Академический Документы
Профессиональный Документы
Культура Документы
Information Insecurity
Part III: The Action Plan
E. Gelbstein A. Kamal
1 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
Cyberspace as a frontierland
Uncharted territory unclear boundaries Unclear or undefined ownership Legislation developing slowly
Navigators Explorers Traders Quacks Crooks Criminals 2 of 44
Many adventurers
E. Gelbstein A. Kamal
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
CYBERSPACE
Criminals and Terrorists Terra Incognita
Digital Divide
Cartografia Pietragialla
E. Gelbstein A. Kamal
Explorers Navigators
3 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
Survivors guide
Better charts to the cyberspace frontier are being produced. In the meantime Best practices
(keep it simple, do not reinvent the wheel)
Standards
(formalized compatibilities and best practices)
Legislation
(rules of what is not permitted)
Compliance
(with each of the above)
E. Gelbstein A. Kamal
4 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www.happyhacker.org
E. Gelbstein A. Kamal
6 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www.issa.org
E. Gelbstein A. Kamal
7 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www.sans.org
E. Gelbstein A. Kamal
8 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www.itsmf.com
E. Gelbstein A. Kamal
9 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www.itil-itsm-world.com/security.htm
E. Gelbstein A. Kamal
10 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www.gigaweb.com
E. Gelbstein A. Kamal
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
12 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
13 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
Standards
Formalized definitions that ensure compatibility
De-jure
From Organizations whose mandate is to define standards
De-facto
Usually from vendors Useful and ubiquitous
14 of 44
E. Gelbstein A. Kamal
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
15 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
Examples follow
E. Gelbstein A. Kamal
16 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
17 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
18 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
19 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
20 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
21 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
Older definitions require the offender to take an item of another persons property Fraud Under some legislation, it requires deception of a person (does NOT apply to a computer)
E. Gelbstein A. Kamal
22 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
Scope of cyber-legislation
Computer misuse Data protection Telecommunications interception National security and anti-terrorism Software copyrights and patents Search and seizure, criminal evidence Contractual obligations for suppliers
E. Gelbstein A. Kamal
(1)
23 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
Scope of cyber-legislation
Human rights: right to privacy, right to access Electronic contracts, taxation of e-commerce Censorship Obscene publications Protection of minors Consumer protection
E. Gelbstein A. Kamal
(2)
24 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
Scope of cyber-legislation
Organized crime in cyberspace On-line banking and money laundering Gambling in cyberspace Electronic signatures and certificats Defamation and libel in cyberspace National security and anti-terrorism
and much, much more Information Insecurity Part III: The Action Plan
(3)
E. Gelbstein A. Kamal
25 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
26 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
27 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
International Legislation
OECD: 1983-1985 - Criminalization of computer abuse Council of Europe (COE): 1985 - Work begins towards a convention on cyber-crime United Nations Congress on the Prevention of Crime In November 2001, formal signature by 33 countries of the COE Convention on Cybercrime
E. Gelbstein A. Kamal
28 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
29 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
Misgivings
Inidividual rights to privacy vs. extended surveillance powers granted to signatory countries Possilibity of personal data being transferred outside Europe to countries with less protective legislation Issuance of warrants seeking evidence and extradition Increased cost of e-business and place restrictions
E. Gelbstein A. Kamal
30 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
31 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
32 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
33 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www.giac.org
E. Gelbstein A. Kamal
34 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www.isc2.org
E. Gelbstein A. Kamal
35 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www.htcn.org
E. Gelbstein A. Kamal
36 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
37 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www.cfenet.com
E. Gelbstein A. Kamal
38 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www1.ifccfbi.gov/index.asp
E. Gelbstein A. Kamal
39 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
www.merchantfraudsquad.com
E. Gelbstein A. Kamal
40 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
E. Gelbstein A. Kamal
41 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
42 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
Moving forward
Recommendations for immediate action purpose: help those not yet ready Work to be done purpose: avoid procrastination and develop a Law of Cyberspace before it is too late
E. Gelbstein A. Kamal
43 of 44
Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc
Recommendations
1. Become aware of the Information Insecurity problem 2. Devise an information security strategy 3. Implement remedial procedures immediately 4. Seek professional help without delay 5. Identify the gaps in your countrys legislation 6. Encourage the United Nations to embark urgently on a Law of Cyberspace
E. Gelbstein A. Kamal
44 of 44