Cyber Threats

 Security Intelligence
Cyber is the Modern Battlefield
Prinya Hom-anek
CISSP, CSSLP, CISA, CISM, SSCP, CFE, CBCI, CGEIT, CRISC,
(ISC)2 Asian Advisory Council Member; ISACA Thailand - Committee,
Thailand Information Security Association (TISA) – VP & Committee ,
ACIS Professional Center Co., Ltd. - President and Founder, Cybertron Co., Ltd.,
CEO
ISO 22301:2012 (BCMS)

ACIS PROFESSIONAL CENTER We have been certified to ISO/IEC 27001:2013 (ISMS)
standards. ISO/IEC 20000-1:2011 (IT-SMS)
ACIS © Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved.
About Me, ACIS and Cybertron
การเปลี่ยนแปลงครั้งยิ่งใหญ่ของแนวความคิด
ความมั่นคงปลอดภัยไซเบอร์ในยุค S  M  C  I
(Social, Mobile, Cloud and Information/Big Data)
CISSP, SSCP, CSSLP, CISA, CISM, CRISC, CGEIT, CASP, ITIL Expert
President and Founder, ACIS Professional Center Co., Ltd.
E-mail: prinya@acisonline.net
www.facebook.com/prinyah
www.twitter.com/prinyaACIS (@prinyaacis)
© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved. www.acisonline.net
 Security intelligence
แนวโน้มเทคโนโลยีของโลกทีก
่ ำลังเข้ำมำเปลี่ยนแปลง
ชีวิตประจำวันของชำวโลกในศตวรรษที่ 21
The World has Changed
Internet of Things
Cybersecurity Environment
Challenges, Threats, Risks, Opportunities
ACIS © ACIS Professional Center Company Limited Strategic IT-GRC and Cybersecurity Risk Awareness in Digital Economy: Cybersecurity Resilience Framework and Implementation in Action 6
ISO 22301:2012 (BCMS)
Copyright © 2016, ACIS Professional Center Co., Ltd.

ISO 22301:2012 (BCMS)

“S-M-C-I” Era :
The Nexus of Disruptive Forces
"Challenging in Digital Economy : The Nexus between Cybersecurity
and Privacy Protection”
10
S-M-I-C ERA : Risks vs. Oppotunities
Mega IT Trends: Social, Mobile, Cloud, Big Data Analytics
 Security intelligence

Source: Global Risks Report 2016, World Economic Forum

Cyber Attack News Update

Tesco Bank Hacked Cyber Fraudsters
Stole Money From 20,000 Accounts
Source : http://thehackernews.com/2016/11/tesco-bank-hack.html

Someone is Using Mirai Botnet to Shut Down
Internet for an Entire Country
Source : http://thehackernews.com/2016/11/ddos-attack-mirai-botnet.html

Danish Payment Processing Firm Suffers Breach
100k Credit Cards Stolen
Source : https://www.hackread.com/danish-payment-processing-data-breach/

Major Ransomware Attack Shuts Down
Entire National Health Service System
Source : https://www.hackread.com/ransomware-attack-on-nhs-system/

Red Cross Data Leak; Personal Data
of 550,000 Blood Donors Stolen
Source : https://www.hackread.com/red-cross-blood-donors-data-leak/

Google discloses Critical Windows Zero-Day
that makes all Windows Users Vulnerable
Source : http://thehackernews.com/2016/10/google-windows-zero-day.html?m=1

Millions of Android Devices
Vulnerable to DRAMMER Attack
Source : https://www.hackread.com/android-vulnerable-to-drammer-attack/

Mirai Botnet Linked to Massive DDoS Attacks
on Dyn DNS
Source : https://www.hackread.com/mirai-botnet-linked-to-dyn-dns-ddos-attacks/

DDoS attack on Dyn involved 10s of millions
of hacked IP addresses
Source : https://www.hackread.com/dyn-ddos-attack-millions-ip-addresses/

Chip and Pin Hack spits out cash
Source: http://www.bbc.com/news/technology-36971832
An ATM hack and a PIN-pad hack show chip
cards aren’t impervious to fraud
Source: http://arstechnica.com/security/2016/08/an-atm-hack-and-a-pin-pad-hack-show-chip-cards-arent-impervious-to-fraud/
Swift Hack Probe Expands to Up to a Dozen
Banks Beyond Bangladesh
Source: http://www.bloomberg.com/news/articles/2016-05-26/swift-hack-probe-expands-to-up-to-dozen-banks-beyond-
bangladesh
Swift hackers steal $10 millions from
Ukrainian bank
Source: http://thehackernews.com/2016/06/ukrainian-bank-swift-hack.html
US warns of hacking threat to interbank
payment network
Source: http://www.bbc.co.uk/news/business-36473912
Four Lessons to Learn From the SWIFT Hacks
Source: http://www.infosecurity-magazine.com/opinions/four-lessons-to-learn-from-the/
The Inside Story of Mt. Gox,
Bitcoin’s $460 Million Disaster
Source: https://www.wired.com/2014/03/bitcoin-exchange/
Hackers Steal $72 Million in Bitcoin
From Hong Kong Exchange
Source: http://gizmodo.com/hackers-steal-72-million-in-bitcoin-from-honk-kong-exc-1784757592
Bitcoin tumbles after HK exchange ‘hacked’
Source : http://www.thestar.com.my/business/business-news/2016/08/03/bitcoin-tanks-after-hong-kong-exchange-hacked/

Bitcoin Price Drops 20% After $72 Million
in Bitcoin Stolen from Bitfinex Exchange
Source : http://thehackernews.com/2016/08/bitcoin-exchange-price.html

Vitalik Buterin - Founder, Ethereum (Age 22)
How a $50M hack changed the fate of Ethereum,
Bitcoin's closest competitor
Source : http://www.cbc.ca/news/technology/ethereum-hack-blockchain-fork-bitcoin-1.3719009

A $50 Million Hack Just Showed That the DAO
Was All Too Human
Source: https://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/
Hacked BitcoinTalk.org User Data Goes Up
For Sale On Dark Web
Source : https://www.cryptocoinsnews.com/hacked-bitcointalk-org-user-data-goes-up-for-sale-on-dark-web/

BlockChain.info Domain Hijacked
8 Million Bitcoin Wallets Inaccessible
Source : http://thehackernews.com/2016/10/blockchain-bitcoin-website.html

360o Cybersecurity : Fraud and Cyber Risks in e-Payment Services  Security intelligence
Acknowledgements
Prinya Hom-anek
CISSP, SSCP, CSSLP, CISA, CISM, CRISC, CGEIT, CASP, ITIL Expert,
ISACA Cybersecurity Nexus, COBIT 5 implementation, IAPP Foundation
President and Founder, ACIS Professional Center Co., Ltd.
CEO, Cybertron Co., Ltd.
ผู้อำนวยกำรศูนย์กำรรักษำควำมมันคงปลอดภั
่ ยทำงไซเบอร์ มหำวิ ทยำลัยรังิิ ต
© ACIS Professional Center Company Limited Strategic IT-GRC and Cybersecurity Risk-Awareness: Transforming Cybersecurity of Things and Literacy in Digital Economy 47
“พบมัลแวร์และเครือข่ำยบอทเน็ ตยังคงทำงำนอยู่ตงั ้ แต่ปี พ.ศ. 2557
ในเครื่องคอมพิวเตอร์ของประเทศไทยกว่ำหนึ่ งแินเครื่อง
Top 10 Asia under Cyber Attack
Malware Infection Index* for ASEAN for the first quarter of 2015
India remains the most infected country, while Indonesia is

no. 5 globally, and China is 8th.
Thailand is number 5 of malware detections in Asia and

11th globally among the top 25 list.
Top ranked malwares in Asia are B106 (Bladabindi/Jenxcus),
Conficker, Ramnit, Sireref and Citadel respectively.
Source: Microsoft https://www.facebook.com/MicrosoftDCU/ https://news.microsoft.com/presskits/dcu/
49
Worldwide Threat Assessment
Microsoft Security Intelligence Report
Figure A:
F: Average
E:
C:
B:
D: Malware
Drive-by
Encounter
Infection number
Phishing distribution
download
rates
sites
rates
per
byby
ofcountry/region
1,000
pages
country/region
Simda-infected
sitesInternet
per
indexed
1,000
in
hosts
in
by
devices
2Q15
Internet
2Q15
Bing
for locations
atconnecting
hosts
the end
foraround
of
locations
to2Q15
thethe
sinkhold
per
around
world
1,000
ineach
the
1H15
URLs
world
month,
in in
each
1H15
April-July,
country/region
2015
Source: [https://www.microsoft.com/security/sir/default.aspx]
50
Security Incidents in 2015
Data Breach Investigation Report, Verizon
Source: [https://www.microsoft.com/security/sir/default.aspx]
51
“Shadow IT” : The New IT Problem that comes with “Cloud Computing”
ITG-COBIT5-introduction v1.1  Security Intelligence
The World & ASEAN Cybersecurity

Trends and Current Situation
ACIS Professional Center Co., Ltd. CYBERTRON Co., Ltd.

www.acisonline.net
Internet of Things, Internet of Trust
SECURITY
INTERNET
OF TRUST
THINGS
PRIVACY
Source: [“ACIS Top Ten Cybersecurity Threats and Trends”, ACIS-Research, www.acisonline.net]
Internet of Things, Internet of Trust

Security-driven architecture Integrated
Undefined threats Risk-based
approach
Internet Security
of Threats of Things
Internet
Hacking
industry
of Trust
Gen-C vulnerable
Identity
Supplier
Internet of of Things
Internet
Everything
of Things
Information
Privacy
of Things Data
Science
Big
Data
Source: [“ACIS Top Ten Cybersecurity Threats and Trends”, ACIS-Research, www.acisonline.net]
1. Emerging Hacking Industry
2. Undefined, Unknown Threats at Risk
3. Security of Things, Internet of Trust
4. Security-driven Architecture
5. Vulnerable Third-party
6. Information of Things and Data Science Revolution
7. The Rise of Generation C : Digital Lifestyle in Digital Economy
8. Cybersecurity Centric and Cyber Resilience in Action
9. Increasing in Cybersecurity Capabilities and Competence Gap
10. Integrated Risk-Based Approach Standards & Best Practices
Source: “ACIS/Cybertron Top Ten Cybersecurity Trends for 2016”, ACIS Research; www.acisonline.net 56
10. Integrated Risk-Based Approaches and Standards
4. Security-driven architecture
1. Emerging
Hacking Industry
2. Undefined
Unknown Threats at Risk
7. C-Generation: 5. Vulnerable
Gen-C Lifestyle in 3. Security of Thing, Suppliers,
Digital Economy Internet of Trust Service Provider
6. Information of Thing and Data Science Revolution
8. Cybersecurity Centric and Resilience in Action
9. IT-related & Security Capabilities and Competence Gap
Source: “ACIS Top IT & Cybersecurity Threats and Trends for 2016”, ACIS Research; www.acisonline.net 57
C-Generation: Gen-C Life Style

Gen C คือกำรก้ำวข้ำม Demographic ไปสู่ Psychographic
source: K. Nuttaputch
“CONNECTED”
1. Connection
2. Convenience
3. Creation
4. Curation
5. Community
ACIS
Source: http://www.zocialinc.com/blog/genc-behavior/ ; http://www.positioningmag.com/content/61576
© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved. 58
C-Generation: Gen-C Life Style
ACIS
Source: http://www.zocialinc.com/blog/genc-behavior/ ; http://www.positioningmag.com/content/61576
© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved. 59
4 Types of Hackers
1. Hacktivism
Emerging
2. Cyber Crime (make $$$) Hacking
3. Cyber Espionage (need IP) Industry
4. Cyber Warfare
 State-Sponsored Attack
 State-Act Attack
Source: “Top Cybersecurity Threats and Trends for 2016”, ACIS Research; www.acisonline.net 60
ISF’s Marketplace of Attacks is Evolving
Information Security Forum Threat Horizon 2014 Priview 61

ISF’s Motives, Impacts, and Adversaries
Information Security Forum Threat Horizon 2014 Priview 62

Reconnaiss Weaponizat Actions on
Delivery Exploitation Installation C2
ance ion Intent
Top MalWare File Extensions
Bahtgrabber:
Now It’s Not Just Euro
Mobile MalWare on
Android Devices
Real case in Thailand
© Copyright, ACIS Professional Center Company Limited, All rights reserved 65

Source: The Knowledge from Gartner Symposium ITxpo; Top 10 Strategic Technology Trends for 2013 66
21-Nov-16
Source: The Knowledge from Gartner Symposium ITxpo; Top 10 Strategic Technology Trends for 2013 67
21-Nov-16
68
 ITBN CONF-EXPO
USA has a plan

for assimilating
“Cyber warfare is REAL” In the August
2008 Russia
cyberattack used DDoS
abilities in the and defacing
military operations to
commands as Georgian
part of every news sites and
operative plan, government
and setting up offices.
attack groups
within these
commands.
Beijing’s hackers continue to conduct

cyber attacks on government and
private networks.

Who are the cyberwar superpowers?

Source : World Economic Forum

Who are the cyberwar superpowers?

Source : World Economic Forum

The best hacking country in the World

Source : Abbas Naderi,Quora
There are two factors in making nation advanced

in cyber crime capabilities
Lawlessness Technological Advancement
The more free of law hackers are The more technological advanced
in a country, the more practice a country is, the more people can
they get, and the better they become hackers.
become.

The best hacking country in the World

Source : Abbas Naderi,Quora

Traditional IoT hacking by using Shodan
74
Shodan – Search for Vulnerable CCTV
75
ISF’s Cybersecurity and Cyber Resilience
Build cyber resilience into your

organisation
• Organisation’s capability to
withstand impacts from threats
meterialising in cyberspace
• Covers all threats – even the
one we don’t know about
• Driven by agile, broader risk
management, linking
information risk to ERM
Source: “Cybersecurity strategies”, Information Security Forum (ISF), www.securityforum.org
© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved. Paradigm Shift in Cybersecurity 76
Research from ACIS/Cybertron Cyber LAB
Internet of Things - Internet of Threats - Internet of Trust
Cybersecurity Resilience Framework
in Actions
Stage 1 : Information Security
Stage 2 : Cybersecurity
Stage 3 : Cybersecurity Resilience
www.cdicconference.com 77
ACIS © ACIS Professional Center Company Limited. All Right Reserved. ACIS-Cybertron Cybersecurity Resilience Framework 78
Hidden Security and Privacy
Threats on Mobile Applications
Research from ACIS/Cybertron Cyber LAB
Hidden Behaviors and Processes on Mobile Applications
source : Pradeo, France
Bridging into the Underground Threats

Prinya Hom-anek,
CISSP, SSCP, CSSLP, CISA, CISM, CRISC, CGEIT,
CASP, ISACA Cybersecurity Nexus, ITIL Expert, IAPP Foundation
ACIS Professional Center Co., Ltd. & Cybertron Co’, Ltd.
Bangkok, Thailand

www.acisonline.net
Sun Tzu’s Quote, ”The Art of War”
“If you know the enemy and know yourself,

you need not fear the result of a hundred
battles.
If you know yourself but not the enemy, for

every victory gained you will also suffer a
defeat.
If you know neither the enemy nor yourself,

you will succumb in every battle.”
Understand
Dark Web, Deep Web vs. Surface Web

www.acisonline.net

www.acisonline.net
Case Study :
“MalWare in the Darknet”

www.acisonline.net
1. “SkyNet : A Tor Botnet”
2. “Atrax Crimekit”
3. “Citadel Trojan : Malware-as-service”
How to response the undefined threats

www.acisonline.net
ISF’s Cyber Security and Cyber Resilience
Source: “Cyber Security strategies achieving cyber resilience”, Information Security Forum (ISF), www.securityforum.org
DHS Cybersecurity Resilience
From The World Real-time
Cyber Attack Map
• Cybersecurity is “A Full Time Activity”
• Cybersecurity is “A Business Imperative”
• Cybersecurity is “An Executive-Level Concern”

การเปลี่ยนแปลงครั้งยิ่งใหญ่ของแนวความคิด
ความมั่นคงปลอดภัยไซเบอร์ในยุค S  M  C  I
(Social, Mobile, Cloud and Information/Big Data)
© Copyright 2015 ACIS Professional Center Company Limited. All Right Reserved. www.acisonline.net
Paradigm Shift in Cybersecurity

“From preventive to responsive”
© Copyright , ACIS Professional Center Company Limited Certified ISO/IEC 27001:2005

Business Impact and Time
Manage and Mitigate
“REPUTATION RISK”
From “Time-based Security” to “Responsive Security”
Security Factors : Time-based Security Responsive Security

Protective Control Focus on “Protective controls”
Detective Control
Corrective control Focus on “Responsiveness Readiness”
Time
Credit : Responsive Security , Dr. Meng-Chow Kang

Responsive & Readiness Mentality

Fortress Mentality
Are we Ready?
Are we Secure?
Credit : Responsive Security , Dr. Meng-Chow Kang

President Executive Order ( EO) 13636
“Improving Critical Infrastructure
Cybersecurity”, February 2013.
NIST: Framework for Improving

Critical Infrastructure Cybersecurity
Cybersecurity Framework
for Critical Infrastructure
Vulnerability Assessment
Penetration Testing
Identify
Cyber 911 (Next Generation SOC)

Risk Assessment
Business Impact Analysis
Cyber Drill & Awareness Training

Protect
Critical System Hardening
Cybersecurity
Framework Outsource Log Monitoring
Detect
IT Audit
Incident Response
Respond
Digital Forensics
Recover BCP & DRP

Cybersecurity Resilience Framework Gap Analysis
Current State vs Target State
Benchmarking between your organization and Industries
ID.AM
Identify RC.CO5 ID.BE
5 RC.IM 4 ID.GV
4 Oil and Gas RC.RP 3 ID.RA Oil and Gas
3 2
Recover 2 Protect RS.IM ID.RM
1 Financial 1 Financial
0 RS.MI 0 PR.AC
Regulator Regulator
RS.AN PR.AT
Respons Target RS.CO PR.DS Target
Detect
e DE.DP PR.IP
DE.CM PR.PT
DE.AE
CYBERSECURITY RESILIENCE FRAMEWORK
CsP-MICS (NexusFour) Model and Cybersecurity Resilience Framework
Holistic Conceptual Thinking View
Organizational (Business) Perspective Organizational IT-related and Cybersecurity Perspective

Long-term
SUSTAINABILITY SUSTAINABILITY
RESILIENCE RESILIENCE
Organizational Business
Resilience Resilience
Cybersecurity Resilience
TIME
TRUST
EXCELLENCE Cybersecurity
Centric
SECURITY PRIVACY
Balancing
Integrated GRC
Current
Cybersecurity Environments
[NexusFour: Mobile, Big Data (Information), Cloud, Social]
ACIS-Cybertron Cybersecurity Resilience Framework 112

Holistic Conceptual Thinking View
SUSTAINABILITY
RESILIENCE
Stage 3 : Cyber Resilience Cybersecurity Resilience
TRUST
Stage 2 : Cybersecurity Cybersecurity

Centric
SECURITY PRIVACY
Stage 1 : Information Security Balancing
Cybersecurity Environments
[NexusFour: Mobile, Big Data (Information), Cloud, Social]
ACIS-Cybertron Cybersecurity Resilience Framework 113

Internet of Things - Internet of Threats - Internet of Trust

CsP-MICS (NexusFour)
Stage 3 : Cyber Resilience
Cybersecurity Resilience Framework

in Actions

References
1. ISF : Cyber Security Strategy

2. ISACA : Cyber Security Nexus (CSX)
3. ISO : ISO/IEC 27032:2012, IT -- Security techniques -- Guidelines for Cybersecurity
4. NICE : National Cybersecurity Workforce Framework
5. NIST : NIST Cybersecurity Framework
6. US-CERT : Cyber Resilience Review (CRR)
7. ENISA : National Cyber Security Strategies
8. ITU : National Cyber Security Strategies Guide
9. Book : Time Based Security, Winn Schwartau
10. Book : Responsive Security, Dr. Meng Chow Kang

References

ACIS-Cybertron: Cybersecurity Resilience Framework Implementation
Core Functions to achieve

specificObjectives
Cybersecurity cybersecurityand
outcomes
Goals
Determine Determine Cybersecurity Environments

prepared,
Identify
be ready
Establish Establish Cybersecurity Programme
to be secured
Protect
Study Study Cybersecurity Requirements
before security
incident/data
Define breach
Detect
Define Cybersecurity Controls
and Resilience Strategy
after security
Implement
incident/data breach Respond
Implement Resilience Solutions
Stage 3 : Cyber Resilience

maintain
Exerciseplans for Exercise, Maintain, Evaluate
resilience, restore to Recover
normal operations
Review Review Cybersecurity Assurance
assure that all related
solutions having Assurance
executed effectively

ACIS-Cybertron: Cybersecurity Resilience Framework Implementation
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< t = 0 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Identify & Protect Detect (t<0) Respond (t>0)

(be ready to be secured) (before security incident (after security incident
/data breach) /data breach)
Business Impact Analysis (BIA) 24x7 Managed Next-Gen SOC Incident Response &
Incident Handling
Cybersecurity Gap Analysis/
Cyber Risk Assessment Threat Intelligence Incident Management/
based on Risk Scenario Problem Management
Vulnerability Assessment, Big Data Analytics
Digital Forensics and
Compromised Assessment / Investigation
Penetration Testing Social Listening/Analytics
APT/Malware Hunting
Cybersecurity Awareness Advanced APT/
Training Malware In-Depth Analytics Crisis Management
Develop Cyber Drill Scenario/ Root Cause Analysis

Cyber Incident Response Plan Pre-Crisis Management
Post-Respond Report
Exercise Cyber Drill Event Management Law Enforcement Coordination
ACIS Internal Cyber Drill Result
Are we ready for Digital Economy ?

National Cybersecurity Capacity Maturity Model
(CMM)

Structure of National Cybersecurity Capacity
Maturity Model (CMM)
ิ งึ่ เป็ นการจัดหมวดหมูข
มิต ิ มีทงั ้ หมด 5 มิตซ ่ อง ปัจจ ัย อธิบายความหมายของคุณลักษณะของ
ขีดความสามารถด ้านความมั่นคงปลอดภัยไซ ความมั่นคงปลอดภัยไซเบอร์ในแต่ละมิต ิ
เบอร์
องค์ประกอบของแต่ละปัจจ ัย เป็ น ระด ับวุฒภ ิ าวะ เป็ นความก ้าวหน ้าการพัฒนา

องค์ประกอบทีแ ่ ตกต่างกันของแต่ละปั จจัย ซงึ่ ระดับวุฒภิ าวะในแต่ละประเทศทีส ่ อดคล ้องกับ
องค์ประกอบเหล่านีจ ้ ะแสดงให ้เห็นถึงตัวบ่งช ี้ ปั จจัยและองค์ประกอบด ้านความมั่นคง
เป็ นกลุม
่ ย่อยๆทีส
่ ามารถเข ้าใจได ้ง่าย ปลอดภัยไซเบอร์ของประเทศนัน ้ ๆ
ต ัวบ่งช ี้ อธิบายขัน้ ตอน กระบวนการ ทีบ ี้ งึ

่ ่งชถ
ลักษณะเฉพาะเจาะจงของในแต่ละระดับ ปั จจัย
ทีเ่ กีย
่ วข ้อง และ องค์ประกอบของแต่ละปั จจัย
ทัง้ 5 มิต ิ

Five Dimensions of CMM
- National Cybersecurity Strategy

- Incident Response
- Critical Infrastructure (CI) Protection
- Crisis Management
- Cyber Defense Consideration
- Communications Redundancy
- Adherence to Standards
- Internet Infrastructure Resilience
- Software Quality
- Technical Security Controls
- Cybersecurity Mind-set
- Cryptographic Controls
- Trust and Confidence on the Internet
- Cybersecurity Marketplace 1. Cybersecurity - User Understanding of Personal Information
- Responsible Disclosure Cybercrime Policy and Protection Online
Strategy - Reporting Mechanisms
- Media and Social Media
5. Standards, 2. Cyber
Organizations, Culture and
and Society
Technologies CMM
- Awareness Raising
- Legal Frameworks 4. Legal and 3. Cybersecurity - Framework for Education
- Criminal Justice System Regulatory Education, - Framework for Professional
- Formal and Informal Cooperation Frameworks Training and Training
Frameworks to Combat Cybercrime Skills

Stages of Maturity
Dynamic
เป็ นระดับทีม
่ ค
ี วามชด ั เจนในด ้านกลไกนาไปสู่
การเปลีย ่ นแปลงกลยุทธ์ทข ี่ น
ึ้ อยูก
่ ับภัยคุกคาม
Strategic ไซเบอร์ทเี่ กิดขึน
้ จริงในปั จจุบัน
เป็ นระดับทีป
่ ั จจัยต่างๆขึน
้ อยูก
่ ับระด ับชาติหรือ
สภาวะแวดล้อมขององค์กร
Established
่ งค์ประกอบต่างๆถูกนาไปใช ้ มก
เป็ นระดับทีอ ี าร
จัดสรรทรัพยากร และมีคา่ เสย ี โอกาสทีต
่ ้อง
ตัดสน ิ ใจ
Formative
เป็ นระดับทีม ่ บี างองค์ประกอบของแต่ละปั จจัย
ได ้เริม
่ ปฏิบัตกิ ันแล ้ว แต่ยังอยูใ่ นขนตอนการ
ั้
สาธิต
Start-up
เป็ นระดับทีเ่ พิง่ เริม
่ อภิปรายเกีย
่ วกับการสร ้าง
ความมั่นคงปลอดภัยไซเบอร์ แต่ยังไม่มก ี าร
กระทาทีเ่ ป็นรูปธรรม

Benefit of CMM
Worldwide capacity acceptance
Gap for
Improvement
Your capacity
1. Cybersecurity 2. Cyber 3. Cybersecurity 4. Legal and 5. Standards,

Policy and Culture and Education, Regulatory Organizations,
Strategy Society Training and Frameworks and
Skills Technologies

The Real Meaning of Cybersecurity
Cybersecurity is “A Full Time Activity”
Cybersecurity is “A Business Imperative”
Cybersecurity is “An Executive-Level Concern”
Source: “Cybersecurity for Executive” book, Gregory J. Touhill and C.Joseph Touhill
Cyber Warfare is REAL
ACIS © ACIS Professional Center Company Limited. All Right Reserved.

Collaboration
more powerful than ever to improve cybersecurity

www.TISA.or.th ,
Thailand Information Security Association (TISA)
www.cdicconference.com
Cyber Defense Initiative Conference 2015
www.acisonline.net
ACIS Professional Center Co., Ltd.
www.youtube.com/thehackertv
www.youtube.com/thecyber911
The Hacker TV Programme 20:55 Monday-Friday
Email : prinya@acisonline.net
Facebook : www.facebook.com/prinyah
Facebook search : prinya hom-anek
Twitter: www.twitter.com/prinyaACIS (@prinyaacis)

Update Your Cybersecurity Knowledge
The Hacker ทาง Nation TV

ทุกว ันจ ันทร์ – ศุกร์ เวลา 20.50-21:00 น.
www.youtube.com/thehackerTV
วิทยุครอบคร ัวข่าว FM 106.00 MHz

ทุกว ันพุฤห ัสบดี เวลา 17:30-17:45 น.
รายการทีน ่ งคิดยกกาล ังสอง

่ ไี่ ทยพีบเี อส ชว
ทุกว ันพุธ เวลา 21.45 – 22.00 น.
131
รุ่ น 2 : มกราคม 2559
วิทยาลัยเทคโนโลยีสารสนเทศและการสื่ อสาร
มหาวิทยาลัยรังสิ ต
21-Nov-16 132
Thank you very much 

www.acisonline.net

Cyber Threats

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Cyber Threats

Загружено:

Авторское право:

Доступные форматы

 Security Intelligence

Cyber is the Modern Battlefield

ISO 22301:2012 (BCMS)

The World has Changed

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Mega IT Trends: Social, Mobile, Cloud, Big Data Analytics

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

Copyright © 2016, ACIS Professional Center Co., Ltd.

India remains the most infected country, while Indonesia is

Thailand is number 5 of malware detections in Asia and

Source: Microsoft https://www.facebook.com/MicrosoftDCU/ https://news.microsoft.com/presskits/dcu/

Data Breach Investigation Report, Verizon

The World & ASEAN Cybersecurity

ACIS Professional Center Co., Ltd. CYBERTRON Co., Ltd.

Internet of Things, Internet of Trust

Internet of Things, Internet of Trust

2. Undefined, Unknown Threats at Risk

3. Security of Things, Internet of Trust

6. Information of Things and Data Science Revolution

7. The Rise of Generation C : Digital Lifestyle in Digital Economy

8. Cybersecurity Centric and Cyber Resilience in Action

9. Increasing in Cybersecurity Capabilities and Competence Gap

10. Integrated Risk-Based Approach Standards & Best Practices

6. Information of Thing and Data Science Revolution

8. Cybersecurity Centric and Resilience in Action

9. IT-related & Security Capabilities and Competence Gap

C-Generation: Gen-C Life Style

C-Generation: Gen-C Life Style

ISF’s Marketplace of Attacks is Evolving

Information Security Forum Threat Horizon 2014 Priview 61

ISF’s Motives, Impacts, and Adversaries

Information Security Forum Threat Horizon 2014 Priview 62

© Copyright, ACIS Professional Center Company Limited, All rights reserved 65

USA has a plan

Beijing’s hackers continue to conduct

Copyright © 2016, ACIS Professional Center Co., Ltd.

Who are the cyberwar superpowers?

Copyright © 2016, ACIS Professional Center Co., Ltd.

Who are the cyberwar superpowers?

Copyright © 2016, ACIS Professional Center Co., Ltd.

The best hacking country in the World

There are two factors in making nation advanced

Copyright © 2016, ACIS Professional Center Co., Ltd.

The best hacking country in the World

Copyright © 2016, ACIS Professional Center Co., Ltd.

ISF’s Cybersecurity and Cyber Resilience

Build cyber resilience into your

Source: “Cybersecurity strategies”, Information Security Forum (ISF), www.securityforum.org