SlideShare une entreprise Scribd logo

Information Security Challenges & Opportunities

Télécharger en tant que PPT, PDF
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master

Presentation given in August 2008, at the Launch of Secure Pakistan Initiative by NetSol Technologies Inc.

Technologie
1  sur  26
1 Information Security Challenges and Opportunities M. Faisal Naqvi, CISSP, CISA MS (E-Com) Gold (PU), CMA inter (ICMA) 27001 A (IRCA, UK), 27001 Implr (IT Gov, UK) Associate Member of Business Continuity Institute Senior Consultant – Information Security
© 2008 NetSol Technologies, Inc. All rights reserved Information Security (A-I-C)  Availability  Integrity  Confidentiality
© 2008 NetSol Technologies, Inc. All rights reserved Dependence on IT  Almost every Government Department  Banks including ATM network, Stock Exchanges & Brokers  Telecommunication & Mobile Companies  Electronic and Print Media  Software houses and Call centers  Other Private companies including MNCs
© 2008 NetSol Technologies, Inc. All rights reserved Challenges to Information Availability  ATM Network/Credit Card  Mobile Network/Mobile Card Charging Sys  Call Centers  TV Channels  Internet Service Provider  Stock Exchange Application
© 2008 NetSol Technologies, Inc. All rights reserved Attacks on Availability of Information  Denial of Service (DoS) Attacks  Distributed DoS (D-DoS) Attacks  Malicious act by disgruntled employee  Power Failure  Natural/Man-made Disasters like Fire, Flood, Storm, Earthquake, Strike and Terrorism
© 2008 NetSol Technologies, Inc. All rights reserved Challenges to Information Integrity  Balance of Rs.9,000/- in bank is changed to Rs.9,000,000/-  Tempering of NADRA records  Changing CSS exam results  Changing ownership of Vehicle / Land in E-Records  Tempering Share Prices of Stock  Phishing  Electronic Stalking  Salami Attacks
© 2008 NetSol Technologies, Inc. All rights reserved Attacks on Information Integrity  Hacking  SQL injection  Insiders / Employees  Weak cryptographic algorithms  Buffer overflow  Malicious Code
© 2008 NetSol Technologies, Inc. All rights reserved Challenges to Confidentiality of Information  Source Code/Trade Secret Theft  Tenders Quotation Disclosure  Clients Information Stealing  Govt. Sensitive Information Leakage  Mobile Usage and Personal Information  Online Bank Account Password  ATM Pins
© 2008 NetSol Technologies, Inc. All rights reserved Attacks on Confidentiality of Information  Employees  Social Engineering  Hacking  SQL Injection  Key Loggers (software/hardware)
© 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins
© 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
© 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
© 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
© 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
© 2008 NetSol Technologies, Inc. All rights reserved How to Overcome these challenges  Pro-active approach rather than Reactive  Preventive Controls rather than Corrective
© 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Availability of Information  Firewalls  Intrusion Detection Systems  Intrusion Prevention Systems  Anomaly Detection Systems  Antivirus  Business Continuity Management  Disaster Recovery Planning
© 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Integrity of Information  Application Security  Segregation and Rotation of Duties  Strong Cryptography  Access Control  Application Vulnerability Assessment  Application Penetration Testing
© 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Confidentiality of Information  Access Control  Training and Awareness  Anti spy ware  Extrusion Prevention Systems
© 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security  Strength of overall Information Security is not more than one weakest element  Need for a system which can ensure the A-I-C in a comprehensive manner  ISO-27001 Information Security Management System (ISMS)  ISMS 133 countermeasures to control all possible Threats and Vulnerabilities
© 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security  Periodic Audits and Assessments through independent neutral organizations  Vulnerability Assessments  Penetration Tests through Ethical Hackers
© 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security by Govt.  Electronic Transaction Ordinance (ETO), 2002  Prevention of Electronic Crime Ordinance (PECO) 2007  National Response Centre for Cyber Crimes (NR3C), FIA  Information & Communication Technology (ICT) Tribunals
© 2008 NetSol Technologies, Inc. All rights reserved Electronic Transaction Ordinance 36. Violation of privacy of information Protects Confidentiality 37. Damage to information system, etc. Protects Integrity and Availability
© 2008 NetSol Technologies, Inc. All rights reserved Prevention of Electronic Crime Ordinance (Crimes) 3. Criminal Access 4. Criminal Data Access 5. Data Damage 6. System Damage 7. Electronic Fraud 8. Electronic Forgery 9. Misuse of Electronic System or Device 10. Unauthorized access to code
© 2008 NetSol Technologies, Inc. All rights reserved Prevention of Electronic Crime Ordinance 11. Misuse of Encryption 12. Malicious Code 15. Cyber Stalking 16. Spamming 17. Spoofing 18. Unauthorized interception 19. Cyber Terrorism 20. Enhanced punishment for offences involving electronic systems
© 2008 NetSol Technologies, Inc. All rights reserved ?
© 2008 NetSol Technologies, Inc. All rights reserved Thank You

Recommandé

WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
 
Data security
Data securityData security
Data securityForeSolutions
 
Physical security
Physical securityPhysical security
Physical securityTariq Mahmood
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1Kabul Education University
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 

Recommandé

WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
 
Data security
Data securityData security
Data securityForeSolutions
 
Physical security
Physical securityPhysical security
Physical securityTariq Mahmood
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1Kabul Education University
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityimtnoida112
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMostafa Elgamala
 
Cyber security
Cyber securityCyber security
Cyber securitySajid Hasan
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Cyber security & Data Protection
Cyber security & Data ProtectionCyber security & Data Protection
Cyber security & Data ProtectionDr. Hemant Kumar Singh
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitysanjana mun
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1ShivamSharma909
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Online Security
Online SecurityOnline Security
Online SecurityMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 

Contenu connexe

Tendances

Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitysanjana mun
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1ShivamSharma909
 

Tendances (20)

Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
Cyber security & Data Protection
Cyber security & Data ProtectionCyber security & Data Protection
Cyber security & Data Protection
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
Information security
Information securityInformation security
Information security
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1
 

En vedette

Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Threats vs. Vulnerabilities
Threats vs. Vulnerabilities Threats vs. Vulnerabilities
Threats vs. Vulnerabilities Roger Johnston
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityAVG Technologies AU
 
New Threats to Data Security
New Threats to Data SecurityNew Threats to Data Security
New Threats to Data SecurityDriveSavers, Inc.
 
Threats to online security and data
Threats to online security and dataThreats to online security and data
Threats to online security and dataAnthonywheeler
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityAVG Technologies AU
 
Iso osi and tcp-ip reference models
Iso osi and tcp-ip reference modelsIso osi and tcp-ip reference models
Iso osi and tcp-ip reference modelsbhavanatmithun
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecuritysommerville-videos
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
Earthquake and risk mitigation
Earthquake and risk mitigationEarthquake and risk mitigation
Earthquake and risk mitigationAtiqa khan
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesPraveen Vackayil
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsChromeInfo Technologies
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 

En vedette (20)

Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
Online Security
Online SecurityOnline Security
Online Security
 
Application Security
Application SecurityApplication Security
Application Security
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Threats vs. Vulnerabilities
Threats vs. Vulnerabilities Threats vs. Vulnerabilities
Threats vs. Vulnerabilities
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
 
New Threats to Data Security
New Threats to Data SecurityNew Threats to Data Security
New Threats to Data Security
 
Threats to online security and data
Threats to online security and dataThreats to online security and data
Threats to online security and data
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online Security
 
Iso osi and tcp-ip reference models
Iso osi and tcp-ip reference modelsIso osi and tcp-ip reference models
Iso osi and tcp-ip reference models
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Earthquake and risk mitigation
Earthquake and risk mitigationEarthquake and risk mitigation
Earthquake and risk mitigation
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging Technologies
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of Things
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Yox
YoxYox
Yox
 

Similaire à Information Security Challenges & Opportunities

Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Mukesh Chinta
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
CCNAv5 - S1: Chapter 1 Exploring The Network
CCNAv5 - S1: Chapter 1 Exploring The NetworkCCNAv5 - S1: Chapter 1 Exploring The Network
CCNAv5 - S1: Chapter 1 Exploring The NetworkVuz Dở Hơi
 
Itninstructorpptchapter1final 141024004546-conversion-gate02
Itninstructorpptchapter1final 141024004546-conversion-gate02Itninstructorpptchapter1final 141024004546-conversion-gate02
Itninstructorpptchapter1final 141024004546-conversion-gate02Mustapha Kohili
 
Chapter 1 : Exploring the Network
Chapter 1 : Exploring the NetworkChapter 1 : Exploring the Network
Chapter 1 : Exploring the Networkteknetir
 
Chapter 01 - Exploring the Network
Chapter 01 - Exploring the NetworkChapter 01 - Exploring the Network
Chapter 01 - Exploring the NetworkYaser Rahmati
 
ITN_instructorPPT_Chapter1.pptx
ITN_instructorPPT_Chapter1.pptxITN_instructorPPT_Chapter1.pptx
ITN_instructorPPT_Chapter1.pptxsirajmohammed35
 
Ccna v5-S1-Chapter 1
Ccna v5-S1-Chapter 1Ccna v5-S1-Chapter 1
Ccna v5-S1-Chapter 1Hamza Malik
 
CCNA RS_NB - Chapter 1
CCNA RS_NB - Chapter 1CCNA RS_NB - Chapter 1
CCNA RS_NB - Chapter 1Irsandi Hasan
 
Itn instructor ppt_chapter1 - exploring the network
Itn instructor ppt_chapter1 - exploring the networkItn instructor ppt_chapter1 - exploring the network
Itn instructor ppt_chapter1 - exploring the networkjoehurst87
 
CCNA RS_ITN - Chapter 1
CCNA RS_ITN - Chapter 1CCNA RS_ITN - Chapter 1
CCNA RS_ITN - Chapter 1Irsandi Hasan
 
Itn instructor ppt_chapter1 exploring the network smartskills
Itn instructor ppt_chapter1 exploring the network smartskillsItn instructor ppt_chapter1 exploring the network smartskills
Itn instructor ppt_chapter1 exploring the network smartskillsTiago Monteiro
 
Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Bonagiri Rajitha
 
Cisco Cyber Essentials - Instructor materials.ppt
Cisco Cyber Essentials - Instructor materials.pptCisco Cyber Essentials - Instructor materials.ppt
Cisco Cyber Essentials - Instructor materials.pptjdenbryston
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Leonardo
 

Similaire à Information Security Challenges & Opportunities (20)

Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8
 
386sum08ch8
386sum08ch8386sum08ch8
386sum08ch8
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
 
CCNAv5 - S1: Chapter 1 Exploring The Network
CCNAv5 - S1: Chapter 1 Exploring The NetworkCCNAv5 - S1: Chapter 1 Exploring The Network
CCNAv5 - S1: Chapter 1 Exploring The Network
 
Itninstructorpptchapter1final 141024004546-conversion-gate02
Itninstructorpptchapter1final 141024004546-conversion-gate02Itninstructorpptchapter1final 141024004546-conversion-gate02
Itninstructorpptchapter1final 141024004546-conversion-gate02
 
Chapter 1 : Exploring the Network
Chapter 1 : Exploring the NetworkChapter 1 : Exploring the Network
Chapter 1 : Exploring the Network
 
Chapter 01 - Exploring the Network
Chapter 01 - Exploring the NetworkChapter 01 - Exploring the Network
Chapter 01 - Exploring the Network
 
Network security
Network securityNetwork security
Network security
 
ITN_instructorPPT_Chapter1.pptx
ITN_instructorPPT_Chapter1.pptxITN_instructorPPT_Chapter1.pptx
ITN_instructorPPT_Chapter1.pptx
 
ITN_instructorPPT_Chapter1.pptx
ITN_instructorPPT_Chapter1.pptxITN_instructorPPT_Chapter1.pptx
ITN_instructorPPT_Chapter1.pptx
 
Ccna v5-S1-Chapter 1
Ccna v5-S1-Chapter 1Ccna v5-S1-Chapter 1
Ccna v5-S1-Chapter 1
 
CCNA RS_NB - Chapter 1
CCNA RS_NB - Chapter 1CCNA RS_NB - Chapter 1
CCNA RS_NB - Chapter 1
 
Ccna routing and_switching_chapter-1-2-3_mme
Ccna routing and_switching_chapter-1-2-3_mmeCcna routing and_switching_chapter-1-2-3_mme
Ccna routing and_switching_chapter-1-2-3_mme
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
 
Itn instructor ppt_chapter1 - exploring the network
Itn instructor ppt_chapter1 - exploring the networkItn instructor ppt_chapter1 - exploring the network
Itn instructor ppt_chapter1 - exploring the network
 
CCNA RS_ITN - Chapter 1
CCNA RS_ITN - Chapter 1CCNA RS_ITN - Chapter 1
CCNA RS_ITN - Chapter 1
 
Itn instructor ppt_chapter1 exploring the network smartskills
Itn instructor ppt_chapter1 exploring the network smartskillsItn instructor ppt_chapter1 exploring the network smartskills
Itn instructor ppt_chapter1 exploring the network smartskills
 
Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)
 
Cisco Cyber Essentials - Instructor materials.ppt
Cisco Cyber Essentials - Instructor materials.pptCisco Cyber Essentials - Instructor materials.ppt
Cisco Cyber Essentials - Instructor materials.ppt
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
 

Plus de Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master

Plus de Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master (10)

Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies Army
 
E commerce Security for end Users
E commerce Security for end UsersE commerce Security for end Users
E commerce Security for end Users
 
Role of Certification Authority in E-Commerce
Role of Certification Authority in E-CommerceRole of Certification Authority in E-Commerce
Role of Certification Authority in E-Commerce
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
 
Recent PCI Hacks
Recent PCI HacksRecent PCI Hacks
Recent PCI Hacks
 
Integrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsIntegrating Multiple IT Security Standards
Integrating Multiple IT Security Standards
 
Asset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & ControlAsset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & Control
 
Response To Criticism On E Crime Law
Response To Criticism On E Crime LawResponse To Criticism On E Crime Law
Response To Criticism On E Crime Law
 

Dernier

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 

Dernier (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Information Security Challenges & Opportunities

  • 1. 1 Information Security Challenges and Opportunities M. Faisal Naqvi, CISSP, CISA MS (E-Com) Gold (PU), CMA inter (ICMA) 27001 A (IRCA, UK), 27001 Implr (IT Gov, UK) Associate Member of Business Continuity Institute Senior Consultant – Information Security
  • 2. © 2008 NetSol Technologies, Inc. All rights reserved Information Security (A-I-C)  Availability  Integrity  Confidentiality
  • 3. © 2008 NetSol Technologies, Inc. All rights reserved Dependence on IT  Almost every Government Department  Banks including ATM network, Stock Exchanges & Brokers  Telecommunication & Mobile Companies  Electronic and Print Media  Software houses and Call centers  Other Private companies including MNCs
  • 4. © 2008 NetSol Technologies, Inc. All rights reserved Challenges to Information Availability  ATM Network/Credit Card  Mobile Network/Mobile Card Charging Sys  Call Centers  TV Channels  Internet Service Provider  Stock Exchange Application
  • 5. © 2008 NetSol Technologies, Inc. All rights reserved Attacks on Availability of Information  Denial of Service (DoS) Attacks  Distributed DoS (D-DoS) Attacks  Malicious act by disgruntled employee  Power Failure  Natural/Man-made Disasters like Fire, Flood, Storm, Earthquake, Strike and Terrorism
  • 6. © 2008 NetSol Technologies, Inc. All rights reserved Challenges to Information Integrity  Balance of Rs.9,000/- in bank is changed to Rs.9,000,000/-  Tempering of NADRA records  Changing CSS exam results  Changing ownership of Vehicle / Land in E-Records  Tempering Share Prices of Stock  Phishing  Electronic Stalking  Salami Attacks
  • 7. © 2008 NetSol Technologies, Inc. All rights reserved Attacks on Information Integrity  Hacking  SQL injection  Insiders / Employees  Weak cryptographic algorithms  Buffer overflow  Malicious Code
  • 8. © 2008 NetSol Technologies, Inc. All rights reserved Challenges to Confidentiality of Information  Source Code/Trade Secret Theft  Tenders Quotation Disclosure  Clients Information Stealing  Govt. Sensitive Information Leakage  Mobile Usage and Personal Information  Online Bank Account Password  ATM Pins
  • 9. © 2008 NetSol Technologies, Inc. All rights reserved Attacks on Confidentiality of Information  Employees  Social Engineering  Hacking  SQL Injection  Key Loggers (software/hardware)
  • 10. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins
  • 11. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  • 12. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  • 13. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  • 14. © 2008 NetSol Technologies, Inc. All rights reserved Getting ATM cards & pins (cont…)
  • 15. © 2008 NetSol Technologies, Inc. All rights reserved How to Overcome these challenges  Pro-active approach rather than Reactive  Preventive Controls rather than Corrective
  • 16. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Availability of Information  Firewalls  Intrusion Detection Systems  Intrusion Prevention Systems  Anomaly Detection Systems  Antivirus  Business Continuity Management  Disaster Recovery Planning
  • 17. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Integrity of Information  Application Security  Segregation and Rotation of Duties  Strong Cryptography  Access Control  Application Vulnerability Assessment  Application Penetration Testing
  • 18. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure Confidentiality of Information  Access Control  Training and Awareness  Anti spy ware  Extrusion Prevention Systems
  • 19. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security  Strength of overall Information Security is not more than one weakest element  Need for a system which can ensure the A-I-C in a comprehensive manner  ISO-27001 Information Security Management System (ISMS)  ISMS 133 countermeasures to control all possible Threats and Vulnerabilities
  • 20. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security  Periodic Audits and Assessments through independent neutral organizations  Vulnerability Assessments  Penetration Tests through Ethical Hackers
  • 21. © 2008 NetSol Technologies, Inc. All rights reserved Opportunities to ensure overall Information Security by Govt.  Electronic Transaction Ordinance (ETO), 2002  Prevention of Electronic Crime Ordinance (PECO) 2007  National Response Centre for Cyber Crimes (NR3C), FIA  Information & Communication Technology (ICT) Tribunals
  • 22. © 2008 NetSol Technologies, Inc. All rights reserved Electronic Transaction Ordinance 36. Violation of privacy of information Protects Confidentiality 37. Damage to information system, etc. Protects Integrity and Availability
  • 23. © 2008 NetSol Technologies, Inc. All rights reserved Prevention of Electronic Crime Ordinance (Crimes) 3. Criminal Access 4. Criminal Data Access 5. Data Damage 6. System Damage 7. Electronic Fraud 8. Electronic Forgery 9. Misuse of Electronic System or Device 10. Unauthorized access to code
  • 24. © 2008 NetSol Technologies, Inc. All rights reserved Prevention of Electronic Crime Ordinance 11. Misuse of Encryption 12. Malicious Code 15. Cyber Stalking 16. Spamming 17. Spoofing 18. Unauthorized interception 19. Cyber Terrorism 20. Enhanced punishment for offences involving electronic systems
  • 25. © 2008 NetSol Technologies, Inc. All rights reserved ?
  • 26. © 2008 NetSol Technologies, Inc. All rights reserved Thank You