SlideShare a Scribd company logo

Cyber Crimes and IT Risk Management Explained

IPPAI
IPPAI
BusinessTechnology
1 of 39
Cyber Crimes and IT Risk Management Nandakumar Shamanna
© Det Norske Veritas AS. All rights reserved. 2
© Det Norske Veritas AS. All rights reserved. 3
© Det Norske Veritas AS. All rights reserved. 4
What makes it different form terrestrial Crime They are easy to learn how to commit They are often not clearly illegal They can be committed in a jurisdiction without being physically present in it When done leaves no or less trace They require few resources relative to the potential damage caused © Det Norske Veritas AS. All rights reserved. 5
to name a few  Cyber Terrorism  False Websites  Cyber Squatting  Phishing  Web Jacking  Auction Frauds  Internet Time Thefts  e-mail Spoofing  Email Bombing  Cyber Terrorism  Cyber Stalking  Pornography  Salami Attacks  Data Interference/Forgery/Interception  Hacking  Credit Card Fraud  Viruses/Worms/Trojans  Network Sabotage  Data Diddling  DOS  Cyber Blackmailing  Identity Fraud/Theft  Cyber Luring  Source code stealing  Intellectual Property crimes © Det Norske Veritas AS. All rights reserved. 6
 Cyber terrorism: The deliberate destruction, disruption or distortion of digital data or information flows with widespread effect for political, religious or ideological reasons.  Cyber espionage is the act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using illegal exploitation methods on the Internet, networks or individual computers. © Det Norske Veritas AS. All rights reserved. 7
The Impact……  Armies may cease to march  Stock Markets may crash  Businesses may be bankrupted  Individuals may lose their social identity  Threats not from novice teenagers : - but purposeful military, political, and criminal organizations © Det Norske Veritas AS. All rights reserved. 8
- "This site has been hacked by ISI (Kashmir is ours), we want a hospital in Kashmir" - signed by - Mujahideen-ul-dawat © Det Norske Veritas AS. All rights reserved. 9
Challenges to India's National Security India's reliance on technology is increasing as reflected from the fact that India is shifting gears by entering into facets of e-governance India has already brought sectors like defense, income tax, passport under the realm of e -governance The travel sector is also heavily reliant on this Most of the Indian banks have gone on full-scale computerization. This has also brought in concepts of e-commerce and e-banking The stock markets have also not remained immune Sectors like police and judiciary are to follow © Det Norske Veritas AS. All rights reserved. 10
Cyber Crimes – Exploding Problem 11. India Share of malicious computer activity: 3% Malicious code rank: 3 Spam zombies rank: 11 Phishing web site hosts rank: 22 Bot rank: 20 Attack origin rank: 19 List of Top 20 Countries with the highest rate of Cybercrime (source: BusinessWeek/Symantec) Each country lists 6 contributing factors, share of malicious computer activity, malicious code rank, spam zombies rank, phishing web site hosts rank, bot rank and attack origin, to substantiate its cybercrime ranking. © Det Norske Veritas AS. All rights reserved. 11
Extent of the Problem Source: National Crime Records Bureau, Statistics of Cyber Crimes, 2007 © Det Norske Veritas AS. All rights reserved. 12
Extent of the Problem 2009 FBI-IC3 Internet Crime Report Friday, April 2nd, 2010 © Det Norske Veritas AS. All rights reserved. 13
Extent of the Problem Ponemon Institute Research Report Publication Date: July 2010 © Det Norske Veritas AS. All rights reserved. 14
Why Is Cyber Attack Possible?  Software Has Bugs/Networks Not Designed For Security: Engineering practices and technology used by system providers do not produce systems that are immune to attack  Implementation Is Poor: Network and System operators do not have the people and practices to defend against attacks and minimize damage  Law And Policy Lag Behind Dependence: Policy and law in cyber-space are immature and lag the pace of change © Det Norske Veritas AS. All rights reserved. 15
Attack Sophistication vs. Intruder Technical Knowledge Auto Coordinated Cross site scripting Tools “stealth” / advanced High scanning techniques packet spoofing denial of service Staged sniffers distributed attack tools Intruder sweepers www attacks Knowledge automated probes/scans GUI back doors disabling audits network mgmt. diagnostics hijacking burglaries sessions Attack exploiting known vulnerabilities Sophistication password cracking self-replicating code password guessing Intruders Low 1980 1985 1990 1995 2000 © Det Norske Veritas AS. All rights reserved. 16
Information Technology – Risk Management
New risk reality  Today we are operating in an increasingly more global, complex and demanding risk environment with “zero tolerance” for failure  Even as there is Increased demands for transparency the Challenges of businesses or the State remain due to Increasing IT vulnerability  There must be a balance between Transparency and Security  Stricter regulatory requirements © Det Norske Veritas AS. All rights reserved. 18
Definition of risk Risk is an event that occurs with a certain frequency/ probability and that has consequences towards one or more goals/objectives Risk Level = Frequency/ Probability combined with Consequence THREAT EXPLOIT VULNERABILITY PROBABILITY x CONSEQUENCE = RISK DAMAGE ASSET © Det Norske Veritas AS. All rights reserved. 19
Approach - Work process and method The Risk Management Approach ensures that mapping of risk exposure, treatment of risks and follow-up are carried out in a structured manner Communication Initiation Uncertainty Risk Actions Implementation & focusing Identification Analysis Planning & follow-up Documentation © Det Norske Veritas AS. All rights reserved. 20
2 Actions planning – handling strategy  Alter the risk - Preventive measures reduce the probability of the event - Corrective measures reduce the consequence of the event - Plan for that event happen - Avoid escalation - Recovery plan Risk Reduction Risk Transfer  Transfer the risk - Disclaim responsibility; write a contract, take out insurance etc.  Avoid the risk - Eliminate by stopping the activity  Accept the risk - Continue as before; the activity remains unchanged Risk Avoidance Risk Acceptance © Det Norske Veritas AS. All rights reserved. 21
Implement Security Systems to combat Cyber Crimes
the solutions…. - Technology  Firewalls, Intrusion Prevention System  Public Key Infrastructure  High Grade Encryption Technologies  Optical Fiber Links  Vulnerability/Risk Assessment  Cyber Forensics  Honey Pots  VPN  Biometrics, Access Control  Backups (System Redundancy)  Incident Response Actions © Det Norske Veritas AS. All rights reserved. 23
the solutions…. - Processes  Reduction in the Operation flexibility (Segregation of Duties)  Effective Organization Procedures and Policies  Security/System Auditing  Training to the employees  Government-to-Government coordination  Recognizing Shortage of skilled cyber security workers  Creation of Cyber Army  Cooperation & Information Sharing  Investment in information assurance systems  Increased R&D funding  Development of cyber ethics  Mutual cooperation with law enforcement © Det Norske Veritas AS. All rights reserved. 24
Security Models and Frameworks
ISO 27000 Series - Published standards  ISO/IEC 27000 — Information security management systems — Overview and vocabulary  ISO/IEC 27001 — Information security management systems — Requirements  ISO/IEC 27002 — Code of practice for information security management  ISO/IEC 27003 — Information security management system implementation guidance  ISO/IEC 27004 — Information security management — Measurement  ISO/IEC 27005 — Information security risk management  ISO/IEC 27006 — Requirements for bodies providing audit and certification of information security management systems  ISO/IEC 27011 — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002  ISO/IEC 27033-1 - Network security overview and concepts  ISO 27799 - Information security management in health using ISO/IEC 27002 [standard produced by the Health Infomatics group within ISO, independently of ISO/IEC JTC1/SC27] © Det Norske Veritas AS. All rights reserved. 26
ISO 27000 Series - In preparation  ISO/IEC 27007 - Guidelines for information security management systems auditing (focused on the management system)  ISO/IEC 27008 - Guidance for auditors on ISMS controls (focused on the information security controls)  ISO/IEC 27013 - Guideline on the integrated implementation of ISO/IEC 20000-1 and ISO/IEC 27001  ISO/IEC 27014 - Information security governance framework  ISO/IEC 27015 - Information security management guidelines for the finance and insurance sectors  ISO/IEC 27031 - Guideline for ICT readiness for business continuity (essentially the ICT continuity component within business continuity management)  ISO/IEC 27032 - Guideline for cybersecurity (essentially, 'being a good neighbor' on the Internet)  ISO/IEC 27033 - IT network security, a multi-part standard based on ISO/IEC 18028:2006 (part 1 is published already)  ISO/IEC 27034 - Guideline for application security  ISO/IEC 27035 - Security incident management  ISO/IEC 27036 - Guidelines for security of outsourcing  ISO/IEC 27037 - Guidelines for identification, collection and/or acquisition and preservation of digital evidence © Det Norske Veritas AS. All rights reserved. 27
Other IT Security Management Models Common Criteria (CC)  Common Criteria for Information Technology Security Evaluation - ISO 15408 - Framework for specification of evaluation FISMA  Federal Information Systems Management Act – US Information Security Forum (ISF)  Standard of Good Practice for Information Security ITIL  Information Technology Infrastructure Library NIST  library of freely available resources - http://csrc.nist.gov  Security Self-Assessment Guide for Information Technology Systems 800-26 © Det Norske Veritas AS. All rights reserved.
Other IT Security Management Models PCI  Payment Card Industry Data Security Standards - 6 Control Objectives - 12 Requirements Securities and Financial - Basel II - COSO - SOX RFC 2196  RFC 2196 is memorandum published by Internet Engineering Task Force for developing security policies and procedures for information systems connected on the Internet. Statement on Auditing Standards No. 70: Service Organizations  SAS 70 provides guidance to service auditors when assessing the internal controls of a service organization and issuing a service auditor’s report. SAS 70 also provides guidance to auditors of financial statements of an entity that uses one or more service organizations. © Det Norske Veritas AS. All rights reserved.
IT Governance Models COBIT  ISACA (Information Systems Audit and Control Association) © Det Norske Veritas AS. All rights reserved.
The CALDER-MOIR IT Governance Framework There are many IT-related management frameworks, standards and methodologies in use today. None of them, on their own, are complete IT governance frameworks, but they all have a useful role to play in assisting organizations manage and govern their IT operations more effectively. The CALDER-MOIR IT Governance Framework is designed to help get maximum benefit from all these overlapping and competing frameworks and standards, and also to deploy the best practice guidance contained in the international standard for IT governance, ISO/IEC 38500. © Det Norske Veritas AS. All rights reserved. 31
Governance & Cyber Crime - Cost Comparison Ponemon Institute Research Report Publication Date: July 2010 © Det Norske Veritas AS. All rights reserved. 32
Cyber Crimes and Law Electronic Signature Laws U.S. - Electronic Signatures in Global and National Commerce Act U.S. - Uniform Electronic Transactions Act - adopted by 46 states U.S. - Digital Signature And Electronic Authentication Law U.S. - Government Paperwork Elimination Act (GPEA) U.S. - The Uniform Commercial Code (UCC) UK - s.7 Electronic Communications Act 2000 European Union - Electronic Signature Directive (1999/93/EC) Mexico - E-Commerce Act [2000] Costa Rica - Digital Signature Law 8454 (2005) Australia - Electronic Transactions Act 1999 (Cth) (also note that there is State and Territory mirror legislation) Information Technology Act 2000 of India Information Technology Laws Computer Misuse Act 1990 Florida Electronic Security Act Illinois Electronic Commerce Security Act Texas Penal Code - Computer Crimes Statute Maine Criminal Code - Computer Crimes Singapore Electronic Transactions Act Malaysia Computer Crimes Act Malaysia Digital Signature Act UNCITRAL Model Law on Electronic Commerce Information Technology Act 2000 of India © Det Norske Veritas AS. All rights reserved. 33
Cyber Security Initiatives by Government of India Cybercrime provisions under IT Act,2000 Offences & Relevant Sections under IT Act Tampering with Computer source documents Sec.65 Hacking with Computer systems, Data alteration Sec.66 Publishing obscene information Sec.67 Un-authorized access to protected system Sec.70 Breach of Confidentiality and Privacy Sec.72 Publishing false digital signature certificates Sec.73 © Det Norske Veritas AS. All rights reserved. 34
Cyber Security Initiatives by Government of India National Informatics Centre (NIC) Indian Computer Emergency Response Team (Cert-In) National Information Security Assurance Programme (NISAP) Indo-US Cyber Security Forum (IUSCSF) © Det Norske Veritas AS. All rights reserved. 35
Conclusion  Majority of on-line threat is cyber crime  Cyber terror is still emerging - Evolving threat - Integrating critical missions with general Internet - Increasing damage/speed of attacks - Continued vulnerability of off-the-shelf software © Det Norske Veritas AS. All rights reserved. 36
Conclusion Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. However it is quite possible to check them. Hence, the possible steps to counter Cyber crimes are to :  make people aware of their rights and duties (to report crime as a collective duty towards the society)  making the application of the laws more stringent to check crime  implement good IT Security systems and governance models to reduce the possibilities of cyber crimes  to bring about increased awareness amongst the law keepers of the State on Cyber crimes © Det Norske Veritas AS. All rights reserved. 37
Conclusion  To counter cyberthreats, India should immediately establish a National center on information systems security  It should tap the expertise of universities and private software and internet companies  In addition to the government and defense sectors it should cater to the banking sector, stock exchanges, telecom and internet networks, power and water supplies, and transportation. © Det Norske Veritas AS. All rights reserved. 38
Safeguarding life, property and the environment www.dnv.com © Det Norske Veritas AS. All rights reserved. 39

Recommended

DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015Andrzej Bartosiewicz
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Andrea Rossetti
 
RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De Souzaguest8a3b501b
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threatLuc Beirens
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignmentcparimala
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...London Metropolitan - UK
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 

Recommended

DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015Andrzej Bartosiewicz
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Andrea Rossetti
 
RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De Souzaguest8a3b501b
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threatLuc Beirens
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignmentcparimala
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...London Metropolitan - UK
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd Iaetsd
 
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And TerrorismCe Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And TerrorismKislaychd
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatNTT Innovation Institute Inc.
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionSymantec
 
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...IBM Danmark
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ESAllen Informática
 
Hackers
HackersHackers
HackersAlvaro Cipriano
 
Hackers
HackersHackers
Hackersguesta04f59b
 
Security Wars
Security WarsSecurity Wars
Security WarsIkuo Takahashi
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013 The eCore Group
 
Name parul
Name parulName parul
Name parulParul231
 
TD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoorsTD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoorsth3prodevelopper
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
3 f6 security
3 f6 security3 f6 security
3 f6 securityop205
 
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securitydefquon
 
Thornton e authentication guidance
Thornton e authentication guidanceThornton e authentication guidance
Thornton e authentication guidanceHai Nguyen
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Meghna Verma
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
Marcos de gobierno de ti
Marcos de gobierno de tiMarcos de gobierno de ti
Marcos de gobierno de tiRosmery Banr
 

More Related Content

What's hot

Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd Iaetsd
 
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And TerrorismCe Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And TerrorismKislaychd
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionSymantec
 
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...IBM Danmark
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013 The eCore Group
 
Name parul
Name parulName parul
Name parulParul231
 
TD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoorsTD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoorsth3prodevelopper
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
3 f6 security
3 f6 security3 f6 security
3 f6 securityop205
 
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securitydefquon
 
Thornton e authentication guidance
Thornton e authentication guidanceThornton e authentication guidance
Thornton e authentication guidanceHai Nguyen
 

What's hot (19)

Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
 
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And TerrorismCe Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
 
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ES
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Security Wars
Security WarsSecurity Wars
Security Wars
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013
 
Name parul
Name parulName parul
Name parul
 
TD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoorsTD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoors
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
3 f6 security
3 f6 security3 f6 security
3 f6 security
 
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional security
 
Thornton e authentication guidance
Thornton e authentication guidanceThornton e authentication guidance
Thornton e authentication guidance
 

Viewers also liked

Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Meghna Verma
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
Marcos de gobierno de ti
Marcos de gobierno de tiMarcos de gobierno de ti
Marcos de gobierno de tiRosmery Banr
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT ProcessesNatarajan V
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Enterprise Architecture Frameworks
Enterprise Architecture FrameworksEnterprise Architecture Frameworks
Enterprise Architecture FrameworksStephen Lahanas
 

Viewers also liked (6)

Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
Marcos de gobierno de ti
Marcos de gobierno de tiMarcos de gobierno de ti
Marcos de gobierno de ti
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT Processes
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Enterprise Architecture Frameworks
Enterprise Architecture FrameworksEnterprise Architecture Frameworks
Enterprise Architecture Frameworks
 

Similar to Cyber Crimes and IT Risk Management Explained

Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Mohammad Ahmed
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-finalMarco Morana
 
Isaca june 19, 2010
Isaca june 19, 2010Isaca june 19, 2010
Isaca june 19, 2010Vicky Shah
 
cybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdfcybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdfssuserd25aae
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxPrinceKumar851167
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentationAshokkumar Gnanasekar
 
Cyber crime against property
Cyber crime against propertyCyber crime against property
Cyber crime against propertyvarunbamba
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics sunanditaAnand
 
Cyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj AhirwarCyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj AhirwarNeeraj Ahirwar
 
Cyber crime and security
Cyber crime and security Cyber crime and security
Cyber crime and security BasitShah18
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks TrendsCharles Mok
 

Similar to Cyber Crimes and IT Risk Management Explained (20)

Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-final
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
cyber crime
cyber crimecyber crime
cyber crime
 
Computer Crimes
Computer CrimesComputer Crimes
Computer Crimes
 
Isaca june 19, 2010
Isaca june 19, 2010Isaca june 19, 2010
Isaca june 19, 2010
 
cybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdfcybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdf
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentation
 
Cyber crime against property
Cyber crime against propertyCyber crime against property
Cyber crime against property
 
UNIT 1.pptx
UNIT 1.pptxUNIT 1.pptx
UNIT 1.pptx
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics
 
Cyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj AhirwarCyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj Ahirwar
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber crime and security
Cyber crime and security Cyber crime and security
Cyber crime and security
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks Trends
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 

More from IPPAI

The Move Towards Sustainable Transport in London - Mr. Steve Kearns
The Move Towards Sustainable Transport in London - Mr. Steve KearnsThe Move Towards Sustainable Transport in London - Mr. Steve Kearns
The Move Towards Sustainable Transport in London - Mr. Steve KearnsIPPAI
 
Standards – building blocks of the Smart City - Michael Mulquin
Standards – building blocks of the Smart City - Michael MulquinStandards – building blocks of the Smart City - Michael Mulquin
Standards – building blocks of the Smart City - Michael MulquinIPPAI
 
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
21st Century Grids and India’s journey towards smarter grids - Reji Kumar PillaiIPPAI
 
Smart City Principles - Rogier van den Berg
Smart City Principles - Rogier van den BergSmart City Principles - Rogier van den Berg
Smart City Principles - Rogier van den BergIPPAI
 
TImportance of certification and standardization for Smart Cities - Mr. Raymo...
TImportance of certification and standardization for Smart Cities - Mr. Raymo...TImportance of certification and standardization for Smart Cities - Mr. Raymo...
TImportance of certification and standardization for Smart Cities - Mr. Raymo...IPPAI
 
Smart, Secure and Sustainable Cities India – Mr. Trevor Gibson
Smart, Secure and Sustainable Cities India – Mr. Trevor GibsonSmart, Secure and Sustainable Cities India – Mr. Trevor Gibson
Smart, Secure and Sustainable Cities India – Mr. Trevor GibsonIPPAI
 
Industry Qualifications India - Cdr(Retd.) Kartik Vig
Industry Qualifications India - Cdr(Retd.) Kartik VigIndustry Qualifications India - Cdr(Retd.) Kartik Vig
Industry Qualifications India - Cdr(Retd.) Kartik VigIPPAI
 
Future cities catapult - Dr. Cathy Mulligan
Future cities catapult - Dr. Cathy MulliganFuture cities catapult - Dr. Cathy Mulligan
Future cities catapult - Dr. Cathy MulliganIPPAI
 
Can the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
Can the dream of 100% renewable energy be a reality? - Mr. Ken DragoonCan the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
Can the dream of 100% renewable energy be a reality? - Mr. Ken DragoonIPPAI
 
Smart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
Smart Cities, Smart Consequences? - Mr. Devdutt PattanaikSmart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
Smart Cities, Smart Consequences? - Mr. Devdutt PattanaikIPPAI
 
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...IPPAI
 
The Road to Smart Cities - Jeet Mistry
The Road to Smart Cities - Jeet MistryThe Road to Smart Cities - Jeet Mistry
The Road to Smart Cities - Jeet MistryIPPAI
 
From Smart Grid to Smart Cities - Richard Schomberg
From Smart Grid to Smart Cities - Richard SchombergFrom Smart Grid to Smart Cities - Richard Schomberg
From Smart Grid to Smart Cities - Richard SchombergIPPAI
 
INAUGURAL ADDRESS - Mr. Harry Dhaul
INAUGURAL ADDRESS - Mr. Harry DhaulINAUGURAL ADDRESS - Mr. Harry Dhaul
INAUGURAL ADDRESS - Mr. Harry DhaulIPPAI
 
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...IPPAI
 
Smart Water and Waste Management for Smart Cities - Mr. James Dunning
Smart Water and Waste Management for Smart Cities - Mr. James DunningSmart Water and Waste Management for Smart Cities - Mr. James Dunning
Smart Water and Waste Management for Smart Cities - Mr. James DunningIPPAI
 
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...IPPAI
 
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...IPPAI
 
Importance of Innovation for Water and Water Management for Smart Cities - As...
Importance of Innovation for Water and Water Management for Smart Cities - As...Importance of Innovation for Water and Water Management for Smart Cities - As...
Importance of Innovation for Water and Water Management for Smart Cities - As...IPPAI
 
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum ParwezSmart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum ParwezIPPAI
 

More from IPPAI (20)

The Move Towards Sustainable Transport in London - Mr. Steve Kearns
The Move Towards Sustainable Transport in London - Mr. Steve KearnsThe Move Towards Sustainable Transport in London - Mr. Steve Kearns
The Move Towards Sustainable Transport in London - Mr. Steve Kearns
 
Standards – building blocks of the Smart City - Michael Mulquin
Standards – building blocks of the Smart City - Michael MulquinStandards – building blocks of the Smart City - Michael Mulquin
Standards – building blocks of the Smart City - Michael Mulquin
 
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
 
Smart City Principles - Rogier van den Berg
Smart City Principles - Rogier van den BergSmart City Principles - Rogier van den Berg
Smart City Principles - Rogier van den Berg
 
TImportance of certification and standardization for Smart Cities - Mr. Raymo...
TImportance of certification and standardization for Smart Cities - Mr. Raymo...TImportance of certification and standardization for Smart Cities - Mr. Raymo...
TImportance of certification and standardization for Smart Cities - Mr. Raymo...
 
Smart, Secure and Sustainable Cities India – Mr. Trevor Gibson
Smart, Secure and Sustainable Cities India – Mr. Trevor GibsonSmart, Secure and Sustainable Cities India – Mr. Trevor Gibson
Smart, Secure and Sustainable Cities India – Mr. Trevor Gibson
 
Industry Qualifications India - Cdr(Retd.) Kartik Vig
Industry Qualifications India - Cdr(Retd.) Kartik VigIndustry Qualifications India - Cdr(Retd.) Kartik Vig
Industry Qualifications India - Cdr(Retd.) Kartik Vig
 
Future cities catapult - Dr. Cathy Mulligan
Future cities catapult - Dr. Cathy MulliganFuture cities catapult - Dr. Cathy Mulligan
Future cities catapult - Dr. Cathy Mulligan
 
Can the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
Can the dream of 100% renewable energy be a reality? - Mr. Ken DragoonCan the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
Can the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
 
Smart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
Smart Cities, Smart Consequences? - Mr. Devdutt PattanaikSmart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
Smart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
 
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
 
The Road to Smart Cities - Jeet Mistry
The Road to Smart Cities - Jeet MistryThe Road to Smart Cities - Jeet Mistry
The Road to Smart Cities - Jeet Mistry
 
From Smart Grid to Smart Cities - Richard Schomberg
From Smart Grid to Smart Cities - Richard SchombergFrom Smart Grid to Smart Cities - Richard Schomberg
From Smart Grid to Smart Cities - Richard Schomberg
 
INAUGURAL ADDRESS - Mr. Harry Dhaul
INAUGURAL ADDRESS - Mr. Harry DhaulINAUGURAL ADDRESS - Mr. Harry Dhaul
INAUGURAL ADDRESS - Mr. Harry Dhaul
 
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...
 
Smart Water and Waste Management for Smart Cities - Mr. James Dunning
Smart Water and Waste Management for Smart Cities - Mr. James DunningSmart Water and Waste Management for Smart Cities - Mr. James Dunning
Smart Water and Waste Management for Smart Cities - Mr. James Dunning
 
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
 
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
 
Importance of Innovation for Water and Water Management for Smart Cities - As...
Importance of Innovation for Water and Water Management for Smart Cities - As...Importance of Innovation for Water and Water Management for Smart Cities - As...
Importance of Innovation for Water and Water Management for Smart Cities - As...
 
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum ParwezSmart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
 

Recently uploaded

How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...SOFTTECHHUB
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...ssuserf63bd7
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Jiastral oracle
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfDanny Diep To
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsIndiaMART InterMESH Limited
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxShruti Mittal
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifeBhavana Pujan Kendra
 
Environmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw CompressorsEnvironmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw Compressorselgieurope
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerAggregage
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingrajputmeenakshi733
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfJamesConcepcion7
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers referencessuser2c065e
 
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Aggregage
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 

Recently uploaded (20)

How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan Dynamics
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptx
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in Life
 
WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
Environmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw CompressorsEnvironmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw Compressors
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon Harmer
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketing
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdf
 
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptxThe Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers reference
 
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 

Cyber Crimes and IT Risk Management Explained

  • 1. Cyber Crimes and IT Risk Management Nandakumar Shamanna
  • 2. © Det Norske Veritas AS. All rights reserved. 2
  • 3. © Det Norske Veritas AS. All rights reserved. 3
  • 4. © Det Norske Veritas AS. All rights reserved. 4
  • 5. What makes it different form terrestrial Crime They are easy to learn how to commit They are often not clearly illegal They can be committed in a jurisdiction without being physically present in it When done leaves no or less trace They require few resources relative to the potential damage caused © Det Norske Veritas AS. All rights reserved. 5
  • 6. to name a few  Cyber Terrorism  False Websites  Cyber Squatting  Phishing  Web Jacking  Auction Frauds  Internet Time Thefts  e-mail Spoofing  Email Bombing  Cyber Terrorism  Cyber Stalking  Pornography  Salami Attacks  Data Interference/Forgery/Interception  Hacking  Credit Card Fraud  Viruses/Worms/Trojans  Network Sabotage  Data Diddling  DOS  Cyber Blackmailing  Identity Fraud/Theft  Cyber Luring  Source code stealing  Intellectual Property crimes © Det Norske Veritas AS. All rights reserved. 6
  • 7.  Cyber terrorism: The deliberate destruction, disruption or distortion of digital data or information flows with widespread effect for political, religious or ideological reasons.  Cyber espionage is the act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using illegal exploitation methods on the Internet, networks or individual computers. © Det Norske Veritas AS. All rights reserved. 7
  • 8. The Impact……  Armies may cease to march  Stock Markets may crash  Businesses may be bankrupted  Individuals may lose their social identity  Threats not from novice teenagers : - but purposeful military, political, and criminal organizations © Det Norske Veritas AS. All rights reserved. 8
  • 9. - "This site has been hacked by ISI (Kashmir is ours), we want a hospital in Kashmir" - signed by - Mujahideen-ul-dawat © Det Norske Veritas AS. All rights reserved. 9
  • 10. Challenges to India's National Security India's reliance on technology is increasing as reflected from the fact that India is shifting gears by entering into facets of e-governance India has already brought sectors like defense, income tax, passport under the realm of e -governance The travel sector is also heavily reliant on this Most of the Indian banks have gone on full-scale computerization. This has also brought in concepts of e-commerce and e-banking The stock markets have also not remained immune Sectors like police and judiciary are to follow © Det Norske Veritas AS. All rights reserved. 10
  • 11. Cyber Crimes – Exploding Problem 11. India Share of malicious computer activity: 3% Malicious code rank: 3 Spam zombies rank: 11 Phishing web site hosts rank: 22 Bot rank: 20 Attack origin rank: 19 List of Top 20 Countries with the highest rate of Cybercrime (source: BusinessWeek/Symantec) Each country lists 6 contributing factors, share of malicious computer activity, malicious code rank, spam zombies rank, phishing web site hosts rank, bot rank and attack origin, to substantiate its cybercrime ranking. © Det Norske Veritas AS. All rights reserved. 11
  • 12. Extent of the Problem Source: National Crime Records Bureau, Statistics of Cyber Crimes, 2007 © Det Norske Veritas AS. All rights reserved. 12
  • 13. Extent of the Problem 2009 FBI-IC3 Internet Crime Report Friday, April 2nd, 2010 © Det Norske Veritas AS. All rights reserved. 13
  • 14. Extent of the Problem Ponemon Institute Research Report Publication Date: July 2010 © Det Norske Veritas AS. All rights reserved. 14
  • 15. Why Is Cyber Attack Possible?  Software Has Bugs/Networks Not Designed For Security: Engineering practices and technology used by system providers do not produce systems that are immune to attack  Implementation Is Poor: Network and System operators do not have the people and practices to defend against attacks and minimize damage  Law And Policy Lag Behind Dependence: Policy and law in cyber-space are immature and lag the pace of change © Det Norske Veritas AS. All rights reserved. 15
  • 16. Attack Sophistication vs. Intruder Technical Knowledge Auto Coordinated Cross site scripting Tools “stealth” / advanced High scanning techniques packet spoofing denial of service Staged sniffers distributed attack tools Intruder sweepers www attacks Knowledge automated probes/scans GUI back doors disabling audits network mgmt. diagnostics hijacking burglaries sessions Attack exploiting known vulnerabilities Sophistication password cracking self-replicating code password guessing Intruders Low 1980 1985 1990 1995 2000 © Det Norske Veritas AS. All rights reserved. 16
  • 17. Information Technology – Risk Management
  • 18. New risk reality  Today we are operating in an increasingly more global, complex and demanding risk environment with “zero tolerance” for failure  Even as there is Increased demands for transparency the Challenges of businesses or the State remain due to Increasing IT vulnerability  There must be a balance between Transparency and Security  Stricter regulatory requirements © Det Norske Veritas AS. All rights reserved. 18
  • 19. Definition of risk Risk is an event that occurs with a certain frequency/ probability and that has consequences towards one or more goals/objectives Risk Level = Frequency/ Probability combined with Consequence THREAT EXPLOIT VULNERABILITY PROBABILITY x CONSEQUENCE = RISK DAMAGE ASSET © Det Norske Veritas AS. All rights reserved. 19
  • 20. Approach - Work process and method The Risk Management Approach ensures that mapping of risk exposure, treatment of risks and follow-up are carried out in a structured manner Communication Initiation Uncertainty Risk Actions Implementation & focusing Identification Analysis Planning & follow-up Documentation © Det Norske Veritas AS. All rights reserved. 20
  • 21. 2 Actions planning – handling strategy  Alter the risk - Preventive measures reduce the probability of the event - Corrective measures reduce the consequence of the event - Plan for that event happen - Avoid escalation - Recovery plan Risk Reduction Risk Transfer  Transfer the risk - Disclaim responsibility; write a contract, take out insurance etc.  Avoid the risk - Eliminate by stopping the activity  Accept the risk - Continue as before; the activity remains unchanged Risk Avoidance Risk Acceptance © Det Norske Veritas AS. All rights reserved. 21
  • 22. Implement Security Systems to combat Cyber Crimes
  • 23. the solutions…. - Technology  Firewalls, Intrusion Prevention System  Public Key Infrastructure  High Grade Encryption Technologies  Optical Fiber Links  Vulnerability/Risk Assessment  Cyber Forensics  Honey Pots  VPN  Biometrics, Access Control  Backups (System Redundancy)  Incident Response Actions © Det Norske Veritas AS. All rights reserved. 23
  • 24. the solutions…. - Processes  Reduction in the Operation flexibility (Segregation of Duties)  Effective Organization Procedures and Policies  Security/System Auditing  Training to the employees  Government-to-Government coordination  Recognizing Shortage of skilled cyber security workers  Creation of Cyber Army  Cooperation & Information Sharing  Investment in information assurance systems  Increased R&D funding  Development of cyber ethics  Mutual cooperation with law enforcement © Det Norske Veritas AS. All rights reserved. 24
  • 25. Security Models and Frameworks
  • 26. ISO 27000 Series - Published standards  ISO/IEC 27000 — Information security management systems — Overview and vocabulary  ISO/IEC 27001 — Information security management systems — Requirements  ISO/IEC 27002 — Code of practice for information security management  ISO/IEC 27003 — Information security management system implementation guidance  ISO/IEC 27004 — Information security management — Measurement  ISO/IEC 27005 — Information security risk management  ISO/IEC 27006 — Requirements for bodies providing audit and certification of information security management systems  ISO/IEC 27011 — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002  ISO/IEC 27033-1 - Network security overview and concepts  ISO 27799 - Information security management in health using ISO/IEC 27002 [standard produced by the Health Infomatics group within ISO, independently of ISO/IEC JTC1/SC27] © Det Norske Veritas AS. All rights reserved. 26
  • 27. ISO 27000 Series - In preparation  ISO/IEC 27007 - Guidelines for information security management systems auditing (focused on the management system)  ISO/IEC 27008 - Guidance for auditors on ISMS controls (focused on the information security controls)  ISO/IEC 27013 - Guideline on the integrated implementation of ISO/IEC 20000-1 and ISO/IEC 27001  ISO/IEC 27014 - Information security governance framework  ISO/IEC 27015 - Information security management guidelines for the finance and insurance sectors  ISO/IEC 27031 - Guideline for ICT readiness for business continuity (essentially the ICT continuity component within business continuity management)  ISO/IEC 27032 - Guideline for cybersecurity (essentially, 'being a good neighbor' on the Internet)  ISO/IEC 27033 - IT network security, a multi-part standard based on ISO/IEC 18028:2006 (part 1 is published already)  ISO/IEC 27034 - Guideline for application security  ISO/IEC 27035 - Security incident management  ISO/IEC 27036 - Guidelines for security of outsourcing  ISO/IEC 27037 - Guidelines for identification, collection and/or acquisition and preservation of digital evidence © Det Norske Veritas AS. All rights reserved. 27
  • 28. Other IT Security Management Models Common Criteria (CC)  Common Criteria for Information Technology Security Evaluation - ISO 15408 - Framework for specification of evaluation FISMA  Federal Information Systems Management Act – US Information Security Forum (ISF)  Standard of Good Practice for Information Security ITIL  Information Technology Infrastructure Library NIST  library of freely available resources - http://csrc.nist.gov  Security Self-Assessment Guide for Information Technology Systems 800-26 © Det Norske Veritas AS. All rights reserved.
  • 29. Other IT Security Management Models PCI  Payment Card Industry Data Security Standards - 6 Control Objectives - 12 Requirements Securities and Financial - Basel II - COSO - SOX RFC 2196  RFC 2196 is memorandum published by Internet Engineering Task Force for developing security policies and procedures for information systems connected on the Internet. Statement on Auditing Standards No. 70: Service Organizations  SAS 70 provides guidance to service auditors when assessing the internal controls of a service organization and issuing a service auditor’s report. SAS 70 also provides guidance to auditors of financial statements of an entity that uses one or more service organizations. © Det Norske Veritas AS. All rights reserved.
  • 30. IT Governance Models COBIT  ISACA (Information Systems Audit and Control Association) © Det Norske Veritas AS. All rights reserved.
  • 31. The CALDER-MOIR IT Governance Framework There are many IT-related management frameworks, standards and methodologies in use today. None of them, on their own, are complete IT governance frameworks, but they all have a useful role to play in assisting organizations manage and govern their IT operations more effectively. The CALDER-MOIR IT Governance Framework is designed to help get maximum benefit from all these overlapping and competing frameworks and standards, and also to deploy the best practice guidance contained in the international standard for IT governance, ISO/IEC 38500. © Det Norske Veritas AS. All rights reserved. 31
  • 32. Governance & Cyber Crime - Cost Comparison Ponemon Institute Research Report Publication Date: July 2010 © Det Norske Veritas AS. All rights reserved. 32
  • 33. Cyber Crimes and Law Electronic Signature Laws U.S. - Electronic Signatures in Global and National Commerce Act U.S. - Uniform Electronic Transactions Act - adopted by 46 states U.S. - Digital Signature And Electronic Authentication Law U.S. - Government Paperwork Elimination Act (GPEA) U.S. - The Uniform Commercial Code (UCC) UK - s.7 Electronic Communications Act 2000 European Union - Electronic Signature Directive (1999/93/EC) Mexico - E-Commerce Act [2000] Costa Rica - Digital Signature Law 8454 (2005) Australia - Electronic Transactions Act 1999 (Cth) (also note that there is State and Territory mirror legislation) Information Technology Act 2000 of India Information Technology Laws Computer Misuse Act 1990 Florida Electronic Security Act Illinois Electronic Commerce Security Act Texas Penal Code - Computer Crimes Statute Maine Criminal Code - Computer Crimes Singapore Electronic Transactions Act Malaysia Computer Crimes Act Malaysia Digital Signature Act UNCITRAL Model Law on Electronic Commerce Information Technology Act 2000 of India © Det Norske Veritas AS. All rights reserved. 33
  • 34. Cyber Security Initiatives by Government of India Cybercrime provisions under IT Act,2000 Offences & Relevant Sections under IT Act Tampering with Computer source documents Sec.65 Hacking with Computer systems, Data alteration Sec.66 Publishing obscene information Sec.67 Un-authorized access to protected system Sec.70 Breach of Confidentiality and Privacy Sec.72 Publishing false digital signature certificates Sec.73 © Det Norske Veritas AS. All rights reserved. 34
  • 35. Cyber Security Initiatives by Government of India National Informatics Centre (NIC) Indian Computer Emergency Response Team (Cert-In) National Information Security Assurance Programme (NISAP) Indo-US Cyber Security Forum (IUSCSF) © Det Norske Veritas AS. All rights reserved. 35
  • 36. Conclusion  Majority of on-line threat is cyber crime  Cyber terror is still emerging - Evolving threat - Integrating critical missions with general Internet - Increasing damage/speed of attacks - Continued vulnerability of off-the-shelf software © Det Norske Veritas AS. All rights reserved. 36
  • 37. Conclusion Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. However it is quite possible to check them. Hence, the possible steps to counter Cyber crimes are to :  make people aware of their rights and duties (to report crime as a collective duty towards the society)  making the application of the laws more stringent to check crime  implement good IT Security systems and governance models to reduce the possibilities of cyber crimes  to bring about increased awareness amongst the law keepers of the State on Cyber crimes © Det Norske Veritas AS. All rights reserved. 37
  • 38. Conclusion  To counter cyberthreats, India should immediately establish a National center on information systems security  It should tap the expertise of universities and private software and internet companies  In addition to the government and defense sectors it should cater to the banking sector, stock exchanges, telecom and internet networks, power and water supplies, and transportation. © Det Norske Veritas AS. All rights reserved. 38
  • 39. Safeguarding life, property and the environment www.dnv.com © Det Norske Veritas AS. All rights reserved. 39