Presentation given by Dr K Subramanian, Director and Professor, Advance Centre for Informatic and Innovative Learning IGNOU on August 3rd, 2011 at eWorld Forum (www.eworldforum.net) in the session Information Management and Security

1. Securing the Unsecured World: 21 st Century Challenge Creating Digital Trust & Cyber Security  Cyber Assurance Need of the Enterprises of “morrow Prof. K. Subramanian SM(IEEE), SMACM, FIETE, SMCSI,MAIMA,MAIS,MCFE Professor & Director, Advanced Center for Informatics & Innovative Learning (ACIIL), IGNOU HON.IT Adviser to CAG of India & Ex-DDG(NIC), Min of C & IT President, Cyber Society of India Emeritus President, eInformation Systems Security Audit Association (eISSA), India

3. IS LOSING TO COMPETITION LOSS OF CUSTOMERS LOSS OF CREDIBILITY EMBARRASSMENT FINANCIAL LOSS FRAUD & THEFT SCAVENGING VIRUS ATTACK ACCIDENTAL DAMAGE NATURAL DISASTER UNAUTHORISED ACCESS INTERCEPTION TROJAN HORSES INCOMPLETE PROGRAM CHANGES HARDWARE / SOFTWARE FAILURE SOCIAL ENGINEERING ATTACK DATA DIDDLING PASSWORDS ENCRYPTION ANTI-VIRUS BACKUPS HARDWARE MAINTENANCE SECURITY GUARDS INPUT VALIDATIONS AUDIT TRAILS PROGRAM CHANGE DOCUMENTATION AUTHORISATION BUSINESS CONTINUITY PLAN INTEGRITY CONFIDENTIALITY AVAILABILITY

4. Cyber Security – A Holistic View Proactive Control Source: Symantec Inc Authentication Access Control & Authorization Identity Mgmt Antivirus Firewall Intrusion Detection VPN Content Updates & Security Response 24x7 Global Customer Support Attack Recovery Tools/Svcs Honey Pot & Decoy Technology Threat Management & Early Warning Vulnerability Assessment Policy Compliance Event & Incident Mgmt Config. Mgmt Common Console Encryption

12. Challenging Issues Security is technology issue ? Trust is a management issue ? and Privacy is a social issue?

14. Layered E-trust Framework PKI Technology Trusted Digital Identity Infrastructure Shared E-trust Applications Computing E-trust Services Single e-trust Applications Infrastructure Layer 2 Service Provider example: Identrus Layer 2 Service Provider example IDENTRUS B2B, B2C, SET, C2C

28. Importance of Group Standards -no one standard meets all requirements ISO 27001/BS7799 Vs COBIT Vs CMM Vs ITIL Mission Business Objectives Business Risks Applicable Risks Internal Controls Review

29. CERTIFICATION SEMANTIC ISSUES What is certification; what does it denote and mean? What are the principal concepts and elements of certification What additional concepts and notions are expressed and implied by certification? What is the Intent of the certification; what is it you are trying to do in certifying something? TECHNOLOGICAL ISSUES How is certification achieved? How are the prerequisites and context for certification established? What is it you are certifying? (Object of certification) Certification with respect to what? (Business for certification) What relation must exist for certification? (Object/basis relation) What activities/decisions are prerequisite for certification? How and when is certification to be conducted? ADMINISTRATIVE ISSUES Who does the certification? Who is the recipient of the certification? What is the significance of the certification for the certifier? What is the significance of the certification for the recipient ? Why certify?

32. April 20, 2011 secure IT 2011 New Delhi Security Governance Maturity Model