Cyberdefense and security policy – concepts and considerations for government policy 1 Cyberdefense and security policy Concepts and considerations for.

Slides:



Advertisements
Similar presentations
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Advertisements

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Security for Today’s Threat Landscape Kat Pelak 1.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Microsoft Ignite /16/2017 4:54 PM
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Symantec Security Intelligence Internet Security Threat Report Volume XVI June, 2011 Tiffany Jones Director – Programs and Strategy Symantec Public.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.
1 Cybersecurity and web-based attacks A perspective from Symantec Zoltan Precsenyi Government Affairs Manager International Conference on Terrorism and.
E-Commerce Security and Fraud Issues and Protections
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
StorTech Security Regulatory compliance provides the business foundation for security Organisations need to tackle all security challenges from a business.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Accompanying notes to presentation What you need to know This presentation is part of the Art of connecting. There are four themes in total, each with.
1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.
Mobile Banking By: Chenyu Gong, Jalal Hafidi, Harika Malineni.
Protecting Your Business! SBA Ft. Lauderdale November 15, 2006 Gregory Levine, Sr. Director Marketing.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
The Changing World of Endpoint Protection
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Network security Product Group 2 McAfee Network Security Platform.
Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.
Chap1: Is there a Security Problem in Computing?.
Security A Payments Perspective Terry Dooley EVP & CIO SHAZAM Network.
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Session 13 Cyber-security and cybercrime. Contents  What’s the issue?  Why should we care?  What are the risks?  How do they do it?  How do we protect.
By, CA K RAGHU, PAST PRESIDENT – INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA.
IS3220 Information Technology Infrastructure Security
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
By. Andrew Largent COSC-480. Upstream Intelligence (UI) is data about IP’s, domains and Autonomous System Numbers (ASN) acting or representing the presence.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
Information Management System Ali Saeed Khan 29 th April, 2016.
Vodafone Business Cloud
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Protect your Digital Enterprise
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
ISSeG Integrated Site Security for Grids WP2 - Methodology
Cybersecurity - What’s Next? June 2017
Journey to Microsoft Secure Cloud
Real-time protection for web sites and web apps against ATTACKS
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Securing Information Systems
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
E-Commerce Security and Fraud Issues and Protections
Chapter 9 E-Commerce Security and Fraud Protection
Cybersecurity Threat Assessment
Managing IT Risk in a digital Transformation AGE
In the attack index…what number is your Company?
Presentation transcript:

Cyberdefense and security policy – concepts and considerations for government policy 1 Cyberdefense and security policy Concepts and considerations for government policy Zoltán Précsényi Government Affairs Manager

Issue statement Cyberdefense and security policy – concepts and considerations for government policy 2

Agenda Cyberdefense and security policy – concepts and considerations for government policy 3 The threat landscape 1 Attack types 2 Cyberdefence, cybersecurity, cyberintelligence 3 Emerging challenges 4 Recommendations 5

Cyberdefense and security policy – concepts and considerations for government policy 4 The Threat Landscape

2010 Trends Cyberdefense and security policy – concepts and considerations for government policy 5 Social Networking + social engineering = compromise Attack Kits get a caffeine boost Targeted Attacks continued to evolve Hide and Seek (zero-day vulnerabilities and rootkits) Mobile Threats increase

2010 in numbers 286M+ threats +93% web-based attacks identities exposed per breach +42% mobile vulnerabilities 6253 new vulnerabilities 14 new zero day vulnerabilities 1M+ bots in Rustock $0.07 to $100 per stolen credit card Cyberdefense and security policy – concepts and considerations for government policy 6

7 Attack types

Sources 8 Organized crime Well meaning insiders Malicious insiders Extremists Cyberdefense and security policy – concepts and considerations for government policy

TargetMethodToolsImpact Infrastructure DDoS (e.g. Estonia)BotnetsService disruption Control compromise (e.g. stuxnet) Specific malware exploiting zero day vulnerabilities, compromised credentials... Infrastructure failure Information Targeted attack Advanced persistent threats, leading to data breach, identity theft, loss of control… Tailored attack Customised malware using attack toolkits, social engineering... Phishing, data theft Botnets, toolkits, social engineering, keystroke loggers... Identity and data breach Targets and methods Cyberdefense and security policy – concepts and considerations for government policy 9 Any combinations of the above are possible. And likely.

Cyberdefense and security policy – concepts and considerations for government policy 10 Cyberdefense Cybersecurity Cyberintelligence

CybersecurityCyberdefense Object:Systems relevant to you……systems relevant to national security. Awareness:Understand threats to your business……and threats to national security. Action:Protect against threats you see……and figure out what you don’t see. Reaction:Block the attack that hits you……and take counter-measures. Resilience:Foresee disaster recovery……but also ensure maximum continuity. In short:Secure your perimeter……and build in-depth security. Focus on:People, processes, technology From cybersecurity to cyberdefense Cyberdefense and security policy – concepts and considerations for government policy 11

Cyberintelligence: What is the Internet used for? Communication: – Propaganda, instructions, information exchange – Diversion / disinformation / psychological operations Cybercrime and related finances: – Turning stolen data and attack capabilities into profits – Laundering money Intelligence – OSINT operations, social engineering Attack – Web-based attacks against information, organisations, infrastructure The Internet can also be used in support of other forms of attack. Cyberdefense and security policy – concepts and considerations for government policy 12

Cyberintelligence: needs and challenges Needs: – Design: Engineering skills – Deploy: Infrastructure for advanced monitoring – Leverage: Strong analytical capabilities, including human intelligence skills Challenges: – Fundamental rights: How intrusive can you be? – Confidentiality, encryption: How effective can you be? – Mass of information: Can you tell the wheat from the chaff? – Attribution: Can you tell who you’re up against? Can you really? Cyberdefense and security policy – concepts and considerations for government policy 13

Symantec™ Global Intelligence Network Identifies more threats, takes action faster & prevents impact Information Protection Preemptive Security Alerts Threat Triggered Actions Global Scope and Scale Worldwide Coverage 24x7 Event Logging Rapid Detection Attack Activity 240,000 sensors 200+ countries Malware Intelligence 133M client, server, gateways monitored Global coverage Vulnerabilities 40,000+ vulnerabilities 14,000 vendors 105,000 technologies Spam/Phishing 5M decoy accounts 8B+ messages/day 1B+ web requests/day Austin, TX Mountain View, CA Culver City, CA San Francisco, CA Taipei, Taiwan Tokyo, Japan Dublin, Ireland Calgary, Alberta Chengdu, China Chennai, India Pune, India 14 Cyberdefense and security policy – concepts and considerations for government policy

15 Emerging challenges

TechnologyStrengthsWeaknesses Cloud Enhanced overall security capabilities: Detection Protection Backup and recovery Blurred individual security perimeter: Loss of control over certain assets Increased interdependencies New single points of failure Virtualisation Flexibility and efficiency: More resilient infrastructure Better use of hardware Enhanced interoperability Segregated tasks run on shared assets: Physical proximity between isolated virtual environments Higher exposure to more vulnerabilities Mobile Well, mobility: Access to data anytime, anywhere Federated identity management Better convergence between different communication channels Well, again, mobility: Lower security awareness and culture Cross-exposure of federated identities to vulnerabilities in one of them Increased risk of data loss through device loss Next generation computing technologies Cyberdefense and security policy – concepts and considerations for government policy 16

Mobile Threats Most malware for mobiles are Trojans posing as legitimate apps Mobiles will be targeted more when used for financial transactions Cyberdefense and security policy – concepts and considerations for government policy vulnerabilities vulnerabilities % increase

Cyberdefense and security policy – concepts and considerations for government policy 18 Recommendations

Cyberdefense and security policy – concepts and considerations for government policy 19 Design security already into the earliest concept. 10 View cybersecurity as a national security stake. Security: in depth, mobile, adjustable, dynamic. Security can no longer go without intelligence. Monitor, correlate data, respond accordingly. Assess actual threat levels, prioritise accordingly. Focus on people, processes and technology. Operationalise public private partnerships in CIIP. Ensure that cybersecurity is adequately resourced. Allocate clear responsibility for cybersecurity

Thank you! SYMANTEC PROPRIETARY/CONFIDENTIAL – INTERNAL USE ONLY Copyright © 2010 Symantec Corporation. All rights reserved. Thank you! Cyberdefense and security policy – concepts and considerations for government policy 20 Zoltán Précsényi

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.