SlideShare una empresa de Scribd logo

S nandakumar

IPPAI
IPPAI
EmpresarialesTecnología
1 de 39
Cyber Crimes and IT Risk Management Nandakumar Shamanna
© Det Norske Veritas AS. All rights reserved. 2
© Det Norske Veritas AS. All rights reserved. 3
© Det Norske Veritas AS. All rights reserved. 4
What makes it different form terrestrial Crime They are easy to learn how to commit They are often not clearly illegal They can be committed in a jurisdiction without being physically present in it When done leaves no or less trace They require few resources relative to the potential damage caused © Det Norske Veritas AS. All rights reserved. 5
to name a few  Cyber Terrorism  False Websites  Cyber Squatting  Phishing  Web Jacking  Auction Frauds  Internet Time Thefts  e-mail Spoofing  Email Bombing  Cyber Terrorism  Cyber Stalking  Pornography  Salami Attacks  Data Interference/Forgery/Interception  Hacking  Credit Card Fraud  Viruses/Worms/Trojans  Network Sabotage  Data Diddling  DOS  Cyber Blackmailing  Identity Fraud/Theft  Cyber Luring  Source code stealing  Intellectual Property crimes © Det Norske Veritas AS. All rights reserved. 6
 Cyber terrorism: The deliberate destruction, disruption or distortion of digital data or information flows with widespread effect for political, religious or ideological reasons.  Cyber espionage is the act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using illegal exploitation methods on the Internet, networks or individual computers. © Det Norske Veritas AS. All rights reserved. 7
The Impact……  Armies may cease to march  Stock Markets may crash  Businesses may be bankrupted  Individuals may lose their social identity  Threats not from novice teenagers : - but purposeful military, political, and criminal organizations © Det Norske Veritas AS. All rights reserved. 8
- "This site has been hacked by ISI (Kashmir is ours), we want a hospital in Kashmir" - signed by - Mujahideen-ul-dawat © Det Norske Veritas AS. All rights reserved. 9
Challenges to India's National Security India's reliance on technology is increasing as reflected from the fact that India is shifting gears by entering into facets of e-governance India has already brought sectors like defense, income tax, passport under the realm of e -governance The travel sector is also heavily reliant on this Most of the Indian banks have gone on full-scale computerization. This has also brought in concepts of e-commerce and e-banking The stock markets have also not remained immune Sectors like police and judiciary are to follow © Det Norske Veritas AS. All rights reserved. 10
Cyber Crimes – Exploding Problem 11. India Share of malicious computer activity: 3% Malicious code rank: 3 Spam zombies rank: 11 Phishing web site hosts rank: 22 Bot rank: 20 Attack origin rank: 19 List of Top 20 Countries with the highest rate of Cybercrime (source: BusinessWeek/Symantec) Each country lists 6 contributing factors, share of malicious computer activity, malicious code rank, spam zombies rank, phishing web site hosts rank, bot rank and attack origin, to substantiate its cybercrime ranking. © Det Norske Veritas AS. All rights reserved. 11
Extent of the Problem Source: National Crime Records Bureau, Statistics of Cyber Crimes, 2007 © Det Norske Veritas AS. All rights reserved. 12
Extent of the Problem 2009 FBI-IC3 Internet Crime Report Friday, April 2nd, 2010 © Det Norske Veritas AS. All rights reserved. 13
Extent of the Problem Ponemon Institute Research Report Publication Date: July 2010 © Det Norske Veritas AS. All rights reserved. 14
Why Is Cyber Attack Possible?  Software Has Bugs/Networks Not Designed For Security: Engineering practices and technology used by system providers do not produce systems that are immune to attack  Implementation Is Poor: Network and System operators do not have the people and practices to defend against attacks and minimize damage  Law And Policy Lag Behind Dependence: Policy and law in cyber-space are immature and lag the pace of change © Det Norske Veritas AS. All rights reserved. 15
Attack Sophistication vs. Intruder Technical Knowledge Auto Coordinated Cross site scripting Tools “stealth” / advanced High scanning techniques packet spoofing denial of service Staged sniffers distributed attack tools Intruder sweepers www attacks Knowledge automated probes/scans GUI back doors disabling audits network mgmt. diagnostics hijacking burglaries sessions Attack exploiting known vulnerabilities Sophistication password cracking self-replicating code password guessing Intruders Low 1980 1985 1990 1995 2000 © Det Norske Veritas AS. All rights reserved. 16
Information Technology – Risk Management
New risk reality  Today we are operating in an increasingly more global, complex and demanding risk environment with “zero tolerance” for failure  Even as there is Increased demands for transparency the Challenges of businesses or the State remain due to Increasing IT vulnerability  There must be a balance between Transparency and Security  Stricter regulatory requirements © Det Norske Veritas AS. All rights reserved. 18
Definition of risk Risk is an event that occurs with a certain frequency/ probability and that has consequences towards one or more goals/objectives Risk Level = Frequency/ Probability combined with Consequence THREAT EXPLOIT VULNERABILITY PROBABILITY x CONSEQUENCE = RISK DAMAGE ASSET © Det Norske Veritas AS. All rights reserved. 19
Approach - Work process and method The Risk Management Approach ensures that mapping of risk exposure, treatment of risks and follow-up are carried out in a structured manner Communication Initiation Uncertainty Risk Actions Implementation & focusing Identification Analysis Planning & follow-up Documentation © Det Norske Veritas AS. All rights reserved. 20
2 Actions planning – handling strategy  Alter the risk - Preventive measures reduce the probability of the event - Corrective measures reduce the consequence of the event - Plan for that event happen - Avoid escalation - Recovery plan Risk Reduction Risk Transfer  Transfer the risk - Disclaim responsibility; write a contract, take out insurance etc.  Avoid the risk - Eliminate by stopping the activity  Accept the risk - Continue as before; the activity remains unchanged Risk Avoidance Risk Acceptance © Det Norske Veritas AS. All rights reserved. 21
Implement Security Systems to combat Cyber Crimes
the solutions…. - Technology  Firewalls, Intrusion Prevention System  Public Key Infrastructure  High Grade Encryption Technologies  Optical Fiber Links  Vulnerability/Risk Assessment  Cyber Forensics  Honey Pots  VPN  Biometrics, Access Control  Backups (System Redundancy)  Incident Response Actions © Det Norske Veritas AS. All rights reserved. 23
the solutions…. - Processes  Reduction in the Operation flexibility (Segregation of Duties)  Effective Organization Procedures and Policies  Security/System Auditing  Training to the employees  Government-to-Government coordination  Recognizing Shortage of skilled cyber security workers  Creation of Cyber Army  Cooperation & Information Sharing  Investment in information assurance systems  Increased R&D funding  Development of cyber ethics  Mutual cooperation with law enforcement © Det Norske Veritas AS. All rights reserved. 24
Security Models and Frameworks
ISO 27000 Series - Published standards  ISO/IEC 27000 — Information security management systems — Overview and vocabulary  ISO/IEC 27001 — Information security management systems — Requirements  ISO/IEC 27002 — Code of practice for information security management  ISO/IEC 27003 — Information security management system implementation guidance  ISO/IEC 27004 — Information security management — Measurement  ISO/IEC 27005 — Information security risk management  ISO/IEC 27006 — Requirements for bodies providing audit and certification of information security management systems  ISO/IEC 27011 — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002  ISO/IEC 27033-1 - Network security overview and concepts  ISO 27799 - Information security management in health using ISO/IEC 27002 [standard produced by the Health Infomatics group within ISO, independently of ISO/IEC JTC1/SC27] © Det Norske Veritas AS. All rights reserved. 26
ISO 27000 Series - In preparation  ISO/IEC 27007 - Guidelines for information security management systems auditing (focused on the management system)  ISO/IEC 27008 - Guidance for auditors on ISMS controls (focused on the information security controls)  ISO/IEC 27013 - Guideline on the integrated implementation of ISO/IEC 20000-1 and ISO/IEC 27001  ISO/IEC 27014 - Information security governance framework  ISO/IEC 27015 - Information security management guidelines for the finance and insurance sectors  ISO/IEC 27031 - Guideline for ICT readiness for business continuity (essentially the ICT continuity component within business continuity management)  ISO/IEC 27032 - Guideline for cybersecurity (essentially, 'being a good neighbor' on the Internet)  ISO/IEC 27033 - IT network security, a multi-part standard based on ISO/IEC 18028:2006 (part 1 is published already)  ISO/IEC 27034 - Guideline for application security  ISO/IEC 27035 - Security incident management  ISO/IEC 27036 - Guidelines for security of outsourcing  ISO/IEC 27037 - Guidelines for identification, collection and/or acquisition and preservation of digital evidence © Det Norske Veritas AS. All rights reserved. 27
Other IT Security Management Models Common Criteria (CC)  Common Criteria for Information Technology Security Evaluation - ISO 15408 - Framework for specification of evaluation FISMA  Federal Information Systems Management Act – US Information Security Forum (ISF)  Standard of Good Practice for Information Security ITIL  Information Technology Infrastructure Library NIST  library of freely available resources - http://csrc.nist.gov  Security Self-Assessment Guide for Information Technology Systems 800-26 © Det Norske Veritas AS. All rights reserved.
Other IT Security Management Models PCI  Payment Card Industry Data Security Standards - 6 Control Objectives - 12 Requirements Securities and Financial - Basel II - COSO - SOX RFC 2196  RFC 2196 is memorandum published by Internet Engineering Task Force for developing security policies and procedures for information systems connected on the Internet. Statement on Auditing Standards No. 70: Service Organizations  SAS 70 provides guidance to service auditors when assessing the internal controls of a service organization and issuing a service auditor’s report. SAS 70 also provides guidance to auditors of financial statements of an entity that uses one or more service organizations. © Det Norske Veritas AS. All rights reserved.
IT Governance Models COBIT  ISACA (Information Systems Audit and Control Association) © Det Norske Veritas AS. All rights reserved.
The CALDER-MOIR IT Governance Framework There are many IT-related management frameworks, standards and methodologies in use today. None of them, on their own, are complete IT governance frameworks, but they all have a useful role to play in assisting organizations manage and govern their IT operations more effectively. The CALDER-MOIR IT Governance Framework is designed to help get maximum benefit from all these overlapping and competing frameworks and standards, and also to deploy the best practice guidance contained in the international standard for IT governance, ISO/IEC 38500. © Det Norske Veritas AS. All rights reserved. 31
Governance & Cyber Crime - Cost Comparison Ponemon Institute Research Report Publication Date: July 2010 © Det Norske Veritas AS. All rights reserved. 32
Cyber Crimes and Law Electronic Signature Laws U.S. - Electronic Signatures in Global and National Commerce Act U.S. - Uniform Electronic Transactions Act - adopted by 46 states U.S. - Digital Signature And Electronic Authentication Law U.S. - Government Paperwork Elimination Act (GPEA) U.S. - The Uniform Commercial Code (UCC) UK - s.7 Electronic Communications Act 2000 European Union - Electronic Signature Directive (1999/93/EC) Mexico - E-Commerce Act [2000] Costa Rica - Digital Signature Law 8454 (2005) Australia - Electronic Transactions Act 1999 (Cth) (also note that there is State and Territory mirror legislation) Information Technology Act 2000 of India Information Technology Laws Computer Misuse Act 1990 Florida Electronic Security Act Illinois Electronic Commerce Security Act Texas Penal Code - Computer Crimes Statute Maine Criminal Code - Computer Crimes Singapore Electronic Transactions Act Malaysia Computer Crimes Act Malaysia Digital Signature Act UNCITRAL Model Law on Electronic Commerce Information Technology Act 2000 of India © Det Norske Veritas AS. All rights reserved. 33
Cyber Security Initiatives by Government of India Cybercrime provisions under IT Act,2000 Offences & Relevant Sections under IT Act Tampering with Computer source documents Sec.65 Hacking with Computer systems, Data alteration Sec.66 Publishing obscene information Sec.67 Un-authorized access to protected system Sec.70 Breach of Confidentiality and Privacy Sec.72 Publishing false digital signature certificates Sec.73 © Det Norske Veritas AS. All rights reserved. 34
Cyber Security Initiatives by Government of India National Informatics Centre (NIC) Indian Computer Emergency Response Team (Cert-In) National Information Security Assurance Programme (NISAP) Indo-US Cyber Security Forum (IUSCSF) © Det Norske Veritas AS. All rights reserved. 35
Conclusion  Majority of on-line threat is cyber crime  Cyber terror is still emerging - Evolving threat - Integrating critical missions with general Internet - Increasing damage/speed of attacks - Continued vulnerability of off-the-shelf software © Det Norske Veritas AS. All rights reserved. 36
Conclusion Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. However it is quite possible to check them. Hence, the possible steps to counter Cyber crimes are to :  make people aware of their rights and duties (to report crime as a collective duty towards the society)  making the application of the laws more stringent to check crime  implement good IT Security systems and governance models to reduce the possibilities of cyber crimes  to bring about increased awareness amongst the law keepers of the State on Cyber crimes © Det Norske Veritas AS. All rights reserved. 37
Conclusion  To counter cyberthreats, India should immediately establish a National center on information systems security  It should tap the expertise of universities and private software and internet companies  In addition to the government and defense sectors it should cater to the banking sector, stock exchanges, telecom and internet networks, power and water supplies, and transportation. © Det Norske Veritas AS. All rights reserved. 38
Safeguarding life, property and the environment www.dnv.com © Det Norske Veritas AS. All rights reserved. 39

Recomendados

DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015
Andrzej Bartosiewicz
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Andrea Rossetti
 
RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De Souza
guest8a3b501b
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat
Luc Beirens
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignment
cparimala
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
Zsolt Nemeth
 
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...
London Metropolitan - UK
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
 

Recomendados

DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015
Andrzej Bartosiewicz
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Andrea Rossetti
 
RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De Souza
guest8a3b501b
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat
Luc Beirens
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignment
cparimala
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
Zsolt Nemeth
 
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...
EC-Council University (Cyber Talks) - THE BIGGEST CYBER HAWK AND PRYING EYE T...
London Metropolitan - UK
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
Iaetsd Iaetsd
 
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And TerrorismCe Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Kislaychd
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
NTT Innovation Institute Inc.
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
24sneha
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
Symantec
 
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
IBM Danmark
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ES
Allen Informática
 
Hackers
HackersHackers
Hackers
Alvaro Cipriano
 
Hackers
HackersHackers
Hackers
guesta04f59b
 
Security Wars
Security WarsSecurity Wars
Security Wars
Ikuo Takahashi
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013
The eCore Group
 
Name parul
Name parulName parul
Name parul
Parul231
 
TD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoorsTD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoors
th3prodevelopper
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
spoofyroot
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Security B-Sides
 
3 f6 security
3 f6 security3 f6 security
3 f6 security
op205
 
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional security
defquon
 
Thornton e authentication guidance
Thornton e authentication guidanceThornton e authentication guidance
Thornton e authentication guidance
Hai Nguyen
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
Meghna Verma
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
CSA Argentina
 
Marcos de gobierno de ti
Marcos de gobierno de tiMarcos de gobierno de ti
Marcos de gobierno de ti
Rosmery Banr
 

Más contenido relacionado

La actualidad más candente

Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And TerrorismCe Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Kislaychd
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
NTT Innovation Institute Inc.
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
24sneha
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
Symantec
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Security B-Sides
 
3 f6 security
3 f6 security3 f6 security
3 f6 security
op205
 

La actualidad más candente (19)

Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
 
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And TerrorismCe Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
 
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ES
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Security Wars
Security WarsSecurity Wars
Security Wars
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013
 
Name parul
Name parulName parul
Name parul
 
TD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoorsTD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoors
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
3 f6 security
3 f6 security3 f6 security
3 f6 security
 
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional security
 
Thornton e authentication guidance
Thornton e authentication guidanceThornton e authentication guidance
Thornton e authentication guidance
 

Destacado

Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
Meghna Verma
 
Marcos de gobierno de ti
Marcos de gobierno de tiMarcos de gobierno de ti
Marcos de gobierno de ti
Rosmery Banr
 

Destacado (6)

Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
Marcos de gobierno de ti
Marcos de gobierno de tiMarcos de gobierno de ti
Marcos de gobierno de ti
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT Processes
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Enterprise Architecture Frameworks
Enterprise Architecture FrameworksEnterprise Architecture Frameworks
Enterprise Architecture Frameworks
 

Similar a S nandakumar

Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)
Mohammad Ahmed
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-final
Marco Morana
 
Isaca june 19, 2010
Isaca june 19, 2010Isaca june 19, 2010
Isaca june 19, 2010
Vicky Shah
 
cybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdfcybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdf
ssuserd25aae
 

Similar a S nandakumar (20)

Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-final
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
cyber crime
cyber crimecyber crime
cyber crime
 
Computer Crimes
Computer CrimesComputer Crimes
Computer Crimes
 
Isaca june 19, 2010
Isaca june 19, 2010Isaca june 19, 2010
Isaca june 19, 2010
 
cybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdfcybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdf
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentation
 
Cyber crime against property
Cyber crime against propertyCyber crime against property
Cyber crime against property
 
UNIT 1.pptx
UNIT 1.pptxUNIT 1.pptx
UNIT 1.pptx
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics
 
Cyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj AhirwarCyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj Ahirwar
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber crime and security
Cyber crime and security Cyber crime and security
Cyber crime and security
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks Trends
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 

Más de IPPAI

Más de IPPAI (20)

The Move Towards Sustainable Transport in London - Mr. Steve Kearns
The Move Towards Sustainable Transport in London - Mr. Steve KearnsThe Move Towards Sustainable Transport in London - Mr. Steve Kearns
The Move Towards Sustainable Transport in London - Mr. Steve Kearns
 
Standards – building blocks of the Smart City - Michael Mulquin
Standards – building blocks of the Smart City - Michael MulquinStandards – building blocks of the Smart City - Michael Mulquin
Standards – building blocks of the Smart City - Michael Mulquin
 
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
 
Smart City Principles - Rogier van den Berg
Smart City Principles - Rogier van den BergSmart City Principles - Rogier van den Berg
Smart City Principles - Rogier van den Berg
 
TImportance of certification and standardization for Smart Cities - Mr. Raymo...
TImportance of certification and standardization for Smart Cities - Mr. Raymo...TImportance of certification and standardization for Smart Cities - Mr. Raymo...
TImportance of certification and standardization for Smart Cities - Mr. Raymo...
 
Smart, Secure and Sustainable Cities India – Mr. Trevor Gibson
Smart, Secure and Sustainable Cities India – Mr. Trevor GibsonSmart, Secure and Sustainable Cities India – Mr. Trevor Gibson
Smart, Secure and Sustainable Cities India – Mr. Trevor Gibson
 
Industry Qualifications India - Cdr(Retd.) Kartik Vig
Industry Qualifications India - Cdr(Retd.) Kartik VigIndustry Qualifications India - Cdr(Retd.) Kartik Vig
Industry Qualifications India - Cdr(Retd.) Kartik Vig
 
Future cities catapult - Dr. Cathy Mulligan
Future cities catapult - Dr. Cathy MulliganFuture cities catapult - Dr. Cathy Mulligan
Future cities catapult - Dr. Cathy Mulligan
 
Can the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
Can the dream of 100% renewable energy be a reality? - Mr. Ken DragoonCan the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
Can the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
 
Smart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
Smart Cities, Smart Consequences? - Mr. Devdutt PattanaikSmart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
Smart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
 
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
 
The Road to Smart Cities - Jeet Mistry
The Road to Smart Cities - Jeet MistryThe Road to Smart Cities - Jeet Mistry
The Road to Smart Cities - Jeet Mistry
 
From Smart Grid to Smart Cities - Richard Schomberg
From Smart Grid to Smart Cities - Richard SchombergFrom Smart Grid to Smart Cities - Richard Schomberg
From Smart Grid to Smart Cities - Richard Schomberg
 
INAUGURAL ADDRESS - Mr. Harry Dhaul
INAUGURAL ADDRESS - Mr. Harry DhaulINAUGURAL ADDRESS - Mr. Harry Dhaul
INAUGURAL ADDRESS - Mr. Harry Dhaul
 
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...
 
Smart Water and Waste Management for Smart Cities - Mr. James Dunning
Smart Water and Waste Management for Smart Cities - Mr. James DunningSmart Water and Waste Management for Smart Cities - Mr. James Dunning
Smart Water and Waste Management for Smart Cities - Mr. James Dunning
 
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
 
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
 
Importance of Innovation for Water and Water Management for Smart Cities - As...
Importance of Innovation for Water and Water Management for Smart Cities - As...Importance of Innovation for Water and Water Management for Smart Cities - As...
Importance of Innovation for Water and Water Management for Smart Cities - As...
 
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum ParwezSmart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
 

Último

unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
amitlee9823
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 

Último (20)

unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 

S nandakumar

  • 1. Cyber Crimes and IT Risk Management Nandakumar Shamanna
  • 2. © Det Norske Veritas AS. All rights reserved. 2
  • 3. © Det Norske Veritas AS. All rights reserved. 3
  • 4. © Det Norske Veritas AS. All rights reserved. 4
  • 5. What makes it different form terrestrial Crime They are easy to learn how to commit They are often not clearly illegal They can be committed in a jurisdiction without being physically present in it When done leaves no or less trace They require few resources relative to the potential damage caused © Det Norske Veritas AS. All rights reserved. 5
  • 6. to name a few  Cyber Terrorism  False Websites  Cyber Squatting  Phishing  Web Jacking  Auction Frauds  Internet Time Thefts  e-mail Spoofing  Email Bombing  Cyber Terrorism  Cyber Stalking  Pornography  Salami Attacks  Data Interference/Forgery/Interception  Hacking  Credit Card Fraud  Viruses/Worms/Trojans  Network Sabotage  Data Diddling  DOS  Cyber Blackmailing  Identity Fraud/Theft  Cyber Luring  Source code stealing  Intellectual Property crimes © Det Norske Veritas AS. All rights reserved. 6
  • 7.  Cyber terrorism: The deliberate destruction, disruption or distortion of digital data or information flows with widespread effect for political, religious or ideological reasons.  Cyber espionage is the act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using illegal exploitation methods on the Internet, networks or individual computers. © Det Norske Veritas AS. All rights reserved. 7
  • 8. The Impact……  Armies may cease to march  Stock Markets may crash  Businesses may be bankrupted  Individuals may lose their social identity  Threats not from novice teenagers : - but purposeful military, political, and criminal organizations © Det Norske Veritas AS. All rights reserved. 8
  • 9. - "This site has been hacked by ISI (Kashmir is ours), we want a hospital in Kashmir" - signed by - Mujahideen-ul-dawat © Det Norske Veritas AS. All rights reserved. 9
  • 10. Challenges to India's National Security India's reliance on technology is increasing as reflected from the fact that India is shifting gears by entering into facets of e-governance India has already brought sectors like defense, income tax, passport under the realm of e -governance The travel sector is also heavily reliant on this Most of the Indian banks have gone on full-scale computerization. This has also brought in concepts of e-commerce and e-banking The stock markets have also not remained immune Sectors like police and judiciary are to follow © Det Norske Veritas AS. All rights reserved. 10
  • 11. Cyber Crimes – Exploding Problem 11. India Share of malicious computer activity: 3% Malicious code rank: 3 Spam zombies rank: 11 Phishing web site hosts rank: 22 Bot rank: 20 Attack origin rank: 19 List of Top 20 Countries with the highest rate of Cybercrime (source: BusinessWeek/Symantec) Each country lists 6 contributing factors, share of malicious computer activity, malicious code rank, spam zombies rank, phishing web site hosts rank, bot rank and attack origin, to substantiate its cybercrime ranking. © Det Norske Veritas AS. All rights reserved. 11
  • 12. Extent of the Problem Source: National Crime Records Bureau, Statistics of Cyber Crimes, 2007 © Det Norske Veritas AS. All rights reserved. 12
  • 13. Extent of the Problem 2009 FBI-IC3 Internet Crime Report Friday, April 2nd, 2010 © Det Norske Veritas AS. All rights reserved. 13
  • 14. Extent of the Problem Ponemon Institute Research Report Publication Date: July 2010 © Det Norske Veritas AS. All rights reserved. 14
  • 15. Why Is Cyber Attack Possible?  Software Has Bugs/Networks Not Designed For Security: Engineering practices and technology used by system providers do not produce systems that are immune to attack  Implementation Is Poor: Network and System operators do not have the people and practices to defend against attacks and minimize damage  Law And Policy Lag Behind Dependence: Policy and law in cyber-space are immature and lag the pace of change © Det Norske Veritas AS. All rights reserved. 15
  • 16. Attack Sophistication vs. Intruder Technical Knowledge Auto Coordinated Cross site scripting Tools “stealth” / advanced High scanning techniques packet spoofing denial of service Staged sniffers distributed attack tools Intruder sweepers www attacks Knowledge automated probes/scans GUI back doors disabling audits network mgmt. diagnostics hijacking burglaries sessions Attack exploiting known vulnerabilities Sophistication password cracking self-replicating code password guessing Intruders Low 1980 1985 1990 1995 2000 © Det Norske Veritas AS. All rights reserved. 16
  • 17. Information Technology – Risk Management
  • 18. New risk reality  Today we are operating in an increasingly more global, complex and demanding risk environment with “zero tolerance” for failure  Even as there is Increased demands for transparency the Challenges of businesses or the State remain due to Increasing IT vulnerability  There must be a balance between Transparency and Security  Stricter regulatory requirements © Det Norske Veritas AS. All rights reserved. 18
  • 19. Definition of risk Risk is an event that occurs with a certain frequency/ probability and that has consequences towards one or more goals/objectives Risk Level = Frequency/ Probability combined with Consequence THREAT EXPLOIT VULNERABILITY PROBABILITY x CONSEQUENCE = RISK DAMAGE ASSET © Det Norske Veritas AS. All rights reserved. 19
  • 20. Approach - Work process and method The Risk Management Approach ensures that mapping of risk exposure, treatment of risks and follow-up are carried out in a structured manner Communication Initiation Uncertainty Risk Actions Implementation & focusing Identification Analysis Planning & follow-up Documentation © Det Norske Veritas AS. All rights reserved. 20
  • 21. 2 Actions planning – handling strategy  Alter the risk - Preventive measures reduce the probability of the event - Corrective measures reduce the consequence of the event - Plan for that event happen - Avoid escalation - Recovery plan Risk Reduction Risk Transfer  Transfer the risk - Disclaim responsibility; write a contract, take out insurance etc.  Avoid the risk - Eliminate by stopping the activity  Accept the risk - Continue as before; the activity remains unchanged Risk Avoidance Risk Acceptance © Det Norske Veritas AS. All rights reserved. 21
  • 22. Implement Security Systems to combat Cyber Crimes
  • 23. the solutions…. - Technology  Firewalls, Intrusion Prevention System  Public Key Infrastructure  High Grade Encryption Technologies  Optical Fiber Links  Vulnerability/Risk Assessment  Cyber Forensics  Honey Pots  VPN  Biometrics, Access Control  Backups (System Redundancy)  Incident Response Actions © Det Norske Veritas AS. All rights reserved. 23
  • 24. the solutions…. - Processes  Reduction in the Operation flexibility (Segregation of Duties)  Effective Organization Procedures and Policies  Security/System Auditing  Training to the employees  Government-to-Government coordination  Recognizing Shortage of skilled cyber security workers  Creation of Cyber Army  Cooperation & Information Sharing  Investment in information assurance systems  Increased R&D funding  Development of cyber ethics  Mutual cooperation with law enforcement © Det Norske Veritas AS. All rights reserved. 24
  • 25. Security Models and Frameworks
  • 26. ISO 27000 Series - Published standards  ISO/IEC 27000 — Information security management systems — Overview and vocabulary  ISO/IEC 27001 — Information security management systems — Requirements  ISO/IEC 27002 — Code of practice for information security management  ISO/IEC 27003 — Information security management system implementation guidance  ISO/IEC 27004 — Information security management — Measurement  ISO/IEC 27005 — Information security risk management  ISO/IEC 27006 — Requirements for bodies providing audit and certification of information security management systems  ISO/IEC 27011 — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002  ISO/IEC 27033-1 - Network security overview and concepts  ISO 27799 - Information security management in health using ISO/IEC 27002 [standard produced by the Health Infomatics group within ISO, independently of ISO/IEC JTC1/SC27] © Det Norske Veritas AS. All rights reserved. 26
  • 27. ISO 27000 Series - In preparation  ISO/IEC 27007 - Guidelines for information security management systems auditing (focused on the management system)  ISO/IEC 27008 - Guidance for auditors on ISMS controls (focused on the information security controls)  ISO/IEC 27013 - Guideline on the integrated implementation of ISO/IEC 20000-1 and ISO/IEC 27001  ISO/IEC 27014 - Information security governance framework  ISO/IEC 27015 - Information security management guidelines for the finance and insurance sectors  ISO/IEC 27031 - Guideline for ICT readiness for business continuity (essentially the ICT continuity component within business continuity management)  ISO/IEC 27032 - Guideline for cybersecurity (essentially, 'being a good neighbor' on the Internet)  ISO/IEC 27033 - IT network security, a multi-part standard based on ISO/IEC 18028:2006 (part 1 is published already)  ISO/IEC 27034 - Guideline for application security  ISO/IEC 27035 - Security incident management  ISO/IEC 27036 - Guidelines for security of outsourcing  ISO/IEC 27037 - Guidelines for identification, collection and/or acquisition and preservation of digital evidence © Det Norske Veritas AS. All rights reserved. 27
  • 28. Other IT Security Management Models Common Criteria (CC)  Common Criteria for Information Technology Security Evaluation - ISO 15408 - Framework for specification of evaluation FISMA  Federal Information Systems Management Act – US Information Security Forum (ISF)  Standard of Good Practice for Information Security ITIL  Information Technology Infrastructure Library NIST  library of freely available resources - http://csrc.nist.gov  Security Self-Assessment Guide for Information Technology Systems 800-26 © Det Norske Veritas AS. All rights reserved.
  • 29. Other IT Security Management Models PCI  Payment Card Industry Data Security Standards - 6 Control Objectives - 12 Requirements Securities and Financial - Basel II - COSO - SOX RFC 2196  RFC 2196 is memorandum published by Internet Engineering Task Force for developing security policies and procedures for information systems connected on the Internet. Statement on Auditing Standards No. 70: Service Organizations  SAS 70 provides guidance to service auditors when assessing the internal controls of a service organization and issuing a service auditor’s report. SAS 70 also provides guidance to auditors of financial statements of an entity that uses one or more service organizations. © Det Norske Veritas AS. All rights reserved.
  • 30. IT Governance Models COBIT  ISACA (Information Systems Audit and Control Association) © Det Norske Veritas AS. All rights reserved.
  • 31. The CALDER-MOIR IT Governance Framework There are many IT-related management frameworks, standards and methodologies in use today. None of them, on their own, are complete IT governance frameworks, but they all have a useful role to play in assisting organizations manage and govern their IT operations more effectively. The CALDER-MOIR IT Governance Framework is designed to help get maximum benefit from all these overlapping and competing frameworks and standards, and also to deploy the best practice guidance contained in the international standard for IT governance, ISO/IEC 38500. © Det Norske Veritas AS. All rights reserved. 31
  • 32. Governance & Cyber Crime - Cost Comparison Ponemon Institute Research Report Publication Date: July 2010 © Det Norske Veritas AS. All rights reserved. 32
  • 33. Cyber Crimes and Law Electronic Signature Laws U.S. - Electronic Signatures in Global and National Commerce Act U.S. - Uniform Electronic Transactions Act - adopted by 46 states U.S. - Digital Signature And Electronic Authentication Law U.S. - Government Paperwork Elimination Act (GPEA) U.S. - The Uniform Commercial Code (UCC) UK - s.7 Electronic Communications Act 2000 European Union - Electronic Signature Directive (1999/93/EC) Mexico - E-Commerce Act [2000] Costa Rica - Digital Signature Law 8454 (2005) Australia - Electronic Transactions Act 1999 (Cth) (also note that there is State and Territory mirror legislation) Information Technology Act 2000 of India Information Technology Laws Computer Misuse Act 1990 Florida Electronic Security Act Illinois Electronic Commerce Security Act Texas Penal Code - Computer Crimes Statute Maine Criminal Code - Computer Crimes Singapore Electronic Transactions Act Malaysia Computer Crimes Act Malaysia Digital Signature Act UNCITRAL Model Law on Electronic Commerce Information Technology Act 2000 of India © Det Norske Veritas AS. All rights reserved. 33
  • 34. Cyber Security Initiatives by Government of India Cybercrime provisions under IT Act,2000 Offences & Relevant Sections under IT Act Tampering with Computer source documents Sec.65 Hacking with Computer systems, Data alteration Sec.66 Publishing obscene information Sec.67 Un-authorized access to protected system Sec.70 Breach of Confidentiality and Privacy Sec.72 Publishing false digital signature certificates Sec.73 © Det Norske Veritas AS. All rights reserved. 34
  • 35. Cyber Security Initiatives by Government of India National Informatics Centre (NIC) Indian Computer Emergency Response Team (Cert-In) National Information Security Assurance Programme (NISAP) Indo-US Cyber Security Forum (IUSCSF) © Det Norske Veritas AS. All rights reserved. 35
  • 36. Conclusion  Majority of on-line threat is cyber crime  Cyber terror is still emerging - Evolving threat - Integrating critical missions with general Internet - Increasing damage/speed of attacks - Continued vulnerability of off-the-shelf software © Det Norske Veritas AS. All rights reserved. 36
  • 37. Conclusion Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. However it is quite possible to check them. Hence, the possible steps to counter Cyber crimes are to :  make people aware of their rights and duties (to report crime as a collective duty towards the society)  making the application of the laws more stringent to check crime  implement good IT Security systems and governance models to reduce the possibilities of cyber crimes  to bring about increased awareness amongst the law keepers of the State on Cyber crimes © Det Norske Veritas AS. All rights reserved. 37
  • 38. Conclusion  To counter cyberthreats, India should immediately establish a National center on information systems security  It should tap the expertise of universities and private software and internet companies  In addition to the government and defense sectors it should cater to the banking sector, stock exchanges, telecom and internet networks, power and water supplies, and transportation. © Det Norske Veritas AS. All rights reserved. 38
  • 39. Safeguarding life, property and the environment www.dnv.com © Det Norske Veritas AS. All rights reserved. 39