Internet Safety and Security: Strategies for Building an Internet Safety Wall

Similar documents
National Cyber Security Policy -2013

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Promoting Network Security (A Service Provider Perspective)

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Cybersecurity for the C-Level

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Defending Against Cyber Attacks with SessionLevel Network Security

Cybercrime: risks, penalties and prevention

Lessons from Defending Cyberspace

Cyber Security. A professional qualification awarded in association with University of Manchester Business School

The FBI and the Internet

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

US-CERT Overview & Cyber Threats

External Supplier Control Requirements

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Penetration Testing Service. By Comsec Information Security Consulting

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

NEW ZEALAND S CYBER SECURITY STRATEGY

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Top tips for improved network security

Malicious cyber activity is on the increase at risk. This may involve the loss of critical data and consumer confidence, as well as profits

The Information Security Problem

What legal aspects are needed to address specific ICT related issues?

A Detailed Strategy for Managing Corporation Cyber War Security

Network Security and the Small Business

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

A Cyber Security Integrator s perspective and approach

Cyber Security and Critical Information Infrastructure

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Defending Against Data Beaches: Internal Controls for Cybersecurity

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG All rights reserved

Cybercrimes: A Multidisciplinary Analysis

Protecting Organizations from Cyber Attack

POLICIES TO MITIGATE CYBER RISK

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY

WRITTEN TESTIMONY OF

Incident Response Plan for PCI-DSS Compliance

Risk Assessment Guide

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Cyber Security Strategy

Data Security Incident Response Plan. [Insert Organization Name]

Today s Cybersecurity Technology: Is Your Business Getting Full Protection?

Research Topics in the National Cyber Security Research Agenda

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Jort Kollerie SonicWALL

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

COSC 472 Network Security

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510

Data Management & Protection: Common Definitions

Global IT Security Risks

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

CONSULTING IMAGE PLACEHOLDER

Defensible Strategy To. Cyber Incident Response

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience

Cyber Security solutions

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Don t Fall Victim to Cybercrime:

Cyber Security Strategy of Georgia

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Payment Card Industry Data Security Standard

TUSKEGEE CYBER SECURITY PATH FORWARD

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

RUAG Cyber Security. More security for your data

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

State of Security Survey GLOBAL FINDINGS

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Cyber Risks and Insurance Solutions Malaysia, November 2013

COB 302 Management Information System (Lesson 8)

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

National Cyber Crime Unit

U. S. Attorney Office Northern District of Texas March 2013

24/7 Visibility into Advanced Malware on Networks and Endpoints

Transcription:

Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA

Internet Security The Internet as a platform for almost all forms of activities --- social, economic, governance, education, health, etc It is attractive for perpetuating crimes Effects of Internet Security breaches are farreaching.

Examples of Criminality on the Internet Cyber Terrorism Cyber warfare Cyber espionage Phishing Malware, worms, virus, Trojan horses, etc Denial of Service, spam, botnets and zombies Frauds (financial, social, intellectual Property, etc) Distribution of X-rated content and CoP

Security Vulnerability, Threats, and Risk Vulnerability is a term that describes the weakness in a system, network, application, or process that can be exploited by a threat to create an adverse effect. Vulnerabilities can either be technical or physical in nature, and can be identified through assessment activities and continual situational awareness

Threats A threat is any indication, circumstance or event with the potential to cause loss or damage to an asset. To access vulnerability and risk, threats need to be characterized in some more detail.

Some important threats characteristics Type (e.g., insider, terrorist, military, or environmental (e.g. hurricane, tornado)), Intent or motivation, Triggers (i.e., events that might initiate an attack), Capability (e.g., skills, specific knowledge, access to materials or equipment), Methods (e.g., use of individual suicide bombers, truck bombs, assault, cyber), and Trends (what techniques have groups used in the past have experimented with, etc.).

Risk A risk can be described as the chance of a loss or damage and the resulting consequences. Risks are often characterized qualitatively as high, medium, or low. The level of risk varies among different components of cyberspace, and some may, therefore, deserve more attention than others in the development of an effective framework. Some components are considered to be particularly vulnerable, some are viewed by different groups of attackers as particularly tempting targets, and some would, if compromised, have particularly large impacts.

Examples of Threats A hacker remotely copying confidential files from a company network. A worm seriously degrading the performance of a wide-area network. A system administrator violating user privacy. Probe access a target in order to determine its characteristics. Scan access a set of targets sequentially in order to identify which targets have a specific characteristic. Flood access a target repeatedly in order to overload the target s capacity. Bypass avoid a process by using an alternative method to access a target. Spoof masquerade by assuming the appearance of a different entity in network communications. Read obtain the content of data in a storage device or other data medium. Steal take possession of a target without leaving a copy in the original location. Modify change the content or characteristics of a target. Delete remove a target or render it irretrievable.

A Quick Take Away Security vulnerability of cyber infrastructure exists when there is possibility to manipulate the assets of cyber infrastructure and cause doubts in the confidentiality, integrity and availability (CIA) of data and information contents of the cyber infrastructure. Ensuring the CIA of data and information contents of the cyber infrastructure at all times is the pivot of Internet Security.

Strategic Initiatives Cyber and information security awareness training. Develop relevant and improve cyber and Information Security Regulatory Framework Monitor compliance to framework Regular organisation of cyber and information security for a Establishment of national CERT and cyber Forensic Labs MoUs for National Monitoring of Ips Enact relevant regulatory laws

Key Policy Considerations The cyber security policy is an evolving task, which need to be regularly updated and refined putting into consideration the technological trends and security challenges posed by such technology directions. The security of cyber space is not an optional issue but an imperative need in view of its impact on national security, public safety and economic well-being. The issue of cyber security needs to move beyond traditional technological measures such as anti-virus and firewalls. It needs to be dynamic in nature and have necessary depth to detect, stop and prevent attacks. Cyber security intelligence forms an integral component of security of cyber space in order to be able to anticipate attacks, adopt suitable counter measures and attribute the attacks for possible counter action. Effective correlation of information from multiple sources and real-time monitoring of assets that need protection and at the same time ensuring that adequate expertise and process are in place to deal with crisis situations.

There is a need to focus on having a suitable security posture and adopt counter measures on the basis of hierarchy of priority and understanding of the inter dependencies, rather than attempting to defend against all intrusions and attacks. Security is all about what people, process and technology and as such there is a clear need for focusing on people and processes while attempting to use the best available technological solutions, which otherwise could prove ineffective. Use of adequately trained and qualified manpower along with suitable incentives for effective results in a highly specialized field of cyber security. Security needs to be built-in from the conceptual design stage itself when it comes to developing and deploying critical information infrastructure, as opposed to having security as an afterthought.

Priorities for Actions Creation of necessary situational awareness regarding threats to Information and Communication Technology (ICT) infrastructure for determination and implementation of suitable response Creation of a conducive legal environment in support of safe and secure cyber space, adequate trust and confidence in electronic transactions, enhancement of law enforcement capabilities that can enable responsible action by stakeholders and effective prosecution Protection of IT networks and gateways and critical communication & information infrastructure Putting in place a daily mechanism for cyber security emergency response and resolution and crisis management through effective predictive, preventive, protective response, and recovery actions Policy, promotion and enabling actions for compliance to international security best practices and conformity assessment (product, process, technology and people) and incentives for compliance.

Indigenous development of suitable security techniques and technology through frontier technology research, solution oriented research, proof of concept, pilot development etc. and deployment of secure IT products and processes Creation of a culture of cyber security for responsible user behaviour and actions Effective cyber-crime prevention and prosecution actions Proactive preventive and reactive mitigation actions to reach out and neutralize the sources of trouble and support for creation of global security eco system, including public-private partnership arrangements, information sharing, bilateral and multi-lateral agreements with overseas CERTs, security agencies and security vendors. Protection of data while in process, handling, storage and transit and protection of sensitive personal information to create a necessary environment of trust.

Questions? Contact: ehikioya@ncc.gov.ng ehikioya@gmail.com +234-803-606-2390

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information