slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
An Overview to Information Security and Security Initiatives in India PowerPoint Presentation
Download Presentation
An Overview to Information Security and Security Initiatives in India

Loading in 2 Seconds...

play fullscreen
1 / 35

An Overview to Information Security and Security Initiatives in India - PowerPoint PPT Presentation


  • 280 Views
  • Uploaded on

An Overview to Information Security and Security Initiatives in India Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Why we need security To understand Information Security To know Security Initiatives in India Why Security?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'An Overview to Information Security and Security Initiatives in India' - Faraday


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

An Overview to

Information Security

and

Security Initiatives in India

Anil Sagar

Additional Director

Indian Computer Emergency Response Team (CERT-In)

objectives
Objectives
  • Why we need security
  • To understand Information Security
  • To know Security Initiatives in India
slide3

Why Security?

  • Polish Teen Faces Charges for Allegedly Manipulating Train System (January 11, 2008)
  • Barclays Chairman Victim of Identity Theft (January 10 & 11, 2008)
  • Stolen Laptops Hold Nashville Voter Data (337,000 voters)
  • (January 3, 2008)
slide4

Security: The Need

The consequences of insufficient security

  • Identity theft
  • Compromised customer confidence; loss of business
  • Service interruption (e.g., e-mail)
  • Loss of competitive advantage
  • Equipment theft
  • Embarrassing media coverage
  • Substantial financial loss
  • Legal penalties
slide5

What’s at stake?

When connecting to the Internet, three things

are put at risk:

  • Data
  • Resources
  • Reputation
information security cia
Information Security – CIA
  • Confidentiality
    • ensuring that information is accessible only to those authorized to have access
  • Integrity
    • assurance of accuracy and reliability of information
    • unauthorized modification of data is prevented
  • Availability
    • Information is being accessible and usable upon demand by an authorized entity
  • Non Repudiation
    • Verification of the sender and the recipient were, in fact, the parties who claimed to send or receive the message, respectively
threats to information security
Threats to Information Security
  • Confidentiality
    • Unauthorised Disclosure
  • Integrity
    • Unauthorised Alteration
  • Availability
    • Disruption
threats
Threats

An event, the occurrence of which could have an undesirable impact on the well-being of an asset.

[ISC2]

International Information Systems Security Certification Consortium

Any circumstances or event that has the potential to cause harm to a system or network .That means, that even the existence of a(n unknown) vulnerability implies a threat by definition.

[CERT]

vulnerability
Vulnerability
  • A feature or bug in a system or program which enables an attacker to bypass security measures.
  • An aspect of a system or network that leaves it open to attack.
  • Absence or weakness of a risk-reducing safeguard. It is a condition that has the potential to allow a threat to occur with greater frequency, greater impact or both.
slide17

Current trend of cyber threats

  • Targeted attacks
  • Stealing of data/modification
  • Identity theft (Phishing)
  • Spread of malicious code
  • Distributed Denial of service attacks
  • Website Defacements
slide19

Information Security Management

INFORMATION SECURITY

Availability

Confidentiality

Integrity

Authenticity

Security Policy

People

Regulatory Compliance

User Awareness Program

Access Control

Process

Security Audit

Incident Response

Encryption, PKI

Firewall, IPS/IDS

Technology

Antivirus

slide20

What actions need to be taken

  • User awareness
    • Security portals for user awareness
    • Ad campaigns
  • Enterprise security
    • CSIRTs
  • Sectoral cooperation and coordination
    • Sectoral CERTs
  • National coordination
    • CERT-In
  • Global coordination
    • APCERT, ASEAN, FIRST
slide21

Need for cooperation

  • Users
  • Organisations
  • CSIRTs, CERTs
  • ISPs
  • Domain registrars
  • DNS operators
  • IT vendors
  • Law enforcement agencies
slide22

Govt. Initiatives

  • Formation of CERT-In (January, 2003)
  • Nodal agency for
    • Responding to security incidents
    • Prevention of incidents by means of generating user awareness
    • Promotion of security best pratices
  • Coordination at
    • Sectoral level
    • National level
    • International level
slide23

CERT-In initiatives

  • Directives issued to Govt. and public sector organisations to
    • Implement ISO 27001 security standard
    • Perform regular security audits
    • Shifting of websites onto ‘.in’ name space
    • Hosting of websites within country
  • Empanelment of IT Security auditors
  • Creation of awareness by organising training programs for CISOs, System administrators
  • Issuance of security guidelines
slide24

CERT-In initiatives

  • Collaboration with security vendors like Microsoft, Redhat, Cisco, Symantec, McAfee, TrendMicro etc.
  • Security surveys and reports
  • Created forum on Phishing and Spam in collaboration with CII & other stakeholders
  • Issued “Securing Home Computers” and “Web Server Security” Guidelines
  • Informative Web Portals created in collaboration with Microsoft & Redhat for general user
information sharing stakeholders
Information Sharing: Stakeholders

ISPs,

Key Networks

CERTs CSIRTs

Vendors

Law

Enforcement Agencies

CERT-In

Media

Home Users

International

CERTs

---Government Sector

-Critical Information

Infrastructure

-Corporate Sector

25

slide26

International Cooperation

  • FIRST
  • APCERT
  • CERT/CC
  • US-CERT
  • JPCERT
  • Korean CERT
slide27

DIT initiatives

  • Generation of trained manpower on Information security
    • Master trainers in Information Security (60)
    • Short-term/long-term courses in Information Security
  • Certification, Vulnerability Assessment, training programs in the area of IT
    • STQC
slide28

DIT initiatives

  • R&D projects
    • Cryptography
    • Steganography
    • Network Behavior Analysis
    • Biometric Authentication
    • Mobile Security
    • Cyber Forensics
latest attack vectors
Latest attack vectors
  • Compromise of popular websites and subsequent distribution of malware visiting the website
  • Compromise of e-mail accounts and distribution of malicious attachments to contact list users
  • Collection of user credentials through keyloggers
communication channels
Communication channels

CERT-In website

About 1460 users visiting the site per day

Significant increase of site visit during major events

CERT-In Incident Response Help Desk

Toll free nos.

1800-11-4949 (Voice)

1800-11-6969 (FAX)

CERT-In mailing list

About 1100 individuals from various national and international security organizations

E-mail

CIOs Database

ISPs

Postal mail

33

conclusion
Conclusion

Let us work together for a vision. Create an society in which spam, viruses and worms, the plagues of modern information technology are eliminated.

slide35

Thank you

Incident Response HelpDesk

Phone: 1800 11 4949

FAX: 1800 11 6969

e-mail: incident@cert-in.org.in

http://www.cert-in.org.in