SlideShare ist ein Scribd-Unternehmen logo

The Future of Information Security

S
siswarren

This document summarizes a presentation on the future of information security. It discusses trends that will impact security such as increased network speeds, wireless devices, cloud computing and the internet of things. It also covers issues like the decline of traditional computers, increased cyber attacks, the importance of online identity, hacktivism, and the need for improved security training and qualifications. The document concludes that the complexity of security will continue growing and attacks will have greater potential impacts, making security an even more important issue going forward.

Technologie
1 von 22
Downloaden Sie, um offline zu lesen
1/05/2013 1 ACS VICTORIAN SIG – INFORMATION SECUIRY THE FUTURE OF SECURITY Professor Matt Warren, School of Information Systems, Deakin University www.mjwarren.com A view of the future • Microsoft’s view of the future. http://www.youtube.com/watch?v=peSYlJlg14E • What will be the security implications?
1/05/2013 2 CIA Triangle • Initial security concept developed with the introduction of the mainframe. • C.I.A. triangle was standard based on confidentiality, integrity, and availability. 3 Comments from History • Computer abuse – where a victim suffered, or could have suffered, a loss and a perpetrator made, or could have made a gain. • Don Parker 1983 – Fighting Computer Crime
1/05/2013 3 AusCert 2012 • Over 90% of respondents deployed firewalls, anti- spam filters and anti-virus software. • Two-thirds of respondents had documented incident management plans, however only 12% had a forensic plan. • Over 20% of organisations know they experienced a cyber incident in the previous 12 months, with 20% of these organisations experiencing more than 10 incidents. 5 AusCert 2012 • Of the organisations which know they experienced cyber incidents: 17% suffered from loss of confidential or proprietary information, 16% encountered a denial-of-service attack, and 10% financial fraud. 6
1/05/2013 4 AusCert 2012 • The most common responses as to why incidents were successful, were that they used powerful automated attack tools, or exploited unpatched or unprotected software vulnerabilities or misconfigured operating systems, applications or network devices. Security Link to the Past • Authentication – we are still using security features from the 80’s. • User name and password.
1/05/2013 5 We are dealing with the consequences Associated Press – Twitter hacking We are dealing with the consequences • One tweet. • For a moment in time - $US136.5 billion lost of the S&P 500 index's value. A quick recovery once the hoax was identified.
1/05/2013 6 We are dealing with the consequences • Syrian Electronic army blamed for the incident. • Phishing attack on journalists (from a number of media organisations). • One username and password for the AP twitter – shared with many users. The response • Twitters response. • Considering two test verification: • 1) User name & Password • 2) SMS code or secret code. Issue – usability.
1/05/2013 7 Next Generation • What does the future offer from a security perspective. • Lets look into the future. CIA Triangle – still relevant 14
1/05/2013 8 The following trends • The following themes and trends are based on a proposed CRC looking at Cyber Security in an Australian context. Ultra Speed Networks and Defence Faster networks allows for faster access and data transfer rates. But faster networks allow faster DDOS attacks, spread of malware, real time impacts. New approaches to intrusion detection and response are needed to address highly increased transmission speeds and diversity of devices prevalent in cyberspace today and in the future.
1/05/2013 9 Ultra Speed Networks and Defence Cyber protection systems will need innovative techniques and technologies to detect intrusions as perpetrators operate across an increasingly complex milieu of threat vectors. Resilient Systems With a society increasingly reliant on internet connectivity recovery from any form of attack. To protect society, organisational and individual interests more robust and resilient primary systems in the cyber infrastructure are needed.
1/05/2013 10 Resilient Systems Solutions will require systems to be self-aware and self-repairing, and a composite approach where systems combine to produce an overall architecture stronger than its component parts. Current focus of the Australian government. Wireless, Mobile, Cloud Wireless and mobile networks, and cloud computing all impact how and where we store and access our data. Individuals using an array of personal devices for workplace activity create an incredibly complex environment for managing and using commercially sensitive data to meet organisational outcomes.
1/05/2013 11 Trends – Australian 28th March, 2013 • SALES of tablet computers will surpass sales of both desktop and portable PC sales by 2014. • A report by the research firm IDC said worldwide shipments of these devices -- personal computers, tablets and smartphones -- grew 29.1 per cent in 2012 to 1.2 billion units with a value of $US576.9 billion. • The expansion was largely driven by 78.4 per cent growth in tablet shipments, which hit 128 million in 2012. Trends - Australian 11th April, 2013 • Decline in PC sales – Windows 8 - First-quarter shipments of PCs fell 14 per cent from the same time last year, according to International Data Corp. • That's the deepest quarterly drop since the firm started tracking the industry in 1994.
1/05/2013 12 Trends • Decline in traditional technologies – alternative technologies – e.g. Chromebook, Ubuntu, Apple. Unknown security issues? • Decline in traditional computers and replacement of alternative devices, e.g. security issues of Android - two to nine million total downloads of affected malware apps (bad news) from Google Play. IPV6 and the Internet of Things IPv6 presents significant opportunities for the expansion of the Internet and services, truly allowing “things” to be connected. IPv4 has approximately 4.2 billion unique addresses, but once IPv6 is fully adopted there will be approximately 1000 IP addresses for every square metre of the Earth’s surface. Forensics issues – since in theory every transaction could have a allocated IP address. Many new types of IP connected devices.
1/05/2013 13 Other Considerations • Complexity – the complexity of technologies, complexity of systems, complexity of security risks. • Cyber espionage / Cyber warfare. • Harder to implement effective information Security management. Other Considerations • Tools needed – as the complexity of security develops, so does the need to develop new software tools to manage the complexity. • Who has responsibility for security – is it governments, corporations or individuals?
1/05/2013 14 Increased Attack Vectors • Malware – increased in sophistication of malware, e.g. Stuxnet; • Linked to other attack vectors – social engineering; • Malware for all devices. Massive impacts of attacks • The impacts of attacks will impact millions and billions of users. Attacks could cause global impacts. • We are already seeing this with the impacts of social networking attacks. Security failures will have big impacts.
1/05/2013 15 Online Identity • The importance of our online identity / online brand. • Identity theft will become a greater issues. • Google is preparing for all aspects of the lifecycle including the afterlife. Google Afterlife • Google - ‘Inactive Account’ settings page, which allows a Google user to clarify what they want done with their YouTube, Gmail, and Google+ accounts after they die or are otherwise unable to use their account. • Google Users can choose to have their data deleted after three, six, or twelve months of inactivity or can share their data with friends or relatives.
1/05/2013 16 Google Afterlife Complexity of attacks • How to deal with complex security attacks? • Social aspects of attacks – extension of phishing attacks. • How to plan for complex attacks – will security risk analysis have a future? • The role of government in protecting against attacks?
1/05/2013 17 Hacktivsm • In the broadest term it is the use of technology as a means of protest to promote political ends. The aims of the protest would depend upon the group; • Small groups have the power to cause major impacts (real and media reported) based upon their activities. Anonymous
1/05/2013 18 Ethical issues - Data Ownership • Data Owner: responsible for the security and use of a particular set of information. • Data Custodian: responsible for storage, maintenance, and protection of information . • Data Users: end users who work with information to perform their daily jobs supporting the mission of the organisation. 35 Auscert Survey (2012) • Responses indicated that 65% of participating organisations had IT security staff with tertiary level IT qualifications. • More than 50% of participating organisations had IT security staff with some type of vendor based IT certifications. • Almost 35% of participating organisations had IT security staff with no formal training, although most of these staff had more than five years working in the IT security industry. 36
1/05/2013 19 Auscert Survey (2012) • These findings indicate that some organisations may need to improve the skill set of their IT security staff. • This was supported by the additional finding that 55% of respondents thought their organisation needs to do more to ensure their IT security staff have an appropriate level of qualification, training, experience and awareness. 37 Professional Aspects • Greater focus on quality security qualifications / academic and professional. • International aspects of Security Professional development, accreditation. • Security qualifications in all aspects of security.
1/05/2013 20 Professional Aspects • The professional nature / needs an development of security professionals. • A greater global demand for security professionals and a greater demand for all roles to have a security component. Human Elements • Cyber Safety – becomes important for entire populations. • The professional nature of security needs the development of IT and business professionals.
1/05/2013 21 Current Views of Cyber Security • Official Government Viewpoint. http://www.youtube.com/watch?v=UIIY9AQSqbY • Governments are taken Cyber Security seriously now, what will happen in the future? Conclusion • What have we learned from the past? • What will the future bring from a security perspective? • The world will become smaller as technology transform society. Security will become an even greater issue.
1/05/2013 22 Thank You For Your Time

Empfohlen

Extending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterExtending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterVeriato
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 

Empfohlen

Extending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterExtending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterVeriato
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Netpluz Asia Pte Ltd
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Cyber security basics
Cyber security basics Cyber security basics
Cyber security basics Rohit Srivastava
 
Cyber Security - Flier
Cyber Security - FlierCyber Security - Flier
Cyber Security - FlierSunit Belapure
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
2019 Cybersecurity Predictions
2019 Cybersecurity Predictions2019 Cybersecurity Predictions
2019 Cybersecurity PredictionsNuance Communications
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017NRC
 
Cyber security & Data Protection
Cyber security & Data ProtectionCyber security & Data Protection
Cyber security & Data ProtectionDr. Hemant Kumar Singh
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Shawn Nutley
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber SecurityStephen Lahanas
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security RiskMurray Security Services
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Introduction to the concept of it security
Introduction to the concept of it securityIntroduction to the concept of it security
Introduction to the concept of it securityRAVIKUMAR Digital Signal Processing
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Cyber attacks in 2021
Cyber attacks in 2021Cyber attacks in 2021
Cyber attacks in 2021redteamacademypromo
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 

Weitere ähnliche Inhalte

Was ist angesagt?

Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Netpluz Asia Pte Ltd
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Cyber Security - Flier
Cyber Security - FlierCyber Security - Flier
Cyber Security - FlierSunit Belapure
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017NRC
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Shawn Nutley
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber SecurityStephen Lahanas
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 

Was ist angesagt? (20)

Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College Workshop
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Cyber security basics
Cyber security basics Cyber security basics
Cyber security basics
 
Cyber Security - Flier
Cyber Security - FlierCyber Security - Flier
Cyber Security - Flier
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
2019 Cybersecurity Predictions
2019 Cybersecurity Predictions2019 Cybersecurity Predictions
2019 Cybersecurity Predictions
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017
 
Cyber security & Data Protection
Cyber security & Data ProtectionCyber security & Data Protection
Cyber security & Data Protection
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
 
Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Introduction to the concept of it security
Introduction to the concept of it securityIntroduction to the concept of it security
Introduction to the concept of it security
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Cyber attacks in 2021
Cyber attacks in 2021Cyber attacks in 2021
Cyber attacks in 2021
 

Ähnlich wie The Future of Information Security

Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Huntsman Security
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020tmbainjr131
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Don Grauel
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Continuing Education Conferance
Continuing Education ConferanceContinuing Education Conferance
Continuing Education ConferanceTommy Riggins
 
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...IRJET Journal
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big dataPeter Wood
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and securityJuliette Foine
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSPreetiDevidas
 
Putting data science into perspective
Putting data science into perspectivePutting data science into perspective
Putting data science into perspectiveSravan Ankaraju
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 

Ähnlich wie The Future of Information Security (20)

Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
Continuing Education Conferance
Continuing Education ConferanceContinuing Education Conferance
Continuing Education Conferance
 
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
 
Putting data science into perspective
Putting data science into perspectivePutting data science into perspective
Putting data science into perspective
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 

Kürzlich hochgeladen

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Kürzlich hochgeladen (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

The Future of Information Security

  • 1. 1/05/2013 1 ACS VICTORIAN SIG – INFORMATION SECUIRY THE FUTURE OF SECURITY Professor Matt Warren, School of Information Systems, Deakin University www.mjwarren.com A view of the future • Microsoft’s view of the future. http://www.youtube.com/watch?v=peSYlJlg14E • What will be the security implications?
  • 2. 1/05/2013 2 CIA Triangle • Initial security concept developed with the introduction of the mainframe. • C.I.A. triangle was standard based on confidentiality, integrity, and availability. 3 Comments from History • Computer abuse – where a victim suffered, or could have suffered, a loss and a perpetrator made, or could have made a gain. • Don Parker 1983 – Fighting Computer Crime
  • 3. 1/05/2013 3 AusCert 2012 • Over 90% of respondents deployed firewalls, anti- spam filters and anti-virus software. • Two-thirds of respondents had documented incident management plans, however only 12% had a forensic plan. • Over 20% of organisations know they experienced a cyber incident in the previous 12 months, with 20% of these organisations experiencing more than 10 incidents. 5 AusCert 2012 • Of the organisations which know they experienced cyber incidents: 17% suffered from loss of confidential or proprietary information, 16% encountered a denial-of-service attack, and 10% financial fraud. 6
  • 4. 1/05/2013 4 AusCert 2012 • The most common responses as to why incidents were successful, were that they used powerful automated attack tools, or exploited unpatched or unprotected software vulnerabilities or misconfigured operating systems, applications or network devices. Security Link to the Past • Authentication – we are still using security features from the 80’s. • User name and password.
  • 5. 1/05/2013 5 We are dealing with the consequences Associated Press – Twitter hacking We are dealing with the consequences • One tweet. • For a moment in time - $US136.5 billion lost of the S&P 500 index's value. A quick recovery once the hoax was identified.
  • 6. 1/05/2013 6 We are dealing with the consequences • Syrian Electronic army blamed for the incident. • Phishing attack on journalists (from a number of media organisations). • One username and password for the AP twitter – shared with many users. The response • Twitters response. • Considering two test verification: • 1) User name & Password • 2) SMS code or secret code. Issue – usability.
  • 7. 1/05/2013 7 Next Generation • What does the future offer from a security perspective. • Lets look into the future. CIA Triangle – still relevant 14
  • 8. 1/05/2013 8 The following trends • The following themes and trends are based on a proposed CRC looking at Cyber Security in an Australian context. Ultra Speed Networks and Defence Faster networks allows for faster access and data transfer rates. But faster networks allow faster DDOS attacks, spread of malware, real time impacts. New approaches to intrusion detection and response are needed to address highly increased transmission speeds and diversity of devices prevalent in cyberspace today and in the future.
  • 9. 1/05/2013 9 Ultra Speed Networks and Defence Cyber protection systems will need innovative techniques and technologies to detect intrusions as perpetrators operate across an increasingly complex milieu of threat vectors. Resilient Systems With a society increasingly reliant on internet connectivity recovery from any form of attack. To protect society, organisational and individual interests more robust and resilient primary systems in the cyber infrastructure are needed.
  • 10. 1/05/2013 10 Resilient Systems Solutions will require systems to be self-aware and self-repairing, and a composite approach where systems combine to produce an overall architecture stronger than its component parts. Current focus of the Australian government. Wireless, Mobile, Cloud Wireless and mobile networks, and cloud computing all impact how and where we store and access our data. Individuals using an array of personal devices for workplace activity create an incredibly complex environment for managing and using commercially sensitive data to meet organisational outcomes.
  • 11. 1/05/2013 11 Trends – Australian 28th March, 2013 • SALES of tablet computers will surpass sales of both desktop and portable PC sales by 2014. • A report by the research firm IDC said worldwide shipments of these devices -- personal computers, tablets and smartphones -- grew 29.1 per cent in 2012 to 1.2 billion units with a value of $US576.9 billion. • The expansion was largely driven by 78.4 per cent growth in tablet shipments, which hit 128 million in 2012. Trends - Australian 11th April, 2013 • Decline in PC sales – Windows 8 - First-quarter shipments of PCs fell 14 per cent from the same time last year, according to International Data Corp. • That's the deepest quarterly drop since the firm started tracking the industry in 1994.
  • 12. 1/05/2013 12 Trends • Decline in traditional technologies – alternative technologies – e.g. Chromebook, Ubuntu, Apple. Unknown security issues? • Decline in traditional computers and replacement of alternative devices, e.g. security issues of Android - two to nine million total downloads of affected malware apps (bad news) from Google Play. IPV6 and the Internet of Things IPv6 presents significant opportunities for the expansion of the Internet and services, truly allowing “things” to be connected. IPv4 has approximately 4.2 billion unique addresses, but once IPv6 is fully adopted there will be approximately 1000 IP addresses for every square metre of the Earth’s surface. Forensics issues – since in theory every transaction could have a allocated IP address. Many new types of IP connected devices.
  • 13. 1/05/2013 13 Other Considerations • Complexity – the complexity of technologies, complexity of systems, complexity of security risks. • Cyber espionage / Cyber warfare. • Harder to implement effective information Security management. Other Considerations • Tools needed – as the complexity of security develops, so does the need to develop new software tools to manage the complexity. • Who has responsibility for security – is it governments, corporations or individuals?
  • 14. 1/05/2013 14 Increased Attack Vectors • Malware – increased in sophistication of malware, e.g. Stuxnet; • Linked to other attack vectors – social engineering; • Malware for all devices. Massive impacts of attacks • The impacts of attacks will impact millions and billions of users. Attacks could cause global impacts. • We are already seeing this with the impacts of social networking attacks. Security failures will have big impacts.
  • 15. 1/05/2013 15 Online Identity • The importance of our online identity / online brand. • Identity theft will become a greater issues. • Google is preparing for all aspects of the lifecycle including the afterlife. Google Afterlife • Google - ‘Inactive Account’ settings page, which allows a Google user to clarify what they want done with their YouTube, Gmail, and Google+ accounts after they die or are otherwise unable to use their account. • Google Users can choose to have their data deleted after three, six, or twelve months of inactivity or can share their data with friends or relatives.
  • 16. 1/05/2013 16 Google Afterlife Complexity of attacks • How to deal with complex security attacks? • Social aspects of attacks – extension of phishing attacks. • How to plan for complex attacks – will security risk analysis have a future? • The role of government in protecting against attacks?
  • 17. 1/05/2013 17 Hacktivsm • In the broadest term it is the use of technology as a means of protest to promote political ends. The aims of the protest would depend upon the group; • Small groups have the power to cause major impacts (real and media reported) based upon their activities. Anonymous
  • 18. 1/05/2013 18 Ethical issues - Data Ownership • Data Owner: responsible for the security and use of a particular set of information. • Data Custodian: responsible for storage, maintenance, and protection of information . • Data Users: end users who work with information to perform their daily jobs supporting the mission of the organisation. 35 Auscert Survey (2012) • Responses indicated that 65% of participating organisations had IT security staff with tertiary level IT qualifications. • More than 50% of participating organisations had IT security staff with some type of vendor based IT certifications. • Almost 35% of participating organisations had IT security staff with no formal training, although most of these staff had more than five years working in the IT security industry. 36
  • 19. 1/05/2013 19 Auscert Survey (2012) • These findings indicate that some organisations may need to improve the skill set of their IT security staff. • This was supported by the additional finding that 55% of respondents thought their organisation needs to do more to ensure their IT security staff have an appropriate level of qualification, training, experience and awareness. 37 Professional Aspects • Greater focus on quality security qualifications / academic and professional. • International aspects of Security Professional development, accreditation. • Security qualifications in all aspects of security.
  • 20. 1/05/2013 20 Professional Aspects • The professional nature / needs an development of security professionals. • A greater global demand for security professionals and a greater demand for all roles to have a security component. Human Elements • Cyber Safety – becomes important for entire populations. • The professional nature of security needs the development of IT and business professionals.
  • 21. 1/05/2013 21 Current Views of Cyber Security • Official Government Viewpoint. http://www.youtube.com/watch?v=UIIY9AQSqbY • Governments are taken Cyber Security seriously now, what will happen in the future? Conclusion • What have we learned from the past? • What will the future bring from a security perspective? • The world will become smaller as technology transform society. Security will become an even greater issue.