Presentation is loading. Please wait.

Presentation is loading. Please wait.

R ECOMMENDATION F OR SRI LANKAN ICT POLICY (T RUST A ND S ECURITY )

Published bySamantha French Modified over 9 years ago

Similar presentations

Presentation on theme: "R ECOMMENDATION F OR SRI LANKAN ICT POLICY (T RUST A ND S ECURITY )"— Presentation transcript:

1 R ECOMMENDATION F OR SRI LANKAN ICT POLICY (T RUST A ND S ECURITY )

2 Why Trust & Security ?

3 We need trust & security because IT an emerging industry in Sri Lanka Tackles different industries & markets Enables participation in digital & financial space at individual level Cradle to grave digital identity Data floating everywhere and still expanding Responsibility ???

4 Recommendations  Formulate an information security policy for the Government, as well as public and private institutions which handle public records  A secure centralized, online storage system to store documents  Use of a two-step authentication process, using a one-time password (OTP) when performing online transactions

5 Recommendation 1  In a government department which delivers a very important service  An attack of ‘CME-24’ aka W32.BlackMal.E worm CERT Case Study: “The Worm – Episode 1”

6 Recommendation 1  Forthcoming regulations to formulate an information security policy for government, public and private institutions who handles public records  ISO 27002 code of practice for Information Security control may be used in formulating the policy

7 Recommendation 2 A secure centralized, online storage system to store documents User (accessible with Public Key) +File 1 – Private Key 1 +File 2 – Private Key 2 +File 3 – Private Key 3 +File 4 – Private Key 4 Government Data (R) Personal Data (R/W) +File 1 – Private Key 5 +File 2 – Private Key 6 +File 3 – Private Key 7 +File 4 – Private Key 8 +File 5 – Private Key 9 Institutions (accessible with Public Key)

8 Recommendation 2  All documents are watermarked  Government data is digitally signed (verifiable) and read only  Private keys are specific to clients and have expiry  And additional code or symbol will be added when a client pull the document corresponding to the given private key  Government has no direct access to the private folder

9 Recommendation 3 Compulsory two-step authentication for online transactions The CID has reported that banks holding NRFC account have suffered losses of over Rs. 1 Billion due to illegal withdrawals from fake email accounts. Sunday Times, 28 th June 2015 All banks registered under the Central Bank Monetary Control System, should use a two step authentication process when carrying out the online transactions.

10 A Discussion Does telecom operators expose the CDR information to 3 rd parties for commercial purposes?

11 Q UESTIONS ?

Download ppt "R ECOMMENDATION F OR SRI LANKAN ICT POLICY (T RUST A ND S ECURITY )"

Similar presentations

Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.

Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.
Banks and their products VOŠ – 3. ročník – 2. semestr.

Banks and their products VOŠ – 3. ročník – 2. semestr.
A Future with E-cheques Mr. Shu-Pui Li Head, Financial Infrastructure Development Division Financial Infrastructure Department Hong Kong Monetary Authority.

A Future with E-cheques Mr. Shu-Pui Li Head, Financial Infrastructure Development Division Financial Infrastructure Department Hong Kong Monetary Authority.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Comergence 3/14/13. What Does Comergence Do? Comergence provides streamlined processing and centralized storage of Correspondent applications nationwide.

Comergence 3/14/13. What Does Comergence Do? Comergence provides streamlined processing and centralized storage of Correspondent applications nationwide.
1 Compliance Requirements November 27, 2012. Client registration & KRA requirements Formalities rationalized (agreements, signatures, documents) Availability.

1 Compliance Requirements November 27, Client registration & KRA requirements Formalities rationalized (agreements, signatures, documents) Availability.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 1 - 1 The Demand for Audit and Other Assurance Services Chapter 1.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
18/05/99 FAMO- MODELO- 000 1. 18/05/99 FAMO- MODELO- 000 2 REGIONAL HIGH-LEVEL WORKSHOP ON ELECTRONIC COMMERCE AND ICT FOR CENTRAL AMERICA AND THE CARIBBEAN.

18/05/99 FAMO- MODELO /05/99 FAMO- MODELO REGIONAL HIGH-LEVEL WORKSHOP ON ELECTRONIC COMMERCE AND ICT FOR CENTRAL AMERICA AND THE CARIBBEAN.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
The Demand for Audit and Other Assurance Services Chapter 1.

The Demand for Audit and Other Assurance Services Chapter 1.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Electronic Data Interchange (EDI)

Electronic Data Interchange (EDI)
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Similar presentations

Ads by Google