IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP.

Slides:



Advertisements
Similar presentations
Philippine Cybercrime Efforts
Advertisements

ITU Regional Seminar on E-commerce Bucharest, Romania May 2002 National E-commerce Strategies for Development Dr. Susanne Teltscher United Nations.
Jennifer Perry. We help victims of e-crime and other online incidents – Web based service – Providing practical, plain language advice – No-nonsense advice.
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.
Breaking Trust On The Internet
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
David A. Brown Chief Information Security Officer State of Ohio
Mobile Technology & Cyber Threats Promoting E-Commerce in Ghana Ruby Saakor Tetteh Ministry of Trade & Industry, Ghana Sixth Annual African Dialogue Consumer.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
1 6 - Outsourcing Outsourcing. © Robert G Parker – UW-CISA 2010 Dealing with issues when a portion or all of the provision of technology services is performed.
E-Security Background IT Infrastructure in Sikkim Current Status of Cyber Security& Cyber Crime in SIkkimCurrent Status of Cyber Security& Cyber Crime.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Mobile Technology And Cyber Security K. N. ATUAHENE Director, Domestic Trade and Distribution Ministry of Trade and Industry.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
Geneva, Switzerland, September 2014 Challenges and Successes in the Zambian ICT Security Sector Mainza Siamubayi Handongwe, Student Research Fellow,
(Geneva, Switzerland, September 2014)
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.
IT Security Challenges In Higher Education Steve Schuster Cornell University.
GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Creating Trust in Critical Network Infrastructures Canadian Case Study Michael Harrop.
The Realities and Challenges of Cyber Crime and Cyber Security in Africa Prof Raymond Akwule President/CEO Digital Bridge Institute 2011 Workshop on Cyber.
Securing Information Systems
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Protecting Yourself Online (Information Assurance)
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
Marketing of Information Security Products. The business case for Information Security Management.
1 How to Improve Law Enforcement - Service Providers Cooperation in India A presentation by: Lalit Mathur ISPAI.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
Mobile and Cyber Threat Issues The Fifth Annual African Dialogue Consumer Protection Conference Livingstone, Zambia September 2013.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
CYBER CRIMES PREVENTIONS AND PROTECTIONS Presenters: Masroor Manzoor Chandio Hira Farooq Qureshi Submitted to SIR ABDUL MALIK ABBASI SINDH MADRESA TUL.
Cybercrime What is it, what does it cost, & how is it regulated?
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Why Privacy & Security Awareness Training?. Why is privacy & security awareness training required?
IS3220 Information Technology Infrastructure Security
Regional Telecommunications Workshop on FMRANS 2015 Presentation.
06 Sep 2006 Cyber security Cyber Security for Protection of Critical Information Infrastructure B J Srinath Director & Scientist ‘ F ’, CERT-In Department.
Types of Cybercrime (FBI, 2000) 1.Unauthorized access by insiders (such as employees) 2.System penetration by outsiders (such as hackers) 3.Theft of proprietary.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Update on Liberia’s ICT Regulations and E-commerce Services at the Harmonization of ECOWAS Region Cyber Legislation, Accra March 2014 By Cllr. Roosevelt.
Technological Awareness for Teens and Young Adults.
Securing Information Systems
Securing Information Systems
Acceptable Use Policy (Draft)
Hot Topics:Mobility in the Cloud
Chapter 5 Electronic Commerce | Security
Lecture 14: Business Information Systems - ICT Security
Securing Information Systems
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
Chapter 5 Electronic Commerce | Security
Cybercrime and Canadian Businesses
Challenges and Successes in the Zambian ICT Security Sector
Presentation transcript:

IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP

Good Morning Everybody 모두들 좋은 아침

Some Questions? Do you have free account such as gmail, yahoo, outlook? Do you have more than one ? Do you have same password in all types of and other web so that you need not to remember all passwords? Do you change password in every three months?

vemap.htmlhttps:// vemap.html

Index Infrastructure Status Issues and Challenges Lesson Learned ITSERT-NP and its Role

Infrastructure Internet including to 43 operators Internet with in Rural Area 5 Limited Mobility Services 83 Fixed Telephone services to NTC GSM cellular Mobile at present to NTC and Ncell WLL operator is UTL VSAT users to 27 VSAT user (Rural Area) 10

Communication Infrastructure

Internet Subscribers ServicesSubscribers Dialup (PSTN+ISDN) Subscribers5,759 Wireless Subscribers47,379 Cable / Fiber Subscribers67,058 ADSL1,32,768 GPRS,EDGE,WCDMA1,09,70,429 CDMA 1X, EVDO1,98,430 Wi-MAX12,816 VSAT based Internet13 TOATAL1,14,39,249 Internet Penetration (%)43.17 Source: nta.gov.np

Legal Infrastructure Banking Offence and Punishment Act, 2064 Banks and Financial Institutions Act, 2063 Nepal Rastra Bank Act, 2058 The Companies Act, 2063 Contract Act, 2056 The Electronic Transactions Act, 2063 Nepal GEA Security Architecture

Institutional Mechanism Department of IT Office of Controller of Certification Nepal Telecom Authority Nepal Rastra Bank IT Crime Cell of Nepal Police ITSERT-NP

Cyber Crime Reported YearNos – – – TOTAL150 Source: Presentation at NTA program by Nepal Police on 2 nd Sep. 2015

Nature of Cyber Crime Threat Mostly Facebook defacement Unreported ATM and Internet Banking Fraud – 3 theft Data hacks Online fraud and impersonating profiles

Status cyber security in Nepal are still not able to address the growing security breach concerns of the cyber users. it is important to know that the information regarding issues and concerns on the existing cyber security policies in understanding the inability to ensure minimal risks of cyber security breach in Nepal, as reflected in the country’s sensitive risk of cybercrimes on the rise, despite their high concern for security and privacy.

In your Opinion What could be

Challenges lack of technical knowledge in cyber security Lack of Information Security Policy No proper Cyber Law Policy maker does not feel importance Lack of National Cyber Security Strategy

Challenges Level of Trust Interdepartmental coordination Information Security Strategy Awareness in General users Government process

Government vs. Private

Recommendation Quantum of punishment for a majority of cyber crimes The majority of cyber crimes should be non-bail offences Data protection regime in the law required Amendment of law to match new technologies

Provision for regulating cloud based solutions Address different types of attacks such as time theft, denial of service attack, virus attack, identity thefts, cheating by personating etc. Provision of regulating online trading such as commodity market

Provision of punishment for offence of publishing sexually explicit content Specific provision of punishment for child pornography Define the Electronic Service Delivery Rules Regulate the social networking within country

Compulsory to publish terms of use and privacy policy on websites Establish national security emergency response team in the country like CERT/CSIRT community. Compensation for failure to protect data causing wrongful loss or wrongful gain to any person

Third party information security audit of Data Center, Software, Websites and information assets should be mandatory. Quality assurance of software and hardware Policy for handling the domain name disputes

Infrastructure Security Lesson learned from recent earthquake.

ITSERT-NP Established in 2014, non-profitable, non-political, NGO Voice of all for Information Security Working for Incident handling and awareness Organizing annual Information Security conference from 2015 In the process of availing APCERT membership Planning to establish forensic lab

ITSERT-NP Role ITSERT-NP will reduce the risk factor Information Security Audit IT Security programs for general public to aware about it. Focusing in School and Colleges

Information Security Education Classes for School/College Students Training for Teachers Guidelines for Parents Warnings for Users

Some Suggestions Change Password in every three months Do not put same password in different accounts Do not open attachment having.txt or saying see my photo Do not click on Reply button while replying to for important matters Do not run internet banking in public wifi

Secure You Secure your Nation Thank you 감사합니다 Any ?