1. Information Security and Bangladesh
Name: Umme Habiba
ID: 142-15-3677,Section: B
Abstract
Information is critical to any business and paramount to the survival of
any organization in today’s globalized digital economy. IT professionals
must have core knowledge of information security management and the
governance requirements involved. This report investigates the evolution
of information security; where it came from, where it is today and the
direction in which it is moving. It is argued that information security is
not about looking at the past in anger of an attack once faced; neither is
it about looking at the present in fear of being attacked; nor about
looking at the future with uncertainty about what might befall us. The
message is that organizations and individuals must be alert at all times.
Furthermore, this report also highlights critical information security
issues that are being overlooked or not being addressed by research
efforts currently undertaken. New research efforts are required that
minimize the gap between regulatory issues and technical
implementations.
Keywords
Information security; Information security topics; Goals; Information
security trends; Security implementation approach.
2. 1. Introduction:
Information security has evolved from addressing minor and harmless
security breaches to managing those with a huge impact on
organizations’ economic growth.
Information security: a “well-informed sense of assurance that the
information risks and controls are in balance.” —James Anderson,
Inovant (2002)
IT professionals must have core knowledge of information security
management and the governance requirements involved. The IT industry
is a relatively new sector in the country's economy. Though it is yet to
make tangible contributions in the national economy, it is an important
growth industry. Comparatively, the information security of Bangladesh
is not as much better as others developed country.
2. Information security:
The protection of information and its critical elements, including
systems and hardware that use, store, and transmit that information. The
best offense is a good defense when it comes to our network’s security.
Security testing and assessments provide organizations with the
knowledge, expertise and efficiency needed to conduct thorough security
and risk evaluations of our environment.
Necessary tools: policy, awareness, training, education, technology
3. Fig.1: Components of Information Security
3. Goals:
A primary goal of information security is to fulfill the above demands
that clarify how reliable our security is! Controlling access to sensitive
information is crucial to the security of any organization. Information
security can be decomposed into three basic categories:
making sure that those who should not see
information.
making sure that the information has not been changed from
its original.
4. making sure that the information is available for use
when you need it.
These categories are not mutually exclusive as a loss in confidentiality
can often times lead to a loss in integrity and/or availability. Many
different security models have been proposed to help address the
concerns of confidentiality, integrity and availability.
4. Approaches to Information Security Implementation:
A. Bottom-Up Approach:
Grassroots effort: systems administrators attempt to improve security
of their systems
Key advantage: technical expertise of individual administrators
Seldom works, as it lacks a number of critical features:
Participant support
Organizational staying power
B. Top-Down Approach:
Initiated by upper management
Issue policy, procedures and processes
Dictate goals and expected outcomes of project
Determine accountability for each required action
The most successful also involve formal development strategy referred
to as systems development life cycle.
5. Fig.2: Approaches to Information Security Implementation.
5.Information security trends in Bangladesh:
Located in South Asia, Bangladesh is an Islamic country with a young
and rapidly growing population of 164 million.
According to the BASIS 2012 survey the ICT industry has consistently
grown in recent years at 20 to 30 percent per annum. Over 800
registered ICT companies generated total revenues of approximately
$250 million. More than 75 percent of companies are involved in
customized application development and maintenance, 50 percent are
dedicated to IT enabled services, and 45 percent offer E-commerce/Web
services. The survey also shows that 60 percent of companies solely
focus on the domestic market.
6. According to this survey, we can say that our ICT industry has grown up
day by day and plays a vital role on our economy. That’s why our
information security system needs to be modified for our future
betterment and improvement.
In February 2012, Bangladesh Declared Cyber War against India on the
Protest of Unjust Border Killings By Indian BSF and Indian Cyber
Warriors and finally Bangladesh defeated India. That means our security
system was not bad but it is not satisfactory at all as several time it’s
bank are hacked by outer country’s hacker.
Capitalizing on weaknesses in the security of the Bangladesh Central
Bank, including the possible involvement of some of its employees,[6]
perpetrators attempted to steal $951 million from the Bangladesh central
bank's account with the Federal Reserve Bank of New York sometime
between February 4–5 in 2016 when Bangladesh Bank's offices were
closed. The perpetrators managed to compromise Bangladesh Bank's
computer network, observe how transfers are done, and gain access to
the bank's credentials for payment transfers. They used these credentials
to authorize about three dozen requests to the Federal Reserve Bank of
New York to transfer funds from the account Bangladesh Bank held
there to accounts in Sri Lanka and the Philippines.
Thirty transactions worth $851 million were flagged by the banking
system for staff review, but five requests were granted; $20 million to
Sri Lanka (later recovered[7][8]), and $81 million lost to the Philippines,
entering the Southeast Asian country's banking system on February 5,
2016. This money was laundered through casinos and some later
transferred to Hong Kong.
In 2013, the Sonali Bank of Bangladesh was also successfully targeted
by hackers who were able to cart away US$250,000. In 2015, two other
7. hacking attempts were recorded, a $12 million theft from Banco del
Austro in Ecuador in January and an attack on Vietnam's Tien Phong
Bank in December that was not successful. In all these cases, the
perpetrators are suspected to have been aided by insiders within the
targeted banks, who assisted in taking advantage of weaknesses within
the SWIFT global payment network.
Investigation
Initially, Bangladesh Bank was uncertain if its system had been
compromised. The governor of the central bank engaged World
Informatics Cyber Security, a US based firm, to lead the security
incident response, vulnerability assessment and remediation. World
Informatics Cyber Security brought in the leading forensic investigation
company Mandiant, a FireEye company, for the investigation. These
cyber security experts found "footprints" and malware of hackers, which
suggested that the system had been breached. The investigators also said
that the hackers were based outside Bangladesh. An internal
investigation has been launched by Bangladesh Bank regarding the case.
The Bangladesh Bank's forensic investigation found out that malware
was installed within the bank's system sometime in January 2016, and
gathered information on the bank's operational procedures for
international payments and fund transfers.
The investigation also looked into an unsolved 2013 hacking incident at
the Sonali Bank, wherein US$250,000 was stolen by still unidentified
hackers. According to reports, just as in the 2016 Central Bank hack, the
8. theft also used fraudulent fund transfers using the Swift International
Payment Network. The incident was treated by Bangladeshi police
authorities as a cold-case until the suspiciously similar 2016 Bangladesh
Central Bank heist.
Bangladesh Bank chief governor Atiur Rahman resigned from his post
amid the current investigation of the heist and money laundering. He
submitted his resignation letter to Prime Minister Sheikh Hasina on
March 15, 2016. Before the resignation was made public, Rahman stated
that he would resign for the sake of his country.
6. Conclusion:
Information security is a “well-informed sense of assurance that the
information risks and controls are in balance.” Computer security began
immediately after first mainframes were developed. Successful
organizations have multiple layers of security in place: physical,
personal, operations, communications, network, and information.
Security should be considered a balance between protection and
availability. Information security must be managed similar to any major
system implemented in an organization using a methodology like
SecSDLC.
At last, I want to say that information of any country is as like as
backbone of its. So, it’s security protection need to be a great
concerning and sensitive issue of all country for more secure life.
7. References
[1] https://en.wikipedia.org/wiki/Information_security
9. [2] https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist
[3] http://www.sciencedirect.com/science/article/pii/S016740480
8001168
[4] http://newsinfo.inquirer.net/773842/bangladesh-central-bank-
governor-quits-over-81m-heist
[5] http://www.thedailystar.net/news-detail-120615
[6] http://www.journals.elsevier.com/journal-of-information-security-
and-applications/call-for-papers/special-issue-on-security-and-
dependability-of-internet-of-t
[7]http://www.computerweekly.com/feature/How-to-create-a-good-
information-security-policy
[8]Anderson, J. M. (2003). "Why we need a new definition of
information security".Computers & Security, 22(4), 308–313.
doi:10.1016/S0167-4048(03)00407-3.
[9]Jump up^ Venter, H. S., & Eloff, J. H. P. (2003). "A taxonomy for
information security technologies".Computers & Security, 22(4), 299–
307. doi:10.1016/S0167-4048(03)00406-1.
[10] https://www.youtube.com/watch?v=MsCe1x3zLAU