Communications-Electronics Security Group. Excellence in Infosec.

Slides:

Advertisements

Similar presentations

National Infrastructure Security Co-ordination Centre

Advertisements

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.

CS5038 The Electronic Society

Module 1 Evaluation Overview © Crown Copyright (2000)

Protection of Information Assets I. Joko Dewanto 1.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Security Controls – What Works

Increasing customer value through effective security risk management

Security+ Guide to Network Security Fundamentals

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.

1 An Overview of Computer Security computer security.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

FIT3105 Security and Identity Management Lecture 1.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Lecture 11 Reliability and Security in IT infrastructure.

E-Commerce Security and Fraud Issues and Protections

Threats and Attacks Principles of Information Security, 2nd Edition

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Stephen S. Yau CSE , Fall Security Strategies.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =

Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.

Securing Information Systems

SEC835 Database and Web application security Information Security Architecture.

Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

PCI: As complicated as it sounds? Gerry Lawrence CTO

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BUSINESS B1 Information Security.

Internet Security for Small & Medium Business Week 6

Prepared by: Dinesh Bajracharya Nepal Security and Control.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.

Computer Security: Principles and Practice

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Information Systems Security Operations Security Domain #9.

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

IS Network and Telecommunications Risks Chapter Six.

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

E-commerce Security By John Doran. What is e-commerce?  the buying and selling of products or services over the internet [3].  Most e-commerce transactions.

Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Securing Information Systems

Securing Information Systems

Cyber Crimes Chunlian QU 9/18/2018.

امنیت اطلاعات و ضرورت آن

Chapter 9 E-Commerce Security and Fraud Protection

Presentation transcript:

Communications-Electronics Security Group

Excellence in Infosec

John Doody Head of Infosec Customer Services Group David Hodges Technical Manager, UK IT Security, Evaluation & Certification Scheme

National Technical Infosec Authority

Presentation to The First International Common Criteria Conference, Baltimore 23 May 2000

UK Evaluation and Certification Services

Agenda Introduction The UK Evaluation and Certification Services Summary

The increasing need for information security Increasing Threats from viruses, hackers, fraud, espionage Increasing Exposure greater dependence on IT, increasing connectivity Increasing Expectations from customers, partners, auditors, regulators

Information Security Breaches Survey 2000 (sponsored by DTI) UK e-commerce transactions in 1999 were valued at c. £2.8bn This sum is projected to grow ten-fold over the next 3 years 1 in 3 business in the UK currently buys or sells over the Internet - or is intending to in the near future

The cost of a single serious security breach can be in excess of £100,000 Over 60% of organisations sampled, had suffered a security breach in the last 2 years 1 in 5 organisations still does not take any form of security into account before buying and selling over the Internet Waiting for the electronic Nemesis?

Worse to follow? “By 2003, losses due to Internet security vulnerabilities will exceed those incurred by non-Internet credit card fraud” GartnerGroup - May 1999

The longer term? “The 21st Century will be dominated by information wars and increased economic and financial espionage” Alvin Toffler

Growing proliferation of hacking tools and know-how High Low Source: US General Accounting Office, May 1996 password guessing password cracking exploiting known vulnerabilities backdoors sniffers stealth diagnostics packet spoofing Sophistication of Tools Knowledge Required

The world of information warfare EspionageSabotage Deception Eavesdropping Network sniffing Agent recruitment Computer hacking Password cracking Open source intelligence “Denial-of-service” attacks Computer viruses, worms, logic bombs Electronic weapons Information blockades Trojan horse programs Perception management Data modification Network or address spoofing Hoax s Social engineering

How do we ensure that these risks are minimised? UK ITSec Common Criteria Mutual Recognition

Certification Experience A decade of Evaluation & Certification Founding sponsor of Common Criteria Over 230 Product & System Evaluations –ITSEC, TCSEC & Common Criteria Five commercial ITSEFs (CLEFs)

Certification Experience Wide range of products –Operating systems & databases –Firewalls, Smartcards & Public Key Infrastructures Wide range of customers –70% Multinational –Government and Commerce Wide range of assurance –Smartcard certified to ITSEC E6 –Firewalls & Operating System to E3/EAL4

The Result of that Experience Providing the assurance required –understanding vulnerabilities –procedures & documentation –feedback & review Meeting the customer’s requirements for –shorter timescales –reduced risk –increased efficiency

Where the Future Lies Tailored evaluations –assurance & functionality components –Mutual Recognition an Option Re-use –certificate maintenance –integrating certified products

The Certification Body Supports both ITSEC & Common Criteria Promoting migration to Common Criteria Accredited to EN45011 Operates cost recovery

The CLEFs

The Developer’s Perspective Preparation –what do you need? –the ITSEF & the Certification Body Evaluation –deliverables –problems reports Certification –the certification report –certificate maintenance

Protecting the Infrastructure National Infrastructure Security Co-ordination Centre National Infrastructure Security Co-ordination Centre

Cabinet Office Security Service MOD Home Office Met Police ACPO

NISCC Role Initial poc on electronic attack issues Develop effective working relations with and between CNI organisations Assess vulnerabilities, promote protection Monitor threat, provide assessments Ensure suitable handling of incidents

Key Principles Partnership Trust Confidentiality

Availability Integrity The world of information security Encryption Platform security Personnel security Monitoring & intrusion detection Password management Physical security Infrastructure security management Business continuity management Fallback planning Virus prevention & detection Certificate registration & management Penetration testing Authentication & access control Incident response & crisis management Risk management Firewall & connectivity management Security architecture Confidentiality

Summary Real threats Real risks Need for evaluated products and systems UK has excellent track record in evaluation and certification services

Want to know more? Visit CESG stand Contact us at Visit our website at Telephone us on Fax us on

Communications-Electronics Security Group