Wireless e-business Security. Lothar Vigelandzoon

Similar documents
Chancen und Risiken im Bereich von WLAN's. FGSec - Vorabendveranstaltung 20. Juni 2002 Uwe B. Kissmann

Objectives of the Security Policy Project for the University of Cyprus

Massimo Nardone, TKK, S Security of Communication Protocols

Certified Information Security Manager (CISM) Course Overview

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

E-guide Getting your CISSP Certification

Security by Default: Enabling Transformation Through Cyber Resilience

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Manchester Metropolitan University Information Security Strategy

SONICWALL SECURITY HEALTH CHECK SERVICE

Building a Resilient Security Posture for Effective Breach Prevention

SONICWALL SECURITY HEALTH CHECK SERVICE

Protect Your Organization from Cyber Attacks

align security instill confidence

Cyber Criminal Methods & Prevention Techniques. By

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

IoT & SCADA Cyber Security Services

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Gujarat Forensic Sciences University

Data Security and Privacy Principles IBM Cloud Services

Information Security Controls Policy

SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS

Ingram Micro Cyber Security Portfolio

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

SONICWALL SECURITY HEALTH CHECK PSO 2017

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

The Honest Advantage

locuz.com SOC Services

Information Security Management System

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

External Supplier Control Obligations. Cyber Security

Improving SCADA System Security

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Advent IM Ltd ISO/IEC 27001:2013 vs

Secure Access & SWIFT Customer Security Controls Framework

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Infosec Europe 2009 Business Strategy Theatre. Giving Executives the Security Management Information that they Really Need

Accelerate Your Enterprise Private Cloud Initiative

Cyber Security Strategy

Carbon Black PCI Compliance Mapping Checklist

GDPR Update and ENISA guidelines

System Threat Analysis Case Study for Software Based Communications

IT risks and controls

CYBER SECURITY AND MITIGATING RISKS

Changing face of endpoint security

Fintech District. The First Testing Cyber Security Platform. In collaboration with CISCO. Cloud or On Premise Platform

Session ID: CISO-W22 Session Classification: General Interest

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Will you be PCI DSS Compliant by September 2010?

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

to Enhance Your Cyber Security Needs

THE POWER OF TECH-SAVVY BOARDS:

Tiger Scheme QST/CTM Standard

BUILD YOUR CYBERSECURITY SKILLS WITH TRASYS INTERNATIONAL

The Learner can: 1.1 Describe the common types of security breach that can affect the organisation, such as:

Certified Information Systems Auditor (CISA)

Simplify Your Network Security with All-In-One Unified Threat Management

Run the business. Not the risks.

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Patient Information Security

Choosing the Right Security Assessment

Nebraska CERT Conference

Certified Ethical Hacker

Position Title: IT Security Specialist

What It Takes to be a CISO in 2017

CYBER RESILIENCE & INCIDENT RESPONSE

Projectplace: A Secure Project Collaboration Solution

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Unit 3 Cyber security

Canada Life Cyber Security Statement 2018

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

BHConsulting. Your trusted cybersecurity partner

Cybersecurity The Evolving Landscape

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Designing and Building a Cybersecurity Program

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

CCISO Blueprint v1. EC-Council

EU General Data Protection Regulation (GDPR) Achieving compliance

Database Auditing and Forensics for Privacy Compliance: Challenges and Approaches. Bob Bradley Tizor Systems, Inc. December 2004

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Security and resilience in Information Society: the European approach

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Cyber Attacks & Breaches It s not if, it s When

Information Technology General Control Review

Cybersecurity Session IIA Conference 2018

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Cyber Security - Information Security & Testing

Business Risk Management

Transcription:

Wireless e-business Security Lothar Vigelandzoon

E-business evolution Increased business drivers for cost efficiency & market penetration Increased Importance of brand reputation Distance between IT and business Traditional business models Convergence of IT and business Inter Enterprise business (B2B/B2C,B2E) Increase of Global reach e-business models Extension of e-business to wireless e-business New business opportunities from evolving wireless technologies Increased business dependancy on IT and sound security and Privacy Business processes IT Business processes IT Business processes IT consumer organisation information technology consumer information organisation technology consumer information organisation technology Increased requirements for mobility Increased customer service expectation

End to End Security Service Offerings Assess Plan Design Implement Run Assessment Planning Design Build Management Health Check Assessments: Site Process System Network Internet Application Privacy Wireless Ethical Hacking e-risk Workshops Security Privacy PKI Wireless Info Asset Profile Privacy Strategy and Implementation PKI Planning and Design Wireless Planning and Design Privacy Planning and Design Policy Definition Standards Definition Process Dev't Enterprise Arch Internet Arch Secure Solution Design VPNs Wireless Metadirectories Product Selection Product Implem. Firewalls Tivoli PKI Policy Director Entrust Baltimore Other Product Implementation Single Signon Risk Manager Identrus Reference Implementation Quick Start and testing Managed Security Services Intrusion Detection Vulnerability Scanning Firewall Management Incident Management Security Management Standards/Controls Physical & Logical Security Compliance Checking Security Integrity and Advisories Virus Services Network Security Risk/Issue Mgmt Security Education

In order to expedite implementation, security can be approached using tactical and strategic solutions. IBM's services are aligned to this approach Desired Security level, e.g. Internationally recognised Certification Enable e-business LEVEL OF SECURITY RED TRACK (WIRELESS SOLUTION DESIGN) BLUE TRACK (WIRELESS SECURITY ASSESSMENT) Assess Information Security process Define Security requirements Implement "Quick Wins" TIME

Wireless & Security Laboratories New York Zurich La Gaude Tokyo Helsinki Haifa Beijing Austin San Jose Global Methods & Intellectual Capital IBM Centres for e-business Innovation Hamburg London Milan Paris Stockholm Sydney Tokyo Chicago Washington Atlanta Vancouver Toronto In formationsecurity Practitioners Wireless Security Practitioners Wireless Security Core Team Acceleration Centre IBM Product Development Tivoli Software IBM PC Division IBM Pervasive Devices Global Offerings IBM Wireless Security Partners

What does security mean to me?... Security is to a business, what oxygen is to a human being... Security Level Too little oxygen Too much oxygen Right level of oxygen

Wireless e-business Security Challenges and enablers Daniel Keely

Wireless e-business is much more than the addition of wireless transport networks and introduces new security requirements Pervasive Devices Wireless Applications Wireless transactions Wireless lifestyle factilitors Wireless messaging Wireless Protocols WAP, WTLS, SMS Channels to wired e-business solutions and Intranets Wireless Networks wpan wlan wwan New Wireless Technology = New Vulnerabilities = New Risks

It is difficult for an organisation to gain assurance of the confidentiality and integrity of its data as it passes over wireless data networks Wireless Wide Area Networks GSM/GPRS encryption weaknesses RF jamming Loss of data routing control Pre-paid services are anonymous Wireless LANs and PANs limited "out of the box" protection weak 802.11 encryption Will be implemented in public areas e.g. airports Bluetooth users may not be aware of their devices being active and accessible WAP "gap" vulnerability wwan/lan/pan

Wireless connected mobile devices are the new interfaces to e-business applications. However, their security capabilities are severely restricted Mobile Devices Initial user access (PIN/Password) can be deactivated by the user Devices are easily lost or stolen (with data) Limited OTA backup and restore facilities Weak synchronisation access controls Targets for viruses Vulnerable to "bugs" Remote access configuration capabilities/undocumented APIs Vulnerable to denial of service attacks "Always-on" connectivity increases window of opportunity for hackers Lack of content filtering

Wireless e-business delivers new applications that introduce privacy concerns. In addition, Standards are not developing fast enough Apps and Standards Immature standards Privacy concerns with location based services Increased user base and requirements for mobile access Usability issues

How will the security challenges evolve? Drivers increased business dependancy on technology business partnerships, alliances; M&As increasing user base rapidly developing technologies & complexity Security issues recreational hacker -> hactivist -> organised crime -> industrial espionage greater proliferation of viruses increased tooling to exploit vulnerabilities internal vs external threats malicious intent vs accidental skills shortages

The challenges can be addressed using security solutions. These solutions help enable Wireless e-business Technology Session cryptography/vpns File encryption Content and virus filtering Personal firewalls User and device authentication User authorisation Wireless PKI Intrusion detection Security management Secure and resilient industry solutions Architecture Structured design method Functional architecture Operational architecture End-to-end security design Processes Risk management process Incident management process Change management process Audit process Security awareness program Skills Risk management expertise IT security expertise Architecture and design expertise Industry knowledge

Existing "wired" security controls will be pushed to their limits and become increasingly important Wireless Channels Intranet Policy management Intrusion detection Hardened platforms Security verification Secure device management Incident management Firewalls Content/E-mail filtering Anti-virus Identification & authentication Authorisation Security organisation

What is information risk management? Risk Management must be part of a continuous information security process Asset Value Vulnerability Assessment Threat Assessment Business IT Scope Business process Governance Human resources IT Process Facilities Systems Management Applications and Data Datacommunications Determine Risk Accept Risk? Identify Safeguards Acceptance Accept Residual Risk?

New wireless security services have been announced. They are aligned with the IBM Global Services Method to enable consistent and comprehensive delivery worldwide Assess Plan Design Implement Run Business & Organization Market Intelligence Assessment & Strategy Strategic Architecture Business Design Business Launch Business Operation Application & Middleware Solution Outline Macro Design Micro Design Build Cycle Deployment Infrastructure Technical Assessment Technical Architecture Transition Plan Configure & Test Deployment Support/ Operate Solution Outsourcing Wireless Risk Assessment Wireless Solution Design Support/ Run

Our risk assessment services help identify and understand wireless e-business risks Wireless Risk Assessment Review Strategies Review Security Mgmt Ethical hacking Physical security review Risk analysis Reporting Planning Identify threats, vulnerabilities and risks introduced by wireless initiatives Assess the alignment of wireless technology to your business goals Report strengths, weaknesses and tactical and strategic recommendations Solution planning

To accomodate the demand for technical reviews of existing wlans, a "fast track" wlan security assessment can be delivered to determine current risks Wireless Risk Assessment Test OTA security Review technical design Assess physical environment Report findings & recommendations Identify weaknesses in existing wireless LAN installations Provide recommendations for improvement

To enable a fast-start of new secure wireless e-business initiatives, we offer a wireless security workshop Wireless Security Workshop Wireless Solution Design Business objectives Identify security issues Define secure solution concept Define action plan Understand security issues within your planned wireless e-business ideas Understand the key security technology requirements within a high level solution concept Understand requirements for integration into existing infrastructure

Our Solution Design service develops solutions to help leverage and protect the benefits of wireless e-business Wireless Solution Design Analyse business context & IT environment Information asset profile Security strategy & requirements Security Define countermeasures architecture overview Detailed security design, policies and processes Product selection, Implementation & Proof of concept Security validation & compliance Develop wireless e-business security strategy, requirements & policies Define and build secure and resilient solution architecture and design Build security processes Security out-tasking

More wireless security information is available at ibm.com www.ibm.com/services/security

Wireless & Security Laboratories New York Zurich La Gaude Tokyo Helsinki Haifa Beijing Austin San Jose Global Methods & Intellectual Capital IBM Centres for e-business Innovation Hamburg London Milan Paris Stockholm Sydney Tokyo Chicago Washington Atlanta Vancouver Toronto In formationsecurity Practitioners Wireless Security Practitioners Wireless Security Core Team Acceleration Centre IBM Product Development Tivoli Software IBM PC Division IBM Pervasive Devices Global Offerings IBM Wireless Security Partners

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback