Академический Документы
Профессиональный Документы
Культура Документы
perspective
8 Feb 2009
3
Innovation fostering the Growth of NGNs
• Smart devices
– Television
– Computers
– PDA
– Mobile Phone
(Single device to provide an end-to-end, seamlessly secure access)
• Application Simplicity
– Preference of single, simple and secure interface to access
applications or content
– Ubiquitous interface - web browser
• Flexible Infrastructure
DSL Router
Internet
Network
• Multiple Applications ` ` ` Infrastructure
Desktops
Branch
` ` `
Servers
Router Router
• Ubiquitous computing, networking and
mobility
• Embedded Computing Internet
• Security Unmanaged
• IPv6 Devices `
6
Challenges for Network Operator
• Business challenges include new Pricing
Structure, new relationship and new competitors.
Service Layer
Web Tier
Hosts service applications and provides a
framework for the creation of customer-focused
services provided by either operator or a third-party Service Provider
service provider Application
Backbone Network
Growing Concern
• Computing Technology has turned against us
Malicious
Identity Theft
Virus Code
(Phishing)
(Melissa)
13
Trends of Incidents
• Sophisticated attacks
– Attackers are refining their methods and consolidating assets to
create global networks that support coordinated criminal
activity
• Crimeware
– Targeting personal information for financial frauds
Source: Websense
Top originating countries – Malicious code
17
Three faces of cyber crime
• Organised Crime
• Terrorist Groups
• Nation States
18
Security of Information Assets
• Security of information & information assets is becoming a
major area of concern
• With every new application, newer vulnerabilities crop up,
posing immense challenges to those who are mandated to
protect the IT assets
• Coupled with this host of legal requirements and
international business compliance requirements on data
protection and privacy place a huge demand on
IT/ITES/BPO service organizations
• We need to generate ‘Trust & Confidence’
Challenges before the Industry
Model Followed Internationally
INFORMATION SECURITY
Security Policy
People
Regulatory Compliance
User Awareness Program
Access Control
Process Security Audit
Incident Response
Encryption, PKI
Technology Firewall, IPS/IDS
Antivirus
22
Cyber Security Strategy – India
• Security Policy, Compliance and Assurance – Legal Framework
– IT Act, 2000
– IT (Amendment) Bill, 2006 – Data Protection & Computer crimes
– Best Practice ISO 27001
– Security Assurance Framework- IT/ITES/BPO Companies
• Capacity building
– Skill & Competence development
– Training of law enforcement agencies and judicial officials in the collection and analysis of digital
evidence
– Training in the area of implementing information security in collaboration with Specialised
Organisations in US
• International Collaboration
Status of security and quality compliance
in India
• Quality and Security
– Large number of companies in India have aligned their
internal process and practices to international standards
such as
• ISO 9000
• CMM
• Six Sigma
• Total Quality Management
– Some Indian companies have won special recognition for
excellence in quality out of 18 Deming Prize winners for
Total Quality Management in the last five years, six are
Indian companies.
ISO 27001/BS7799 Information Security
Management
• Government has mandated implementation of
ISO27001 ISMS by all critical sectors
• ISMS 27001 has mainly three components
– Technology
– Process
– Incident reporting and monitoring
• 296 certificates issued in India out of 7735
certificates issued worldwide
• Majority of certificates issued in India belong to
IT/ITES/BPO sector
Information Technology – Security Techniques
Information Security Management System
Department of
Information ISP Hot Liners
Technology
Major ISPs
Private Sectors
Foreign Ptns
Home Users
Analysis
Dissemination
Press & TV /
Detect
Radio
Recovery
Distributed Honeypot Deployment
PC & End User Security: Auto Security Patch Update
Windows Security Patch Auto Update
Internet
`
ActiveX DL Server
Internet
PSTN