Presentation given by Dr K Subramanian, Director and Professor, Advance Centre for Informatic and Innovative Learning IGNOU on August 3rd, 2011 at eWorld Forum (www.eworldforum.net) in the session Information Management and Security
Driving Behavioral Change for Information Management through Data-Driven Gree...
Dr K Subramanian
1. Securing the Unsecured World: 21 st Century Challenge Creating Digital Trust & Cyber Security Cyber Assurance Need of the Enterprises of “morrow Prof. K. Subramanian SM(IEEE), SMACM, FIETE, SMCSI,MAIMA,MAIS,MCFE Professor & Director, Advanced Center for Informatics & Innovative Learning (ACIIL), IGNOU HON.IT Adviser to CAG of India & Ex-DDG(NIC), Min of C & IT President, Cyber Society of India Emeritus President, eInformation Systems Security Audit Association (eISSA), India
2.
3. IS LOSING TO COMPETITION LOSS OF CUSTOMERS LOSS OF CREDIBILITY EMBARRASSMENT FINANCIAL LOSS FRAUD & THEFT SCAVENGING VIRUS ATTACK ACCIDENTAL DAMAGE NATURAL DISASTER UNAUTHORISED ACCESS INTERCEPTION TROJAN HORSES INCOMPLETE PROGRAM CHANGES HARDWARE / SOFTWARE FAILURE SOCIAL ENGINEERING ATTACK DATA DIDDLING PASSWORDS ENCRYPTION ANTI-VIRUS BACKUPS HARDWARE MAINTENANCE SECURITY GUARDS INPUT VALIDATIONS AUDIT TRAILS PROGRAM CHANGE DOCUMENTATION AUTHORISATION BUSINESS CONTINUITY PLAN INTEGRITY CONFIDENTIALITY AVAILABILITY
4. Cyber Security – A Holistic View Proactive Control Source: Symantec Inc Authentication Access Control & Authorization Identity Mgmt Antivirus Firewall Intrusion Detection VPN Content Updates & Security Response 24x7 Global Customer Support Attack Recovery Tools/Svcs Honey Pot & Decoy Technology Threat Management & Early Warning Vulnerability Assessment Policy Compliance Event & Incident Mgmt Config. Mgmt Common Console Encryption
5.
6.
7.
8.
9.
10.
11.
12. Challenging Issues Security is technology issue ? Trust is a management issue ? and Privacy is a social issue?
13.
14. Layered E-trust Framework PKI Technology Trusted Digital Identity Infrastructure Shared E-trust Applications Computing E-trust Services Single e-trust Applications Infrastructure Layer 2 Service Provider example: Identrus Layer 2 Service Provider example IDENTRUS B2B, B2C, SET, C2C
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28. Importance of Group Standards -no one standard meets all requirements ISO 27001/BS7799 Vs COBIT Vs CMM Vs ITIL Mission Business Objectives Business Risks Applicable Risks Internal Controls Review
29. CERTIFICATION SEMANTIC ISSUES What is certification; what does it denote and mean? What are the principal concepts and elements of certification What additional concepts and notions are expressed and implied by certification? What is the Intent of the certification; what is it you are trying to do in certifying something? TECHNOLOGICAL ISSUES How is certification achieved? How are the prerequisites and context for certification established? What is it you are certifying? (Object of certification) Certification with respect to what? (Business for certification) What relation must exist for certification? (Object/basis relation) What activities/decisions are prerequisite for certification? How and when is certification to be conducted? ADMINISTRATIVE ISSUES Who does the certification? Who is the recipient of the certification? What is the significance of the certification for the certifier? What is the significance of the certification for the recipient ? Why certify?
30.
31.
32. April 20, 2011 secure IT 2011 New Delhi Security Governance Maturity Model
33.
34.
35.
36.
Hinweis der Redaktion
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 Model of how customers view their security needs Introduce Symantec’s process to secure your enterprise – APRM
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 cyber security-->insurance to Assurance Prof. K. Subramanian 20th april 2011 Secure IT 2011 Delhi
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 CXsOs & Business Assurance Focus Prof. K. Subramanian 29th oct 2010 ciso forum oct 2010 esecurity Governance~Corporate Governance 29th November 2007 Prof. KS@2009, IOD Lecture, March 22, 2009
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 CXsOs & Business Assurance Focus Prof. K. Subramanian 29th oct 2010 ciso forum oct 2010
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 CXsOs & Business Assurance Focus Prof. K. Subramanian 29th oct 2010 ciso forum oct 2010
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 CXsOs & Business Assurance Focus Prof. K. Subramanian 29th oct 2010 ciso forum oct 2010
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 Corporate Goverance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 Corporate Goverance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 cbs convergence 2007 oct 25,2007 21/02/09 Prof. K. Subramanian 04/11/09 Prof. KS@2009, IOD Lecture, March 22, 2009 esecurity Governance~Corporate Governance
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 cyber security-->insurance to Assurance Prof. K. Subramanian 20th april 2011 Secure IT 2011 Delhi
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 Cyber Assurance for Trusted Financial Services 7th January 2008 2nd Bank Tech Congress Prof. K. Subramanian, Dec 2007, Mumbai India
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 cbs convergence 2007 oct 25,2007 21/02/09 Prof. K. Subramanian 04/11/09 Prof. KS@2009, IOD Lecture, March 22, 2009 esecurity Governance~Corporate Governance
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 cyber security-->insurance to Assurance Prof. K. Subramanian 20th april 2011 Secure IT 2011 Delhi Corporate Goverance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007 The development was guided by the Software Engineering Institute’s efforts in the late 80’s in building maturity models for software development. By using such a scale, an organization can determine where it is, define where it wants to go and, if it identifies a gap, it can do an analysis to translate the findings into projects. Reference points can be added to the scale. Comparisons can be performed with what others are doing, if that data is available, and the organization can determine where emerging international standards and industry best practices are pointing for the effective management of security and control.
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011
security of insecurity cyber ssurace Framework 3rd August 2011 Prof. KS@2011 Egov world forum 2011 Digital ADMINISTRATION CONFERENCE CHENNAI mARCH 2008 18th March 2008 PROF. ks@2008 March 2008 PROF. ks@2008 March 2008 Digital ADMINISTRATION CONFERENCE CHENNAI mARCH 2008 18th March 2008