2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM

Size: px
Start display at page:

Download "2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM"

Transcription

1 2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM

2 Recap of 1 st ARF Jeju (South Korea) Cyber Terrorism recently been brought on the agenda of the ARF There was absence of a common understanding amongst member states on what may or may not constitute Cyber Terrorism The question of definition loomed large in the Jeju Session especially in the absence of a definition of terrorism itself

3 Recap of 1 st ARF Jeju (South Korea) Some Key Issues discussed last time: Definition of Cyber Terrorism to Comprehend the Danger of Potential Threats to Information Security Identification of Tools which could be utilized by Terrorists to inflict Political or Financial Damage Measures to Reduce Vulnerabilities

4 Scope Pakistan Stance on Cyber Terrorism Threats from Pakistan s Perspective Counter Steps adopted by Pakistan PakCERT Recommendations

5 Pakistan s Stance on Cyber Terrorism Being an Important Member of the Anti Terror Coalition, Pakistan stands committed to combating Cyber Terrorism and Cooperate with the International Community in this field

6 Threats from Pakistan s Perspective Attacks originating externally from Entities Hostile to Pakistan, with or without support of respective Governments Attacks by Terrorist Organizations in retaliation to Pakistan s Role in the International Fight against Terror Attacks with pure Criminal Intent Attacks by domestic delinquents for frivolous / egoistic reasons

7 Instruments of Threat Computer Intrusion Denial of Service (DOS) e.g Disruption of Strategic Infrastructure Defacement e.g Altering content of Public Information websites Theft of Intellectual Property Identity Theft ID and Credit Cards Internet Fraud e.g Phishing Scams Propaganda and Disinformation

8 Steps Taken by Pakistan Revision of Electronic Crime Bill (ECB) 2003

9 Punishments Provided in Electronic Crimes Act 2003 Crime Criminal Data Access Data Damage System Damage Electronic Fraud Electronic Forgery Misuse Of Devices Unauthorized Access To Code Misuse Of Encryption Malicious Code Cyber Stalking Punishments in Draft of E Crime Bill 3 Years or Fine or Both 3 Years or Fine or Both 3 Years or Fine or Both 7 Years or Fine or Both 7 Years or Fine or Both 3 Years or Fine or Both 3 Years or Fine or Both 5 Years or Fine or Both 5 Years or Fine or Both 3 Years, PKR 300,000/- Fine or Both Spamming First time fine not exceeding PKR 50,000/- Subsequent time 3 Months, Max PKR 100,000/Fine or Both

10 Punishments Provided in Electronic Crimes Act 2003 Spoofing Crime Unauthorized Interception Cyber Terrorism Waging Cyber war Enhanced Punishment for Offences Involving Sensitive Electronic Systems Obstructing investigation Punishments in Draft of E Crime Bill 3 Years, PKR 300,000/Fine or Both. 5 years, PKR 500,000 Fine or Both Death/Life Imprisonment if it causes death. Fine not less than PKR 10 Million if only Extreme Financial Loss is caused Death/ Life and Fine 10 Years PKR One Million or Both 1 Year PKR 100,000 Fine

11 Steps Taken by Pakistan Revision of Electronic Crime Bill (ECB) 2003 Strengthening PakCERT Formation of National IT & Development Unit (NIDU) Increasing awareness and Changing Culture IDS as ISP Licence Clause

12 Steps Taken by Pakistan Special courses on Cyber Security as part of College and University Syllabus Increased maintenance period of ISPs Logs Regular Security Audit of public and private networks Use of Digital Signatures

13 BindView BindView BindView Pakistan Computer Emergency Response Team (PakCERT)

14

15 Pakistan Computer Emergency Response Team (PakCERT) Established in January 2001 Research and Find Solutions to Computer Security Problems Computer Security Alerts and Advisories for the Community, especially Pakistan Member of Asia Pacific Security Incident Response Coordination Working Group (APSIRC-WG)

16 PakCERT Services Security Assessment & Penetration Testing (S.A.P.T.) Forensic Investigation Services Development and Implementation of Security Policy Framework BS 7799/ISO Compliance Formation of Incident Response Team Training

17 PakCERT Discoveries Microsoft.Net Passport Vulnerability YAHA Virus Detection and Counter Measures

18 Defacement Statistics Websites

19 Recently Defaced Pakistani Web Sites irc.cyber.net.pk khi.breeze.net.pk cressoft.com.pk privatisation.gov.pk

20 Mirror of Recently Defaced Pakistani Web Sites

21 Mirror of Recently Defaced Pakistani Web Sites

22 Mirror of Recently Defaced Pakistani Web Sites

23 Mirror of Recently Defaced Pakistani Web Sites

24 Cyber Terrorism Case Study In 2003 Pakistan's Internet Infrastructure was subjected to Distributed Denial of Service (DDOS) attack using Yaha warm. The DDOS attack was repeated in 2004 by employing coordinated use of service. Both these attacks created adverse efforts on the IP network Investigation revealed that both these attacks were originated within the Region

25 Recommendations If agreed by ARF members, Pakistan would like to have the honor to host the next ARF Seminar on Cyber Terrorism in Islamabad (Pakistan) International Legislation to initiate action against entities involved in originating such acts Information sharing on case to case basis

26 Conclusion Security is NOT a Product, but an Infinite Ongoing Process

27

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE Devi Annamalai Security, Trust and Governance MCMC 28th August 2007 Hanoi. Vietnam BACKGROUND MCMC is a statutory body established under the Malaysian Communications

More information

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security UN General Assembly Resolution 68/243 GEORGIA General appreciation of the issues of information security Widely publicized cyber attacks and, to some expert opinions, cyber war - conducted against Georgia

More information

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM www.pwc.com Safeguarding company from cyber-crimes and other technology scams ASSOCHAM Rahul Aggarwal - Director The new digital business ecosystem is complex and highly interconnected The new business

More information

About Issues in Building the National Strategy for Cybersecurity in Vietnam

About Issues in Building the National Strategy for Cybersecurity in Vietnam Vietnam Computer Emergency Response Team - VNCERT About Issues in Building the National Strategy for Cybersecurity in Vietnam Vu Quoc Khanh Director General Outline Internet abundance Security situation

More information

Securing Information Systems

Securing Information Systems Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value

More information

Crisis Management Plan

Crisis Management Plan Crisis Management Plan for countering Cyber Attacks and Cyber Terrorism Department of Information Technology Ministry of Communications and Information Technology Government of India Cyber Security Agenda

More information

Garry Mukelabai Communications Authority Zambia

Garry Mukelabai Communications Authority Zambia Garry Mukelabai Communications Authority Zambia ICT in Zambia. Current and Future Legislations. Way Forward? Pop 12 million. Zambia pioneers of internet in region. Over 10 Internet Service Providers Internet

More information

ASEAN s Cyber Confidence Building Measures

ASEAN s Cyber Confidence Building Measures ASEAN s Cyber Confidence Building Measures Presentation by the ASEAN Secretariat UNIDIR Cyber Stability Seminar: Preventing Cyber Conflict 10 February 2014, Geneva, Switzerland Outline ASEAN Mechanisms

More information

The APEC Model. Global Partnership through Regional Initiatives

The APEC Model. Global Partnership through Regional Initiatives The APEC Model Global Partnership through Regional Initiatives Tony Beard Office of Transport Security (OTS), Department of Transport and Regional Services (DOTARS), Australia Office of Transport Security

More information

China and International Governance of Cybercrime

China and International Governance of Cybercrime China and International Governance of Cybercrime Prof. Dr. Shenkuo WU Law Professor of CCLS, Beijing Normal University Head of Research Centre of Internet Society of China Consultant of Supreme Court of

More information

Cyber Criminal Methods & Prevention Techniques. By

Cyber Criminal Methods & Prevention Techniques. By Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation

More information

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity EUROPEAN COMMISSION JOINT RESEARCH CENTRE Information Note JRC activities in the field of Cybersecurity Date: 28 January, 2016 JRC activities in the field of Cybersecurity 1. Societal and political context

More information

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,

More information

(U) Cyber Threats to the Homeland

(U) Cyber Threats to the Homeland UNCLASSIFIED (U) Cyber Threats to the Homeland October 2016 The overall classification of this briefing is: (U) Warning: This product may contain US person information that has been deemed necessary for

More information

Thailand Initiatives and Challenges in Cyber Terrorism

Thailand Initiatives and Challenges in Cyber Terrorism Thailand Initiatives and Challenges in Cyber Terrorism Agenda Cyber-Terrorism weapons & tactics MICT Cyber Inspector Group IT Laws Development Challenges Cyber-Terrorism weapons & tactics What is Cyber-Terrorism?

More information

2005 E-Crime Watch Survey Survey Results Conducted by CSO magazine in cooperation with the U.S. Secret Service and CERT Coordination Center

2005 E-Crime Watch Survey Survey Results Conducted by CSO magazine in cooperation with the U.S. Secret Service and CERT Coordination Center OVERALL RESULTS E-Crime Watch Survey: 2005 Field Dates: 3/3/05 3/14/05 Total completed surveys: 819 Margin of Error: +/- 3.4% NOTE TO EDITOR For the purpose of this survey, electronic crime, intrusion,

More information

RESOLUTION 45 (Rev. Hyderabad, 2010)

RESOLUTION 45 (Rev. Hyderabad, 2010) 212 RESOLUTION 45 (Rev. Hyderabad, 2010) The World Telecommunication Development Conference (Hyderabad, 2010), recalling a) Resolution 45 (Doha, 2006) of the World Telecommunication Development Conference

More information

NIGERIAN CYBERCRIME LAW: WHAT NEXT? BY CHINWE NDUBEZE AT THE CYBER SECURE NIGERIA 2016 CONFERENCE ON 7 TH APRIL 2014

NIGERIAN CYBERCRIME LAW: WHAT NEXT? BY CHINWE NDUBEZE AT THE CYBER SECURE NIGERIA 2016 CONFERENCE ON 7 TH APRIL 2014 NIGERIAN CYBERCRIME LAW: WHAT NEXT? BY CHINWE NDUBEZE AT THE CYBER SECURE NIGERIA 2016 CONFERENCE ON 7 TH APRIL 2014 OUR MANDATE O The EFCC is the agency charged with the responsibility for the enforcement

More information

New Zealand National Cyber Security Centre Incident Summary

New Zealand National Cyber Security Centre Incident Summary New Zealand National Cyber Security Centre 2013 Incident Summary National Cyber Security Centre 2013 Incident Summary Foreword The incidents summarised in this report reinforce that cyber security is truly

More information

AN ANALYSIS OF CYBER CRIME AND INTERNET SECURITY

AN ANALYSIS OF CYBER CRIME AND INTERNET SECURITY WORLD JOURNAL OF PHARMACY AND PHARMACEUTICAL SCIENCES Shoba. SJIF Impact Factor 6.647 Volume 6, Issue 5, 304-308 Review Article ISSN 2278 4357 AN ANALYSIS OF CYBER CRIME AND INTERNET SECURITY *Prof. V.

More information

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China SRI LANKA COMPUTER EMERGENCY READINESS TEAM COORDINATION CENTRE Agenda o About Sri

More information

Cyber Crime Update. Mark Brett Programme Director February 2016

Cyber Crime Update. Mark Brett Programme Director February 2016 Cyber Crime Update Mark Brett Programme Director February 2016 What is Cyber Crime? What are the current threats? What is the capability of local and regional Cyber Crime Investigations? What support is

More information

Cybersecurity, safety and resilience - Airline perspective

Cybersecurity, safety and resilience - Airline perspective Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,

More information

Cyber Security Experts Association of Nigeria (CSEAN) CYBER SECURE NIGERIA 2016 Conference

Cyber Security Experts Association of Nigeria (CSEAN) CYBER SECURE NIGERIA 2016 Conference Cyber Security Experts Association of Nigeria (CSEAN) CYBER SECURE NIGERIA 2016 Conference Threat of Cyber- Terrorism to Critical Infrastructures Presented by Iyke Ezeugo Cyber-warfare Strategist Definitions

More information

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018 INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF 28 th November 2018 AGENDA 1. State of Cybersecurity Globally 2. State of Cybersecurity in South Africa 2.1

More information

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC UNODC is mandated to assist Member States in their struggle against illicit drugs, crime

More information

Cyber Insurance: What is your bank doing to manage risk? presented by

Cyber Insurance: What is your bank doing to manage risk? presented by Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an

More information

CYBERCRIME LEGISLATION DEVELOPMENT IN NIGERIA AN UPDATE. Octopus Conference, Strasbourg 06 June, 2012

CYBERCRIME LEGISLATION DEVELOPMENT IN NIGERIA AN UPDATE. Octopus Conference, Strasbourg 06 June, 2012 CYBERCRIME LEGISLATION DEVELOPMENT IN NIGERIA AN UPDATE Octopus Conference, Strasbourg 06 June, 2012 T.GEORGE-MARIA TYENDEZWA Head, Computer Crime Prosecution Unit, Federal Ministry of Justice, Abuja,

More information

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless The Republic of Korea Executive Summary Today, cyberspace is a new horizon with endless possibilities, offering unprecedented economic and social benefits. However, on account of its open, anonymous and

More information

LEGAL FRAMEWORK FOR THE ENFORCEMENT OF CYBER LAW AND CYBER ETHICS IN NIGERIA

LEGAL FRAMEWORK FOR THE ENFORCEMENT OF CYBER LAW AND CYBER ETHICS IN NIGERIA LEGAL FRAMEWORK FOR THE ENFORCEMENT OF CYBER LAW AND CYBER ETHICS IN NIGERIA Umejiaku Nneka Obiamaka, Department of Commercial and Property Law Faculty of Law, Nnamdi Azikiwe University, Awka, Nigeria

More information

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation) Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation) December 15, 2000 1. Goals of the Special Action Plan The goal of this action plan is to protect

More information

CERT Development EFFECTIVE RESPONSE

CERT Development EFFECTIVE RESPONSE CERT Development EFFECTIVE RESPONSE CERT Development: EFFECTIVE RESPONSE 2 Effective Response Effective Response Well funded, organized attackers threaten your network IT attacks can result in: Loss of

More information

National Cybersecurity preparation to deal with Cyber Attacks

National Cybersecurity preparation to deal with Cyber Attacks National Cybersecurity preparation to deal with Cyber Attacks Dr. Chaichana Mitrpant Assistant Executive Director, Electronic Transactions Development Agency (ETDA) 1 Over all Internet usage in Thailand

More information

The commission communication "towards a general policy on the fight against cyber crime"

The commission communication towards a general policy on the fight against cyber crime MEMO/07/199 Brussels, 22 May 2007 The commission communication "towards a general policy on the fight against cyber crime" The use of the term cyber crime in this communication There is no agreed definition

More information

Developing a Legal Foundation and Establishing Effective Enforcement: Case Study Kenya

Developing a Legal Foundation and Establishing Effective Enforcement: Case Study Kenya Developing a Legal Foundation and Establishing Effective Enforcement: Case Study Kenya Lucky Waindi waindi@cck.go.ke Mwende Njiraini Njiraini@cck.go.ke 1 Content Part 1: Introduction Part 2: Developing

More information

Security Policies and Procedures Principles and Practices

Security Policies and Procedures Principles and Practices Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability

More information

RESOLUTION 130 (Rev. Antalya, 2006)

RESOLUTION 130 (Rev. Antalya, 2006) Res. 130 430 RESOLUTION 130 (Rev. Antalya, 2006) Strengthening the role of ITU in building confidence and security in the use of information and communication technologies The Plenipotentiary Conference

More information

716 West Ave Austin, TX USA

716 West Ave Austin, TX USA Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud

More information

Legal Foundation and Enforcement: Promoting Cybersecurity

Legal Foundation and Enforcement: Promoting Cybersecurity Legal Foundation and Enforcement: Promoting Cybersecurity Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection February 19, 2008 Mark L. Krotoski Computer

More information

How AlienVault ICS SIEM Supports Compliance with CFATS

How AlienVault ICS SIEM Supports Compliance with CFATS How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal

More information

Cyber Security Technologies

Cyber Security Technologies 1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales

More information

How do you decide what s best for you?

How do you decide what s best for you? How do you decide what s best for you? Experience Transparency Leadership Commitment Cost reduction Security Trustworthiness Credibility Confidence Reliability Compliance Privacy Expertise Flexibility

More information

Promoting Global Cybersecurity

Promoting Global Cybersecurity Promoting Global Cybersecurity Presented to ITU-T Study Group 17 Geneva, Switzerland 6 October 2005 Robert Shaw ITU Internet Strategy and Policy Advisor ITU Strategy and Policy Unit 1 Agenda Critical Infrastructures

More information

Presented by: Njei Check Head, Audit Security Division, ANTIC

Presented by: Njei Check Head, Audit Security Division, ANTIC Windhoek, 30th May 2017 Presented by: Njei Check Head, Audit Security Division, ANTIC B.P 6170 Yaoundé Tél : (+237) 694 405 868 Email : das@antic.cm Website : http://www.antic.cm SUMMARY 1 INTRODUCTION

More information

A Forensic Accountant in Cyber Security

A Forensic Accountant in Cyber Security A Forensic Accountant in Cyber Security Gertjan Groen, President ACFE Netherlands Chapter Fraud Awareness Week Event ACFE Belgium 14 November 2017, Brussels Personal Background Started my career in auditing

More information

Introduction of APCERT APCERT

Introduction of APCERT APCERT Introduction of Yurie Ito, JPCERT/CC (On behalf of the Secretariat) (Asia Pacific Computer Emergency Response Team) is a coalition of the forum of CSIRTs (Computer Security Incident Response Teams). The

More information

ACCEPTABLE USE POLICIES FOR INFORMATION SERVICES COMPUTING RESOURCES

ACCEPTABLE USE POLICIES FOR INFORMATION SERVICES COMPUTING RESOURCES ACCEPTABLE USE POLICIES FOR INFORMATION SERVICES COMPUTING RESOURCES Information Security Team DePaul University 1 East Jackson Boulevard Chicago, Illinois 60604 US https:/infosec.depaul.edu/ 13th December

More information

Cybercrime Criminal Law Definitions and Concepts

Cybercrime Criminal Law Definitions and Concepts Cybercrime Criminal Law Definitions and Concepts How to Criminalize Attacks on Computer Networks and Information Computer Crime and Intellectual Property Section U.S. Department of Justice 1 Overview Introduction

More information

Chapter 6 Network and Internet Security and Privacy

Chapter 6 Network and Internet Security and Privacy Chapter 6 Network and Internet Security and Privacy Learning Objectives LO6.1: Explain network and Internet security concerns LO6.2: Identify online threats LO6.3: Describe cyberstalking and other personal

More information

Digital Health Cyber Security Centre

Digital Health Cyber Security Centre Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting

More information

& protecting the UK s Critical National Infrastructure (CNI)

& protecting the UK s Critical National Infrastructure (CNI) New Threats: Cyber-terrorism 1 2005 Crown Copyright & protecting the UK s Critical National Infrastructure (CNI) 2nd ARF Seminar on Cyber Terrorism, Cebu City, Philippines 3 October, 2005 John Crow Head

More information

Cyber Security Development. Ghana in Perspective

Cyber Security Development. Ghana in Perspective Cyber Security Development Ghana in Perspective GHANA S CYBER SECURITY JOURNEY NCSPS Development Establishment of CERT NCSPS Validation 2015 Adoption of NCSPS by Cabinet 2016 NCSTWG NCSIAC NCSPS Review

More information

Offline Network Intrusion Detection: Looking for the Footprints

Offline Network Intrusion Detection: Looking for the Footprints Offline Network Intrusion Detection: Looking for the Footprints Frank Lieble Program Manager, IT Performance Solutions Public Sector Technology Center SAS North America Copyright 2000 SAS EMEA Plug and

More information

INDONESIA S PERSPECTIVE ON CYBER TERRORISM

INDONESIA S PERSPECTIVE ON CYBER TERRORISM INDONESIA S PERSPECTIVE ON CYBER TERRORISM CYBER TERRORISM No generally acceptable definition Cyber terrorism is one form of terrorism that use computer resources to launch terror attacks on critical infrastructures

More information

Cyber-Threats and Countermeasures in Financial Sector

Cyber-Threats and Countermeasures in Financial Sector Michael Mavroforakis, PhD Group CISO & CDO SEV: Workshop on Digital Enablers (Cloud & Cybersecurity) 27th March 2018 Agenda: CYBERSECURITY Potential Targets Attack Examples Insider vs Outsider Threats

More information

ITU Regional Cybersecurity Forum for Asia-Pacific

ITU Regional Cybersecurity Forum for Asia-Pacific ITU Regional Cybersecurity Forum for Asia-Pacific Incident Management Capabilities Australia Country Case Study Graham Ingram General Manager AusCERT July 2008 Copyright 2008 AusCERT Not for further distribution

More information

_isms_27001_fnd_en_sample_set01_v2, Group A

_isms_27001_fnd_en_sample_set01_v2, Group A 1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001

More information

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER

More information

UNODC tackling cybercrime in support of a safe and secure AP-IS

UNODC tackling cybercrime in support of a safe and secure AP-IS UNODC tackling cybercrime in support of a safe and secure AP-IS Mr. Alexandru CACIULOIU Cybercrime Project Coordinator South East Asia and the Pacific Second session of the Asia-Pacific Information Superhighway

More information

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350 Έκδοση 1.2-2018.02.14 TLP1: WHITE 1 TLP Sources may use TLP: WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.

More information

Certified Cyber Security Analyst VS-1160

Certified Cyber Security Analyst VS-1160 VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The

More information

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF

More information

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business

More information

New Guidance on Privacy Controls for the Federal Government

New Guidance on Privacy Controls for the Federal Government New Guidance on Privacy Controls for the Federal Government IAPP Global Privacy Summit 2012 March 9, 2012 Dr. Ron Ross Computer Security Division, NIST Martha Landesberg, J.D., CIPP/US The Privacy Office,

More information

Using the BS 7799 to improve Organization Information Security. Gaurav Malik

Using the BS 7799 to improve Organization Information Security. Gaurav Malik Using the BS 7799 to improve Organization Information Security. Gaurav Malik E-Mail: gauravrmalik@gmail.com ABSTRACT In this paper i have explained how we can we improve information security process of

More information

Inter-American Port Security Cooperation Plan

Inter-American Port Security Cooperation Plan Inter-American Port Security Cooperation Plan Thomas Morelli Program Manager for Port & Cargo Security Maritime Administration U.S. Department of Transportation Inter-American Port Security Cooperation

More information

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania C-PROC Cybercrime Programme Office Council of Europe, Bucharest, Romania ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania The role of legislation in enhancing the cyber

More information

African Forum on Cybercrime, Addis Ababa, 16 18 October 2018 Workshop 4: Current status of cybercrime legislation in Africa and international standards Cybercrime legislation in Africa and the Budapest

More information

Question: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break.

Question: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break. 1 ISC - SSCP System Security Certified Practitioner (SSCP) Question: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break. Question: 2 What is the main difference between computer

More information

E-guide Getting your CISSP Certification

E-guide Getting your CISSP Certification Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International

More information

Position Title: IT Security Specialist

Position Title: IT Security Specialist Position Title: IT Security Specialist SASRIA SOC LIMITED Sasria, a state-owned company, is the only short-term insurer in South Africa that provides affordable voluntary cover against special risks such

More information

Background. Threats. Present Status. Challenges and Strategies 9/30/2009 TRAI 2

Background. Threats. Present Status. Challenges and Strategies 9/30/2009 TRAI 2 9/30/2009 TRAI 1 Background Threats Present Status Challenges and Strategies 9/30/2009 TRAI 2 Critical infrastructure means the computers, computer systems, and/or networks, whether physical or virtual,

More information

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017 COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime

More information

RESOLUTION 130 (REV. BUSAN, 2014)

RESOLUTION 130 (REV. BUSAN, 2014) RESOLUTION 130 (REV. BUSAN, 2014) Strengthening the role of ITU in building confidence and security in the use of information and communication technologies The Plenipotentiary Conference of the International

More information

INFORMATION SECURITY NO MORE THE CINDERELLA?

INFORMATION SECURITY NO MORE THE CINDERELLA? INFORMATION SECURITY NO MORE THE CINDERELLA? Lord Toby Harris THE VIEW FROM THE KITCHEN Information security the Cinderella of technology Information security the Cinderella of security Who are the Ugly

More information

Introduction of APCERT

Introduction of APCERT Introduction of APCERT Yurie Ito, JPCERT/CC (On behalf of the APCERT Secretariat) APCERT APCERT (Asia Pacific Computer Emergency Response Team) is a coalition of the forum of CSIRTs (Computer Security

More information

Republic of Indonesia. ARF Defense Officials Dialogue Seoul, April 2009

Republic of Indonesia. ARF Defense Officials Dialogue Seoul, April 2009 Republic of Indonesia ARF Defense Officials Dialogue Seoul, 19-20 April 2009 THE GROWTH OF INFORMATION TECHNOLOGY AS WELL AS INTERNET HAS BROUGHT US BOTH POSITIVE AND NEGATIVE IMPACT. ONE OF THE NEGATIVE

More information

Cyber Security Strategy

Cyber Security Strategy Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from

More information

PT Unified Application Security Enforcement. ptsecurity.com

PT Unified Application Security Enforcement. ptsecurity.com PT Unified Application Security Enforcement ptsecurity.com Positive Technologies: Ongoing research for the best solutions Penetration Testing ICS/SCADA Security Assessment Over 700 employees globally Over

More information

Caribbean Cyber Security: Not Only Government s Responsibility

Caribbean Cyber Security: Not Only Government s Responsibility Caribbean Cyber Security: Not Only Government s Responsibility AWARENESS AND VIGILANCE IS EVERYBODY S RESPONSIBILITY Preseted at: ICT Symposium Antigua and Barbuda March 2017 Caribbean Cyber Security Events

More information

Universal Trusted Service Provider Identity to Reduce Vulnerabilities

Universal Trusted Service Provider Identity to Reduce Vulnerabilities 1.1 Session 3: Cyber-attacks: Are we ready for the battlefield of the 21st Century? 22 May 2008 Palais des Nations, Geneva Universal Trusted Service Provider Identity to Reduce Vulnerabilities Tony Rutkowski

More information

CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA

CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA RECENT TRENDS IN CYBER ATTACKS Cyber Security Threats From Requests to Ransom Notes Source: www.ripandscam.com Source https://en.wikipedia.org/wiki/wannacry_ransomware_attack

More information

Cybersecurity in Higher Ed

Cybersecurity in Higher Ed Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,

More information

Unique Phishing Attacks (2008 vs in thousands)

Unique Phishing Attacks (2008 vs in thousands) The process of attempting to acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. In the 2 nd half

More information

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

Information Technology Enhancing Productivity and Securing Against Cyber Attacks Information Technology Enhancing Productivity and Securing Against Cyber Attacks AGENDA Brief Overview of PortMiami Enhancing Productivity Using Technology Technology Being Using at the Port Cyber Attacks

More information

Information Security Incident Response Plan

Information Security Incident Response Plan Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,

More information

GAC PRINCIPLES REGARDING gtld WHOIS SERVICES. Presented by the Governmental Advisory Committee March 28, 2007

GAC PRINCIPLES REGARDING gtld WHOIS SERVICES. Presented by the Governmental Advisory Committee March 28, 2007 GAC PRINCIPLES REGARDING gtld WHOIS SERVICES Presented by the Governmental Advisory Committee March 28, 2007 1.1 The purpose of this document is to identify a set of general public policy issues and to

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation

More information

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model Abhijit Vitthal Sathe Modern Institute of Business Management, Shivajinagar, Pune 411 005 abhijit_sathe@hotmail.com

More information

The Readlyn Telephone Company dba RTC Communications NETWORK MANAGEMENT AND ACCEPTABLE USE POLICY Internet Service

The Readlyn Telephone Company dba RTC Communications NETWORK MANAGEMENT AND ACCEPTABLE USE POLICY Internet Service The Readlyn Telephone Company dba RTC Communications NETWORK MANAGEMENT AND ACCEPTABLE USE POLICY Internet Service The Readlyn Telephone Company, dba RTC Communications (the Company) Acceptable Use Policy

More information

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government

More information

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS

More information

PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC

PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC APPROVAL AUTHORITY: President, CHSi GARY G. PALMER /s/ OPR: Director, Information Security NUMBER: ISSUED: VERSION: APRIL 2015 2 THOMAS P. DELAINE JR. /s/ 1.0

More information

Cyber Threat Landscape April 2013

Cyber Threat Landscape April 2013 www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve

More information

Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017

Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017 Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool Cyber Security 3.0 Better Together August 18, 2017 Research Overview Problem Statement Research Goals & Methodology Defining Insider Cashout

More information

Security Audit What Why

Security Audit What Why What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,

More information

2014 TRANSIT CEOs SEMINAR. Cybersecurity What Every CEO Should Know to Help Secure the System

2014 TRANSIT CEOs SEMINAR. Cybersecurity What Every CEO Should Know to Help Secure the System 2014 TRANSIT CEOs SEMINAR Cybersecurity What Every CEO Should Know to Help Secure the System APTA Enterprise Cyber Security WG update Vulnerable Systems Cyber attacks may be targeted toward one or more

More information

ThaiCERT Incident Response & Phishing cases in Thailand. By Kitisak Jirawannakool Thai Computer Emergency Response team (ThaiCERT)

ThaiCERT Incident Response & Phishing cases in Thailand. By Kitisak Jirawannakool Thai Computer Emergency Response team (ThaiCERT) ThaiCERT Incident Response & Phishing cases in Thailand By Kitisak Jirawannakool Thai Computer Emergency Response team (ThaiCERT) Agenda About ThaiCERT ThaiCERT IR Phishing in Thailand About ThaiCERT Ministry

More information

SWIFT Customer Security Programme

SWIFT Customer Security Programme www.pwc.ch/cybersecurity SWIFT Customer Security Programme Mandatory controls: what you have to do to protect your local SWIFT infrastructures SWIFT Customer Security Programme (CSP) The growing number

More information