Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Cyber Security College Workshop

75 vues

Publié le

Cyber Security is: “Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.”

Publié dans : Formation
  • Soyez le premier à commenter

Cyber Security College Workshop

  1. 1. Workshop on Cyber Security Niks Technology Private Limited By: Dr. Rahul Nayan
  2. 2. Cyber Space: The Global Room Today A science fiction writer coined the useful term "cyberspace" in 1982. But the territory in question, the electronic frontier, is about a hundred and thirty years old. Cyberspace is the "place" where a telephone conversation appears to occur. Not inside your actual phone, the plastic device on your desk. This "place“ is not "real," but it is serious, it is earnest. Tens of thousands of people have dedicated their lives to it, to the public service of public communication by wire and electronics. Cyberspace today is a "Net," a "Matrix," international in scope and growing swiftly and steadily. It's growing in size, and wealth, and political importance. People have met there and been married there. There are entire living communities in cyberspace today; chattering, gossiping, planning, conferring and scheming, leaving one another voice-mail and electronic mail, giving one another big weightless chunks of valuable data, both legitimate and illegitimate. They busily pass one another computer software and the occasional festering computer virus. Niks Technology Private Limited
  3. 3. Niks Technology Private Limited Cyber Security Defined  Cyber Security’s goal: Protect our information and information systems  Cyber Security is: “Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.”
  4. 4. The CIA and N • Confidentiality: Safeguards information from being accessed by individuals without the proper clearance, access level, and need to know. • Integrity: Results from the protection of unauthorized modification or destruction of information. • Availability: Information services are accessible when they are needed. Authentication means a security measure that establishes the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information. • Non-repudiation: Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data. Niks Technology Private Limited
  5. 5. Sensitive Data  Information is considered sensitive if the loss of Confidentiality, Integrity, or Availability could be expected to have a serious, severe, or catastrophic adverse effect on organizational operations, organizational assets, or individuals.  Types of sensitive information include:  Personnel  Financial  Payroll  Medical  Privacy Act information. Niks Technology Private Limited
  6. 6. The Bottom Line • The Internet already has triggered challenging questions about the applicability of case precedent and legal models for Internet-mediated communications and commerce. • At the macro-level, the Internet affects broad, almost metaphysical concepts like matter, distance, time and space. • At the micro-level, it directly impacts how we communicate, educate, entertain and transact business. Niks Technology Private Limited
  7. 7. Assets  Financial Data  Personal information  Critical design information  System control functions for Dams etc.  Proprietary data Niks Technology Private Limited
  8. 8. Threats  Hackers, crackers  Black hats and White hats  Criminals and Terrorists  Russian invasion of Georgia  War Driving  Social engineering Niks Technology Private Limited
  9. 9. Threat Characteristics Niks Technology Private Limited
  10. 10. Internal Threats  Unauthorized access  Accidental access  Negligence Niks Technology Private Limited
  11. 11. External Threats  Hackers, crackers, script kiddies  Freelance information brokers  Competitive espionage Niks Technology Private Limited
  12. 12. Cyber Terrorism & Cyber Crime  Cyber Terrorism focuses on controlling critical infrastructure  Cyber Crime focuses on competitive advantage and financial gain. Niks Technology Private Limited
  13. 13. Vulnerabilities  Hardware  Unsecured Wi-Fi  No Router  Router with default password  Software  No anti-virus/anti-spyware  No Firewall  Old virus definitions  Out of date Windows O.S.  Personal Behaviour  Failure to use strong passwords  Clicking on unsafe links or emails  Downloading questionable files  Leaving computer logged on  Leaving your computer accessible Niks Technology Private Limited
  14. 14. Vulnerability Assessments Blue Team  Physical security assessment  Includes an IT component Red Team  Penetration testing  Off site script run against IT system  Post assessment report identifying Niks Technology Private Limited
  15. 15. Types of Malware  Viruses  Worms  Wabbits  Trojans  Spyware  Backdoors  Exploits  Rootkit  Key loggers  Dialler's  URL Injectors  Adware Niks Technology Private Limited
  16. 16. TROJANS: The chief of VIRUSES (Vital Information Resource Under Seize) Trojans are small programs that effectively give “hackers” remote control over your entire Computer. Some common features with Trojans are as follows:  Open your DVD-ROM drive  Capture a screenshot of your computer  Record your key strokes and send them to the “Hacker”  Full Access to all your drives and files  Ability to use your computer as a bridge to do other hacking related activities.  Disable your keyboard  Disable your mouse…and more! Niks Technology Private Limited
  17. 17. Hackers: Breaches • Headlines – Ashley Madison 2015: Many use same passwords, spear phishing campaigns, blackmail targets – Twitter: 32 Million – Yahoo: 500 Million (LinkedIn, Amazon, Facebook, Credit Cards, ) – Security cameras, breach-able appliances, access control systems – Malware found on all platforms including Apple – 9 million new signatures of malware in July 2018 Niks Technology Private Limited
  18. 18. Attack Vectors  Hacking (Data theft, corporate espionage, identity theft)  Social Engineering (Spear Phishing, Phishing, traditional SE)  Internal attacks: Unauthorized access and access control  Cloud Attacks and Breaches (Dropbox, iCloud, OneDrive, Etc.)  Virus/Malware/Botnet  Ransomware and Extortion Niks Technology Private Limited
  19. 19. Legacy Gateway Security Implementation Niks Technology Private Limited
  20. 20. Modern Security Implementation Niks Technology Private Limited
  21. 21. ULTIMATE PREVENTION: CURE Niks Technology Private Limited  Firewalls  Anti Virus  Cyber Hygiene  Access Control  Data Security and Information Protection  Protective Technology  Boundary Defense and Network Separation  Configuration Management  Training
  22. 22. 10 Driving Principles of the New Economy  Matter—law involves the processing of information and the Internet provides a comparatively superior medium for some applications.  Space—the Internet transcends distance and provides a major new promotional medium.  Time—Internet time moves faster than we’d like.  People—brain power and people skills matter particularly in an Internet-mediated world.  Growth—the Internet can fuel market expansion.  Value—Web pages offer prospective clients access to helpful general information and for existing clients a portal to a some of a firm’s assets.  Efficiency—consider whether and how e-mail enhances productivity.  Markets—the Internet makes markets more porous and more easily customized.  Transactions—with modification, the Internet can provide a medium for commerce.  Impulse—the Internet reduces the time between sales pitch and transaction. Niks Technology Private Limited
  23. 23. Cybersecurity Risk Management, Risk Assessment and Asset Evaluation Niks Technology Private Limited
  24. 24. Cybersecurity Plans and Strategies, Establishing Priorities, Organizing Roles and Responsibilities Niks Technology Private Limited
  25. 25. Technology Trends  The Internet provides a “virtual” medium for communications and commerce that transcends many of the limitations in the physical world.  This presents a mixed blessing: the capacity to achieve near parity with competitors located any place, offset by expectations and the complexity in doing business across jurisdictions.  We must ascend new learning curves and make sizeable equipment investments to accrue efficiency and productivity gains. Niks Technology Private Limited
  26. 26. Marketplace Trends  The Internet reduces market entry barriers.  It provides a new medium, that can reduce transaction costs and promote “frictionless” commerce.  It can eliminate intermediaries that do not add sufficient value (“disintermediation”), but it also can create new opportunities, e.g., content portals, auctioneers and B2B brokers.  It reduces comparative and competitive disadvantages based on location alone.  It offers the promise of faster, better, smarter, cheaper and more convenient services. Niks Technology Private Limited
  27. 27. Business in the 21st Century  All businesses in 21st century will be more and more knowledge based. IT will be a strong enabler for the business  Businesses will stick to their core competencies  Logistics will be critical  Layers of management structures will shrink  Changing Business Relationships  And the Cyber Security shall be a concern for all…. Niks Technology Private Limited
  28. 28. How business will be done in the 21st Century • Deal with well informed customers with high service standards expectation • Paperless Offices and work flow based execution • Business at any hour • Virtual Showrooms and Teleshopping • And again the Cyber Security shall be a concern for all…………. Niks Technology Private Limited
  29. 29. How the Internet Affects the Law  Internet mediation does not necessarily foreclose the application of preexisting laws; something unlawful, regulated or licensed does not become lawful, unregulated and unlicensed simply through Internet-mediation.  The trans border nature of Internet commerce and communications challenges national sovereignty and the jurisdictional reach of laws and regulations.  Technological innovations, coupled with the global reach of the Internet, threaten the viability of laws including ones protecting intellectual property, privacy and consumers. Niks Technology Private Limited
  30. 30. What is Cyber Law ? Cyber law is a generic term which refers to all the legal and regulatory aspects of Information Technology in the Cyber space Anything related to or concerning any activity of netizens and others, within Cyberspace comes within the ambit of Cyber law A vibrant and effective regulatory mechanism is crucial for the success of e-Commerce Niks Technology Private Limited
  31. 31. The Information Technology Act 2000  India is the 13th country to pass legislation on Information Technology.  The I.T. Act received the President’s sanction on 9th June, 2000.The I.T. Act is effective from 17th October, 2000. Niks Technology Private Limited
  32. 32. Salient Features of I.T Act  Computer data accorded legal sanctity  Certifying Authorities for Digital Signature established  Digital Signature recognized  Cyber crimes to invite tough penalties  E-Governance  Police Authorities given powers of enforcement  Appellate authorities set up Niks Technology Private Limited
  33. 33. Legal Recognition For Electronic Records  An electronic data will be considered as a valid evidence in the court of law.  The following conditions have to be satisfied: The information contained in the data is accessible for subsequent use or reference. The electronic record is retained or reproducible in the format in which it was originally generated, sent or received Facilitate identification of the origin, date and time of dispatch or receipt of such electronic record. Niks Technology Private Limited
  34. 34. Digital Certificate  A Digital Certificate is an “electronic card” that establishes one’s credentials when doing business or other transactions on the web. Issuing Authority  Certifying Authority is a person to whom a license has been granted to issue a Digital Certificate which is used to create public-private key pairs and digital signatures. Niks Technology Private Limited
  35. 35. Eligibility criteria for Certifying Authorities  An individual being a citizen of India, who has a capital of Rs 5 crores in his business or profession  A company with a paid up capital of Rs 5 crores and net worth not less than Rs 50 crores and with a foreign holding of not more than 49 %  A firm with capital of all partners exceeding 5 crores and net worth exceeding Rs 50 crores Niks Technology Private Limited
  36. 36. Digital Signature  A digital signature is a digital code that can be attached to an electronically transmitted message to uniquely identify the stranger.  Unlike a handwritten signature, a digital signature binds the content of a message to the signer in such a way that if even one bit in the message changes enroute, the signature will not verify at the other end. Niks Technology Private Limited
  37. 37. Authentication of Digital Signatures  Any subscriber (a person in whose name digital signature is issued)may authenticate an electronic record by affixing his digital signature  A Digital Signature is secure if it has the following attributes : Unique to subscriber affixing it Capable of identifying such subscriber Created in an manner or using means under the exclusive control of the subscriber Niks Technology Private Limited
  38. 38. Duties of the Subscriber  Subscriber to generate the key pair by using the prescribed security procedure  Subscriber to exercise reasonable care to retain control over the private key  Cannot refute a document to which his signature is affixed as not sent by him using his private key Niks Technology Private Limited
  39. 39. Revocation of Digital Signature Certificate  Upon request made by a subscriber  Upon the death by a subscriber  Upon dissolution of firm or company  Requirements for issuance of digital signature not fulfilled by subscriber Niks Technology Private Limited
  40. 40. Cyber Crimes What is Cyber Crime? All activities done with criminal intent in Cyber space. These could be either the criminal activities in the conventional sense or could be activities, newly evolved with growth of new medium. Niks Technology Private Limited
  41. 41. Major Cybercrimes  Unauthorized access to a computer system  Unauthorized access to data or information  Introduces or causes to introduce viruses  Tampering with computer source documents  Cause Damage to Computer system or causes any disruption  Denies access to any person authorized to access the computer system  Spread of viruses  Uses or down loads un-licensed software  Hacking  Publishing obscene information  Breach of confidentiality and privacy  Cyber Squatting  Spread of viruses Niks Technology Private Limited
  42. 42. Cybersecurity The cost and risks of cyber attacks are increasing Niks Technology Private Limited Cyber Threat Landscape • Cybersecurity events and costs are increasing: – 79% of survey respondents detected a security incident in the past 12 months – Average total cost of a data breach increased 23% over the past two years – Average cost paid for each lost / stolen record increased 6% Industry Outlook • Data breaches are expected to reach $2.1 trillion globally by 2019 • 76% of survey respondents were more concerned about cybersecurity threats than in previous 12 months: – Increase from 59% in 2014 Reputational Risk • An IT security breach can have serious implications in how a company is perceived: – 46% of companies suffered damage to reputation & brand value due to a security breach – 19% of companies suffered damage to reputation & brand value due to a third-party security breach or IT system failure • The risk of losing customer trust is significant and rising: – 82% of customers would consider leaving an institution that suffered a data breach
  43. 43. CYBERLAWS FOR E-COMMERCE  Cybercrimes are on the increase.  Cybercrimes can be said to be of three categories : 1. Cybercrime against property 2. Cybercrime against persons 3. Cybercrime against nations Niks Technology Private Limited
  44. 44. Special Provisions for ISPs  Service Providers considered as intermediaries  ISPs – Internet Service Providers to maintain log of all their customers and the sites they have visited. For this special software is required to be installed.  Such data to be produced on demand by ISPs to any enquiry officer Niks Technology Private Limited
  45. 45. IT ACT,2000- OBJECTS  Aims to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication commonly referred to as electronic commerce which involve the alternatives to paper based methods of communication and storage of information.  To facilitate electronic filing of documents with Government agencies .  To amend four laws of the country, The Indian Penal Code, The Indian Evidence Act, 1872, The Bankers Book Evidence Act, 1881 and The Reserve Bank of India Act, 1934. Niks Technology Private Limited
  46. 46. HACKING  Hacking has been made a penal offence punishable with imprisonment and fine.  “ Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking” Niks Technology Private Limited
  47. 47. SEARCH ENGINE ISSUES  In case, if your website has a search facility or a search engine, specific declaration about the same needs to be given on the homepage.  Express disclaiming statements need to be given that search engine is only spidering the web for the requested query on the basis of the relevant technology and that the website, owners and administrators are not liable in any manner whatsoever in any event or for any cause whatsoever for the search results. Niks Technology Private Limited
  48. 48. Strategic Forces Shaping Cyber Significant Cyber Events in 2018 Niks Technology Private Limited 2018 Events Social Media Infrastructure & Government HealthcareHospitality Business
  49. 49. The Threat Landscape Niks Technology Private Limited • Impact: Costly regulatory inquiries and penalties, consumer and shareholder lawsuits, loss of consumer confidence • Motivation: Financial gain • 2017 Outlook: Cyber-extortion will continue to rise • Impact: Competitive advantage, trade secret disclosure, operational disruption, brand and reputation • Motivation: Personal advantage, monetary gain, professional revenge, patriotism • 2017 Outlook: More organizations will implement insider threat mitigation programs and processes • Impact: Disruption of business activities, brand and reputation, loss of consumer confidence • Motivation: Negatively impact reputation, drive attention to a cause, pressure for change • 2017 Outlook: Expected to escalate attack methods with high- profile data breaches • Impact: loss of competitive advantage, disruption to critical infrastructure • Motivation: Economic, political, and/or military advantage • 2017 Outlook: Will continue to strengthen their defensive and offensive cyber skills
  50. 50. Future in Cyber Security  2.5 Million Cyber Security Job Openings globally in 2019. Niks Technology Private Limited
  51. 51. Launch Nation wide information security campaign: Information on cyber security related aspects is the concern of all the computer network / Internet users. Thus, the Government should take appropriate steps to inform the public about cyber security in a well-organized manner. This could be done by organizing workshops / trainings, regular discussions / talks on TV during prime time, publishing articles etc. in the leading newspapers on cyber security and counter security aspects. What is needed today is …… Niks Technology Private Limited
  52. 52. Let us all come together to prevent Cyber Crime, as TOGETHER WE CAN. Thankyou for the kind support. NiksTechnology wishes youall a QUALITYOF WORKLIFEAHEAD. Niks Technology Private Limited