尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

Indian perspective of cyber security

Download as PPT, PDF
Aurobindo Nayak
Aurobindo Nayak

How does India stand in the perspective of global terrorism and does it have enough countermeasures to tackle the ever growing threat of cyber crime

Technology
1 of 33
Cyber Security : Indian perspective 3RD November 2010 Aurobindo Nayak Reg-No:0701288307 NMIET Branch-CSE
Web Sites (WWW) 1993 Web Invented and implemented 130 Nos. web sites 1994 2738 Nos. 1995 23500 Nos. 2007 550 Million Nos. 2008 850 Million Nos. Web Evolution
33 Internet Infrastructure in INDIA
Innovation fostering the Growth of NGNsInnovation fostering the Growth of NGNs Smart devices ◦ Television ◦ Computers ◦ PDA ◦ Mobile Phone (Single device to provide an end-to-end, seamlessly secure access) Application Simplicity ◦ Preference of single, simple and secure interface to access applications or content ◦ Ubiquitous interface - web browser Flexible Infrastructure Because of these areas of evolution, today’s NGNs are defined more by the services they support than by traditional demarcation of Physical Infrastructure.
The Emergence of NGNsThe Emergence of NGNs The communication network operating two years ago are father’s telecommunication Network. NGNs are teenager’s Network. No longer consumer and business accept the limitation of single-use device or network. Both individuals and Business want the ability to communicate, work and be entertained over any device, any time, anywhere. The demand of these services coupled with innovation in technology is advancing traditional telecommunication far outside its original purpose.
6 The Complexity of Today’s Network Changes Brought in IT • Large network as backbone for connectivity across the country • Multiple Service providers for providing links – BSNL, MTNL, Reliance, TATA, Rail Tel • Multiple Technologies to support network infrastructure CDMA, VSAT, DSL • Multiple Applications Router Internet Intranet Unmanaged Device New PC Internet Perimeter Network Branch Offices Remote Workers Home Users Unmanaged Devices Router RouterRouter Router Branch Offices Desktops Laptops Servers Extranet Servers Router Network Infrastructure Unmanaged Devices Perimeter Network Servers Trends shaping the future • Ubiquitous computing, networking and mobility • Embedded Computing • Security • IPv6 • VoIP
Challenges for Network OperatorChallenges for Network Operator Business challenges include new Pricing Structure, new relationship and new competitors. Technical challenges include migrating and integrating with new advances in technologies from fibre optics, installation of Wi-Fi support. Developing a comprehensive Security Policy and architecture in support of NGN services.
To Reap BenefitsTo Reap Benefits To reap benefits of NGN, the operator must address ◦ Technology ◦ Risk ◦ Security ◦ Efficiency
NGN ArchitectureNGN Architecture Identify Layer Compromises of end users owned by a telecom or a third-party service provider accessing services using devices like PC, PDA or mobile phone, to connect to the Internet Service Layer Hosts service applications and provides a framework for the creation of customer-focused services provided by either operator or a third-party service provider Network Layer Performs service execution, service management, network management and media control functions Connects with the backbone network InternetThird-Party Application Untrusted Web Tier Service Provider Application Service Delivery Platform (Service Provider ) Service Delivery Platform Common Framework Backbone Network Partly Trusted
Growing ConcernGrowing Concern  Computing Technology has turned against us  Exponential growth in security incidents ◦ Pentagon, US in 2007 ◦ Estonia in April 2007 ◦ Computer System of German Chancellory and three Ministries ◦ Highly classified computer network in New Zealand & Australia  Complex and target oriented software  Common computing technologies and systems  Constant probing and mapping of network systems 10
Cyber Threat EvolutionCyber Threat Evolution Virus Breaking Web Sites Malicious Code (Melissa) Advanced Worm / Trojan (I LOVE YOU) Identity Theft (Phishing) Organised Crime Data Theft, DoS / DDoS 1995 2000 2003-04 2005-06 2007-081977
Cyber attacks being observedCyber attacks being observed Web defacement Spam Spoofing Proxy Scan Denial of Service Distributed Denial of Service Malicious Codes ◦ Virus ◦ Bots Data Theft and Data Manipulation ◦ IdentityTheft ◦ Financial Frauds Social engineering Scams
13 Security Incidents reported during 2009
Trends of IncidentsTrends of Incidents Sophisticated attacks ◦ Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity Rise of Cyber Spying and Targeted attacks ◦ Mapping of network, probing for weakness/vulnerabilities Malware propagation through Website intrusion ◦ Large scale SQL Injection attacks like Asprox Botnet Malware propagation through Spam on the rise ◦ Storm worm, which is one of the most notorious malware programs seen during 2007-08, circulates through spam
Trends of IncidentsTrends of Incidents Phishing ◦ Increase in cases of fast-flux phishing and rock-phish ◦ Domain name phishing and Registrar impersonation Crimeware ◦ Targeting personal information for financial frauds Information Stealing through social networking sites Rise in Attack toolkits ◦ Toolkits like Mpack and Neospolit can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised sites
Global AttackTrendGlobal AttackTrend Source: Websense
17 Top originating countries – Malicious code
Three faces of cyber crimeThree faces of cyber crime Organised Crime Terrorist Groups Nation States 18
Security of Information AssetsSecurity of Information Assets Security of information & information assets is becoming a major area of concern With every new application, newer vulnerabilities crop up, posing immense challenges to those who are mandated to protect the IT assets Coupled with this host of legal requirements and international business compliance requirements on data protection and privacy place a huge demand on IT/ITES/BPO service organizations We need to generate ‘Trust & Confidence’
Challenges before the IndustryChallenges before the Industry
Model Followed InternationallyModel Followed Internationally Internationally, the general approach has been to have legal drivers supported by suitable verification mechanism. For example, in USA Legal drivers have been ◦ SOX ◦ HIPPA ◦ GLBA ◦ FISMA etc. In Europe, the legal driver has been the “Data Protection Act” supported by ISO27001 ISMS.
22 Confidentiality INFORMATION SECURITY Integrity Availability Authenticity Security Policy People Process Technology Regulatory Compliance Access Control Security Audit User Awareness Program Incident Response Firewall, IPS/IDS Encryption, PKI Antivirus Information Security Management
Cyber Security Strategy – India • Security Policy, Compliance and Assurance – Legal Framework – IT Act, 2000 – IT (Amendment) Bill, 2006 – Data Protection & Computer crimes – Best Practice ISO 27001 – Security Assurance Framework- IT/ITES/BPO Companies • Security Incident – Early Warning & Response – CERT-In National Cyber Alert System – Information Exchange with international CERTs • Capacity building – Skill & Competence development – Training of law enforcement agencies and judicial officials in the collection and analysis of digital evidence – Training in the area of implementing information security in collaboration with Specialised Organisations in US • Setting up Digital Forensics Centres – Domain Specific training – Cyber Forensics • Research and Development – Network Monitoring – Biometric Authentication – Network Security • International Collaboration
Status of security and quality compliance inStatus of security and quality compliance in IndiaIndia Quality and Security ◦ Large number of companies in India have aligned their internal process and practices to international standards such as  ISO 9000  CMM  Six Sigma  Total Quality Management ◦ Some Indian companies have won special recognition for excellence in quality out of 18 Deming Prize winners for Total Quality Management in the last five years, six are Indian companies.
ISO 27001/BS7799 Information SecurityISO 27001/BS7799 Information Security ManagementManagement Government has mandated implementation of ISO27001 ISMS by all critical sectors ISMS 27001 has mainly three components ◦ Technology ◦ Process ◦ Incident reporting and monitoring 296 certificates issued in India out of 7735 certificates issued worldwide Majority of certificates issued in India belong to IT/ITES/BPO sector
Information Technology – Security TechniquesInformation Technology – Security Techniques Information Security Management SystemInformation Security Management System World China Italy Japan Spain India USA ISO 9000 951486 210773 115309 73176 65112 46091 36192 (175 counties) 27001 7732 146 148 276 93 296 94
CERT-In Work ProcessCERT-In Work Process Department of Information Technology Department of Information Technology Detection Analysis Dissemination & Support Analysis Recovery Detect Dissemination ISP Hot Liners Press & TV / Radio Home Users Private Sectors Major ISPs Foreign Ptns
Distributed Honeypot Deployment
PC & End User Security:Auto Security Patch UpdatePC & End User Security:Auto Security Patch Update Windows Security Patch Auto Update No. of Download ActiveX: 18 Million Internet Microsoft Download Ctr. ActiveX DL Server Sec. Patch ActiveX Site
Incident Response Help Desk PC & End User SecurityPC & End User Security Internet PSTN • Make a call using 1800 – 11 - 4949 • Send fax using 1800 – 11 - 6969 • Communicate through email at incident@cert-in.org.in • Number of security incidents handled during 2008 (till Oct): 1425 • Vulnerability Assessment Service
Int’l Co-op: Cyber Security DrillInt’l Co-op: Cyber Security Drill Joint International Incident Handling Coordination Drill • Participated APCERT International Incident Handling Drill 2006 • Participants: 13 APCERT Members and New Zealand, Vietnam including 5 major Korean ISPs • Scenario: Countermeasure against Malicious Code and relevant infringement as DDoS attack • Participated APCERT International Incident Handling Drill 2007 • Participants: 13 APCERT Members + Korean ISPs • Scenario: DDoS and Malicious Code Injection • To be Model: World Wide Cyber Security Incidents Drill among security agencies
Thank you Question and queries? Email:hacksafemail@gmail.com Location:Bhubaneswar, India

Recommended

Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber Security
Mohammed Adam
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Vaishak Chandran
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Akash Dhiman
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
cyber security legal perspective
cyber security legal perspectivecyber security legal perspective
cyber security legal perspective
Shoeb Ahmed
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Bhandari Hìmáñßhü
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 

Recommended

Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber Security
Mohammed Adam
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Vaishak Chandran
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Akash Dhiman
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
cyber security legal perspective
cyber security legal perspectivecyber security legal perspective
cyber security legal perspective
Shoeb Ahmed
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Bhandari Hìmáñßhü
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
Cyber crime ✔
Cyber crime ✔Cyber crime ✔
Cyber crime ✔
hubbysoni
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
SharmilaMore5
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
afaque jaya
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Cyber security
Cyber securityCyber security
Cyber security
Samsil Arefin
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
Arun ACE
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
Amos Oyoo
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Cyber crime and Security
Cyber crime and SecurityCyber crime and Security
Cyber crime and Security
Hussain777
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Harendra Singh
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing Sudan
Ahmed Musaad
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
Progressive Integrations
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
HaniyaMaha
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 
RCREEE-enerMENA_présentation algeria
RCREEE-enerMENA_présentation algeriaRCREEE-enerMENA_présentation algeria
RCREEE-enerMENA_présentation algeria
RCREEE
 

More Related Content

What's hot

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
Cyber crime ✔
Cyber crime ✔Cyber crime ✔
Cyber crime ✔
hubbysoni
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
SharmilaMore5
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
afaque jaya
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Cyber security
Cyber securityCyber security
Cyber security
Samsil Arefin
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
Arun ACE
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
Amos Oyoo
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Cyber crime and Security
Cyber crime and SecurityCyber crime and Security
Cyber crime and Security
Hussain777
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Harendra Singh
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing Sudan
Ahmed Musaad
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
Progressive Integrations
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
HaniyaMaha
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 

What's hot (20)

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Cyber crime ✔
Cyber crime ✔Cyber crime ✔
Cyber crime ✔
 
Cyber security
Cyber securityCyber security
Cyber security
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber crime and Security
Cyber crime and SecurityCyber crime and Security
Cyber crime and Security
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing Sudan
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 

Viewers also liked

Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 
RCREEE-enerMENA_présentation algeria
RCREEE-enerMENA_présentation algeriaRCREEE-enerMENA_présentation algeria
RCREEE-enerMENA_présentation algeria
RCREEE
 
Internet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in IndiaInternet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in India
Rodney D. Ryder
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
Jeremiah Grossman
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015
Ajay Serohi
 
Social Media in Defence & Military 2012
Social Media in Defence & Military 2012Social Media in Defence & Military 2012
Social Media in Defence & Military 2012
Dale Butler
 
Hacking
HackingHacking
Hacking
Haider Akbar
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013
M P Keshava
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Georgekutty Francis
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security
USAID CEED II Project Moldova
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
Jeremiah Grossman
 
Social Media Pitfalls: How to avoid them
Social Media Pitfalls: How to avoid themSocial Media Pitfalls: How to avoid them
Social Media Pitfalls: How to avoid them
Susan Tenby
 
Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225
Klamberg
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Vijay Dalmia
 
Points & Pitfalls of Social Media
Points & Pitfalls of Social MediaPoints & Pitfalls of Social Media
Points & Pitfalls of Social Media
David Cain
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
Neel Kamal
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
jeshin jose
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 

Viewers also liked (20)

Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 
RCREEE-enerMENA_présentation algeria
RCREEE-enerMENA_présentation algeriaRCREEE-enerMENA_présentation algeria
RCREEE-enerMENA_présentation algeria
 
Internet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in IndiaInternet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in India
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015
 
Social Media in Defence & Military 2012
Social Media in Defence & Military 2012Social Media in Defence & Military 2012
Social Media in Defence & Military 2012
 
Hacking
HackingHacking
Hacking
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
 
Social Media Pitfalls: How to avoid them
Social Media Pitfalls: How to avoid themSocial Media Pitfalls: How to avoid them
Social Media Pitfalls: How to avoid them
 
Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
 
Points & Pitfalls of Social Media
Points & Pitfalls of Social MediaPoints & Pitfalls of Social Media
Points & Pitfalls of Social Media
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 

Similar to Indian perspective of cyber security

Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
Indian Air Force
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
ecommerce
 
Cloud computing_LKYSPP GSP 2019
Cloud computing_LKYSPP GSP 2019Cloud computing_LKYSPP GSP 2019
Cloud computing_LKYSPP GSP 2019
Jenny Jenish kyzy
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
Skillmine Technology Consulting
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
IndSightsResearchSG
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
IRJET Journal
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança
Cisco do Brasil
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet Governance
Kenny Huang Ph.D.
 
Networking Expertise
Networking ExpertiseNetworking Expertise
Networking Expertise
CIPL Corporate Infotech
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance Essay
Dotha Keller
 
Network security
Network securityNetwork security
Network security
Ravikumar Natarajan
 
Cybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdfCybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdf
RahimMakhani2
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
BryCunal
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
Onkar Sule
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
Malu704065
 
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityVTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
Shane Glenn
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
SafeNet
 

Similar to Indian perspective of cyber security (20)

Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
Cloud computing_LKYSPP GSP 2019
Cloud computing_LKYSPP GSP 2019Cloud computing_LKYSPP GSP 2019
Cloud computing_LKYSPP GSP 2019
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet Governance
 
Networking Expertise
Networking ExpertiseNetworking Expertise
Networking Expertise
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance Essay
 
Network security
Network securityNetwork security
Network security
 
Cybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdfCybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdf
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityVTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 

More from Aurobindo Nayak

Introduction to blockchain & cryptocurrencies
Introduction to blockchain & cryptocurrenciesIntroduction to blockchain & cryptocurrencies
Introduction to blockchain & cryptocurrencies
Aurobindo Nayak
 
Research points on ripple net
Research points on ripple netResearch points on ripple net
Research points on ripple net
Aurobindo Nayak
 
Blockchain in Trade Finance
Blockchain in Trade FinanceBlockchain in Trade Finance
Blockchain in Trade Finance
Aurobindo Nayak
 
Blockchain in FinTech
Blockchain in FinTechBlockchain in FinTech
Blockchain in FinTech
Aurobindo Nayak
 
Requirement Gathering & Rapid Prototyping
Requirement Gathering & Rapid PrototypingRequirement Gathering & Rapid Prototyping
Requirement Gathering & Rapid Prototyping
Aurobindo Nayak
 
E-Examination
E-ExaminationE-Examination
E-Examination
Aurobindo Nayak
 
Wireless security
Wireless securityWireless security
Wireless security
Aurobindo Nayak
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Aurobindo Nayak
 
Wireless network security
Wireless network security Wireless network security
Wireless network security
Aurobindo Nayak
 
SOFTWARE TESTING
SOFTWARE TESTINGSOFTWARE TESTING
SOFTWARE TESTING
Aurobindo Nayak
 
BRAIN FINGERPRINTING
BRAIN FINGERPRINTINGBRAIN FINGERPRINTING
BRAIN FINGERPRINTING
Aurobindo Nayak
 
Captcha seminar
Captcha seminar Captcha seminar
Captcha seminar
Aurobindo Nayak
 
Blue brain
Blue brain Blue brain
Blue brain
Aurobindo Nayak
 
Arvind's
Arvind'sArvind's
Arvind's
Aurobindo Nayak
 

More from Aurobindo Nayak (14)

Introduction to blockchain & cryptocurrencies
Introduction to blockchain & cryptocurrenciesIntroduction to blockchain & cryptocurrencies
Introduction to blockchain & cryptocurrencies
 
Research points on ripple net
Research points on ripple netResearch points on ripple net
Research points on ripple net
 
Blockchain in Trade Finance
Blockchain in Trade FinanceBlockchain in Trade Finance
Blockchain in Trade Finance
 
Blockchain in FinTech
Blockchain in FinTechBlockchain in FinTech
Blockchain in FinTech
 
Requirement Gathering & Rapid Prototyping
Requirement Gathering & Rapid PrototypingRequirement Gathering & Rapid Prototyping
Requirement Gathering & Rapid Prototyping
 
E-Examination
E-ExaminationE-Examination
E-Examination
 
Wireless security
Wireless securityWireless security
Wireless security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Wireless network security
Wireless network security Wireless network security
Wireless network security
 
SOFTWARE TESTING
SOFTWARE TESTINGSOFTWARE TESTING
SOFTWARE TESTING
 
BRAIN FINGERPRINTING
BRAIN FINGERPRINTINGBRAIN FINGERPRINTING
BRAIN FINGERPRINTING
 
Captcha seminar
Captcha seminar Captcha seminar
Captcha seminar
 
Blue brain
Blue brain Blue brain
Blue brain
 
Arvind's
Arvind'sArvind's
Arvind's
 

Recently uploaded

ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
Enterprise Knowledge
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
Cynthia Thomas
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
ScyllaDB
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
ScyllaDB
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
Knoldus Inc.
 
New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024
ThousandEyes
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
ScyllaDB
 
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
anilsa9823
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
ScyllaDB
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
UmmeSalmaM1
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
dipikamodels1
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
ScyllaDB
 

Recently uploaded (20)

ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
 
New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
 
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
 

Indian perspective of cyber security

  • 1. Cyber Security : Indian perspective 3RD November 2010 Aurobindo Nayak Reg-No:0701288307 NMIET Branch-CSE
  • 2. Web Sites (WWW) 1993 Web Invented and implemented 130 Nos. web sites 1994 2738 Nos. 1995 23500 Nos. 2007 550 Million Nos. 2008 850 Million Nos. Web Evolution
  • 4. Innovation fostering the Growth of NGNsInnovation fostering the Growth of NGNs Smart devices ◦ Television ◦ Computers ◦ PDA ◦ Mobile Phone (Single device to provide an end-to-end, seamlessly secure access) Application Simplicity ◦ Preference of single, simple and secure interface to access applications or content ◦ Ubiquitous interface - web browser Flexible Infrastructure Because of these areas of evolution, today’s NGNs are defined more by the services they support than by traditional demarcation of Physical Infrastructure.
  • 5. The Emergence of NGNsThe Emergence of NGNs The communication network operating two years ago are father’s telecommunication Network. NGNs are teenager’s Network. No longer consumer and business accept the limitation of single-use device or network. Both individuals and Business want the ability to communicate, work and be entertained over any device, any time, anywhere. The demand of these services coupled with innovation in technology is advancing traditional telecommunication far outside its original purpose.
  • 6. 6 The Complexity of Today’s Network Changes Brought in IT • Large network as backbone for connectivity across the country • Multiple Service providers for providing links – BSNL, MTNL, Reliance, TATA, Rail Tel • Multiple Technologies to support network infrastructure CDMA, VSAT, DSL • Multiple Applications Router Internet Intranet Unmanaged Device New PC Internet Perimeter Network Branch Offices Remote Workers Home Users Unmanaged Devices Router RouterRouter Router Branch Offices Desktops Laptops Servers Extranet Servers Router Network Infrastructure Unmanaged Devices Perimeter Network Servers Trends shaping the future • Ubiquitous computing, networking and mobility • Embedded Computing • Security • IPv6 • VoIP
  • 7. Challenges for Network OperatorChallenges for Network Operator Business challenges include new Pricing Structure, new relationship and new competitors. Technical challenges include migrating and integrating with new advances in technologies from fibre optics, installation of Wi-Fi support. Developing a comprehensive Security Policy and architecture in support of NGN services.
  • 8. To Reap BenefitsTo Reap Benefits To reap benefits of NGN, the operator must address ◦ Technology ◦ Risk ◦ Security ◦ Efficiency
  • 9. NGN ArchitectureNGN Architecture Identify Layer Compromises of end users owned by a telecom or a third-party service provider accessing services using devices like PC, PDA or mobile phone, to connect to the Internet Service Layer Hosts service applications and provides a framework for the creation of customer-focused services provided by either operator or a third-party service provider Network Layer Performs service execution, service management, network management and media control functions Connects with the backbone network InternetThird-Party Application Untrusted Web Tier Service Provider Application Service Delivery Platform (Service Provider ) Service Delivery Platform Common Framework Backbone Network Partly Trusted
  • 10. Growing ConcernGrowing Concern  Computing Technology has turned against us  Exponential growth in security incidents ◦ Pentagon, US in 2007 ◦ Estonia in April 2007 ◦ Computer System of German Chancellory and three Ministries ◦ Highly classified computer network in New Zealand & Australia  Complex and target oriented software  Common computing technologies and systems  Constant probing and mapping of network systems 10
  • 11. Cyber Threat EvolutionCyber Threat Evolution Virus Breaking Web Sites Malicious Code (Melissa) Advanced Worm / Trojan (I LOVE YOU) Identity Theft (Phishing) Organised Crime Data Theft, DoS / DDoS 1995 2000 2003-04 2005-06 2007-081977
  • 12. Cyber attacks being observedCyber attacks being observed Web defacement Spam Spoofing Proxy Scan Denial of Service Distributed Denial of Service Malicious Codes ◦ Virus ◦ Bots Data Theft and Data Manipulation ◦ IdentityTheft ◦ Financial Frauds Social engineering Scams
  • 14. Trends of IncidentsTrends of Incidents Sophisticated attacks ◦ Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity Rise of Cyber Spying and Targeted attacks ◦ Mapping of network, probing for weakness/vulnerabilities Malware propagation through Website intrusion ◦ Large scale SQL Injection attacks like Asprox Botnet Malware propagation through Spam on the rise ◦ Storm worm, which is one of the most notorious malware programs seen during 2007-08, circulates through spam
  • 15. Trends of IncidentsTrends of Incidents Phishing ◦ Increase in cases of fast-flux phishing and rock-phish ◦ Domain name phishing and Registrar impersonation Crimeware ◦ Targeting personal information for financial frauds Information Stealing through social networking sites Rise in Attack toolkits ◦ Toolkits like Mpack and Neospolit can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised sites
  • 17. 17 Top originating countries – Malicious code
  • 18. Three faces of cyber crimeThree faces of cyber crime Organised Crime Terrorist Groups Nation States 18
  • 19. Security of Information AssetsSecurity of Information Assets Security of information & information assets is becoming a major area of concern With every new application, newer vulnerabilities crop up, posing immense challenges to those who are mandated to protect the IT assets Coupled with this host of legal requirements and international business compliance requirements on data protection and privacy place a huge demand on IT/ITES/BPO service organizations We need to generate ‘Trust & Confidence’
  • 20. Challenges before the IndustryChallenges before the Industry
  • 21. Model Followed InternationallyModel Followed Internationally Internationally, the general approach has been to have legal drivers supported by suitable verification mechanism. For example, in USA Legal drivers have been ◦ SOX ◦ HIPPA ◦ GLBA ◦ FISMA etc. In Europe, the legal driver has been the “Data Protection Act” supported by ISO27001 ISMS.
  • 22. 22 Confidentiality INFORMATION SECURITY Integrity Availability Authenticity Security Policy People Process Technology Regulatory Compliance Access Control Security Audit User Awareness Program Incident Response Firewall, IPS/IDS Encryption, PKI Antivirus Information Security Management
  • 23. Cyber Security Strategy – India • Security Policy, Compliance and Assurance – Legal Framework – IT Act, 2000 – IT (Amendment) Bill, 2006 – Data Protection & Computer crimes – Best Practice ISO 27001 – Security Assurance Framework- IT/ITES/BPO Companies • Security Incident – Early Warning & Response – CERT-In National Cyber Alert System – Information Exchange with international CERTs • Capacity building – Skill & Competence development – Training of law enforcement agencies and judicial officials in the collection and analysis of digital evidence – Training in the area of implementing information security in collaboration with Specialised Organisations in US • Setting up Digital Forensics Centres – Domain Specific training – Cyber Forensics • Research and Development – Network Monitoring – Biometric Authentication – Network Security • International Collaboration
  • 24. Status of security and quality compliance inStatus of security and quality compliance in IndiaIndia Quality and Security ◦ Large number of companies in India have aligned their internal process and practices to international standards such as  ISO 9000  CMM  Six Sigma  Total Quality Management ◦ Some Indian companies have won special recognition for excellence in quality out of 18 Deming Prize winners for Total Quality Management in the last five years, six are Indian companies.
  • 25. ISO 27001/BS7799 Information SecurityISO 27001/BS7799 Information Security ManagementManagement Government has mandated implementation of ISO27001 ISMS by all critical sectors ISMS 27001 has mainly three components ◦ Technology ◦ Process ◦ Incident reporting and monitoring 296 certificates issued in India out of 7735 certificates issued worldwide Majority of certificates issued in India belong to IT/ITES/BPO sector
  • 26. Information Technology – Security TechniquesInformation Technology – Security Techniques Information Security Management SystemInformation Security Management System World China Italy Japan Spain India USA ISO 9000 951486 210773 115309 73176 65112 46091 36192 (175 counties) 27001 7732 146 148 276 93 296 94
  • 27.
  • 28. CERT-In Work ProcessCERT-In Work Process Department of Information Technology Department of Information Technology Detection Analysis Dissemination & Support Analysis Recovery Detect Dissemination ISP Hot Liners Press & TV / Radio Home Users Private Sectors Major ISPs Foreign Ptns
  • 30. PC & End User Security:Auto Security Patch UpdatePC & End User Security:Auto Security Patch Update Windows Security Patch Auto Update No. of Download ActiveX: 18 Million Internet Microsoft Download Ctr. ActiveX DL Server Sec. Patch ActiveX Site
  • 31. Incident Response Help Desk PC & End User SecurityPC & End User Security Internet PSTN • Make a call using 1800 – 11 - 4949 • Send fax using 1800 – 11 - 6969 • Communicate through email at incident@cert-in.org.in • Number of security incidents handled during 2008 (till Oct): 1425 • Vulnerability Assessment Service
  • 32. Int’l Co-op: Cyber Security DrillInt’l Co-op: Cyber Security Drill Joint International Incident Handling Coordination Drill • Participated APCERT International Incident Handling Drill 2006 • Participants: 13 APCERT Members and New Zealand, Vietnam including 5 major Korean ISPs • Scenario: Countermeasure against Malicious Code and relevant infringement as DDoS attack • Participated APCERT International Incident Handling Drill 2007 • Participants: 13 APCERT Members + Korean ISPs • Scenario: DDoS and Malicious Code Injection • To be Model: World Wide Cyber Security Incidents Drill among security agencies
  • 33. Thank you Question and queries? Email:hacksafemail@gmail.com Location:Bhubaneswar, India
  翻译: