IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP
Good Morning Everybody 모두들 좋은 아침
Some Questions? Do you have free account such as gmail, yahoo, outlook? Do you have more than one ? Do you have same password in all types of and other web so that you need not to remember all passwords? Do you change password in every three months?
vemap.htmlhttps:// vemap.html
Index Infrastructure Status Issues and Challenges Lesson Learned ITSERT-NP and its Role
Infrastructure Internet including to 43 operators Internet with in Rural Area 5 Limited Mobility Services 83 Fixed Telephone services to NTC GSM cellular Mobile at present to NTC and Ncell WLL operator is UTL VSAT users to 27 VSAT user (Rural Area) 10
Communication Infrastructure
Internet Subscribers ServicesSubscribers Dialup (PSTN+ISDN) Subscribers5,759 Wireless Subscribers47,379 Cable / Fiber Subscribers67,058 ADSL1,32,768 GPRS,EDGE,WCDMA1,09,70,429 CDMA 1X, EVDO1,98,430 Wi-MAX12,816 VSAT based Internet13 TOATAL1,14,39,249 Internet Penetration (%)43.17 Source: nta.gov.np
Legal Infrastructure Banking Offence and Punishment Act, 2064 Banks and Financial Institutions Act, 2063 Nepal Rastra Bank Act, 2058 The Companies Act, 2063 Contract Act, 2056 The Electronic Transactions Act, 2063 Nepal GEA Security Architecture
Institutional Mechanism Department of IT Office of Controller of Certification Nepal Telecom Authority Nepal Rastra Bank IT Crime Cell of Nepal Police ITSERT-NP
Cyber Crime Reported YearNos – – – TOTAL150 Source: Presentation at NTA program by Nepal Police on 2 nd Sep. 2015
Nature of Cyber Crime Threat Mostly Facebook defacement Unreported ATM and Internet Banking Fraud – 3 theft Data hacks Online fraud and impersonating profiles
Status cyber security in Nepal are still not able to address the growing security breach concerns of the cyber users. it is important to know that the information regarding issues and concerns on the existing cyber security policies in understanding the inability to ensure minimal risks of cyber security breach in Nepal, as reflected in the country’s sensitive risk of cybercrimes on the rise, despite their high concern for security and privacy.
In your Opinion What could be
Challenges lack of technical knowledge in cyber security Lack of Information Security Policy No proper Cyber Law Policy maker does not feel importance Lack of National Cyber Security Strategy
Challenges Level of Trust Interdepartmental coordination Information Security Strategy Awareness in General users Government process
Government vs. Private
Recommendation Quantum of punishment for a majority of cyber crimes The majority of cyber crimes should be non-bail offences Data protection regime in the law required Amendment of law to match new technologies
Provision for regulating cloud based solutions Address different types of attacks such as time theft, denial of service attack, virus attack, identity thefts, cheating by personating etc. Provision of regulating online trading such as commodity market
Provision of punishment for offence of publishing sexually explicit content Specific provision of punishment for child pornography Define the Electronic Service Delivery Rules Regulate the social networking within country
Compulsory to publish terms of use and privacy policy on websites Establish national security emergency response team in the country like CERT/CSIRT community. Compensation for failure to protect data causing wrongful loss or wrongful gain to any person
Third party information security audit of Data Center, Software, Websites and information assets should be mandatory. Quality assurance of software and hardware Policy for handling the domain name disputes
Infrastructure Security Lesson learned from recent earthquake.
ITSERT-NP Established in 2014, non-profitable, non-political, NGO Voice of all for Information Security Working for Incident handling and awareness Organizing annual Information Security conference from 2015 In the process of availing APCERT membership Planning to establish forensic lab
ITSERT-NP Role ITSERT-NP will reduce the risk factor Information Security Audit IT Security programs for general public to aware about it. Focusing in School and Colleges
Information Security Education Classes for School/College Students Training for Teachers Guidelines for Parents Warnings for Users
Some Suggestions Change Password in every three months Do not put same password in different accounts Do not open attachment having.txt or saying see my photo Do not click on Reply button while replying to for important matters Do not run internet banking in public wifi
Secure You Secure your Nation Thank you 감사합니다 Any ?