Services

Florida Information Protection Act of 2014 (FIPA)

Privacy of Client Data.

Florida Information Protection Act of 2014 (FIPA)

Google 2 Step Verification Backup Codes Google 2 Steps Verification Backup Codes is very important to get access Gmail account. Backup codes is usually.

17 Banking and Financial Services

E-Commerce for Developing Countries (EC-DC)

Payment & Settlement System Developments

SharePoint Online Authentication Patterns

E-cert (Digital Certificate)

Presentation transcript:

R ECOMMENDATION F OR SRI LANKAN ICT POLICY (T RUST A ND S ECURITY )

Why Trust & Security ?

We need trust & security because IT an emerging industry in Sri Lanka Tackles different industries & markets Enables participation in digital & financial space at individual level Cradle to grave digital identity Data floating everywhere and still expanding Responsibility ???

Recommendations  Formulate an information security policy for the Government, as well as public and private institutions which handle public records  A secure centralized, online storage system to store documents  Use of a two-step authentication process, using a one-time password (OTP) when performing online transactions

Recommendation 1  In a government department which delivers a very important service  An attack of ‘CME-24’ aka W32.BlackMal.E worm CERT Case Study: “The Worm – Episode 1”

Recommendation 1  Forthcoming regulations to formulate an information security policy for government, public and private institutions who handles public records  ISO code of practice for Information Security control may be used in formulating the policy

Recommendation 2 A secure centralized, online storage system to store documents User (accessible with Public Key) +File 1 – Private Key 1 +File 2 – Private Key 2 +File 3 – Private Key 3 +File 4 – Private Key 4 Government Data (R) Personal Data (R/W) +File 1 – Private Key 5 +File 2 – Private Key 6 +File 3 – Private Key 7 +File 4 – Private Key 8 +File 5 – Private Key 9 Institutions (accessible with Public Key)

Recommendation 2  All documents are watermarked  Government data is digitally signed (verifiable) and read only  Private keys are specific to clients and have expiry  And additional code or symbol will be added when a client pull the document corresponding to the given private key  Government has no direct access to the private folder

Recommendation 3 Compulsory two-step authentication for online transactions The CID has reported that banks holding NRFC account have suffered losses of over Rs. 1 Billion due to illegal withdrawals from fake accounts. Sunday Times, 28 th June 2015 All banks registered under the Central Bank Monetary Control System, should use a two step authentication process when carrying out the online transactions.

A Discussion Does telecom operators expose the CDR information to 3 rd parties for commercial purposes?

Q UESTIONS ?