Docstoc

National Cyber Security

Document Sample
National Cyber Security Powered By Docstoc
					National Cyber SecurityCorporate Role
By Naavi July 14, 2009 @ CISS 2009, Trident Hotel, Mumbai

1

Naavi

Cyber Law College

Relation of Cyber Space with Security
     

Cyber Space is the main Communication space for launching of terrorist acts Cyber Crimes generate funds for Terrorism Websites provide propaganda to promote Terrorism Corporate Assets are in Information form and are soft targets for economic destabilization E Economy is an important aspect of economy and is a soft target for proxy wars Critical Infrastructure assets of the Government and life saving services can be accessed through cyber space
–

Securing Cyber Space is therefore a part of Physical security

2

Naavi

Cyber Law College

Corporate Stake
    

 

Banks and other Critical economic activities of the country are in private hands Critical infrastructure projects are in Private hands Companies manage ISPs, MSPs and maintain their own satellite links to Cyber Space Companies manufacture and maintain hardware and software which control the cyber space A large section of the employees are cyber savvy, trained as ethical hackers, move in and out of the country freely with their laptops, have access to cyber assets of the company from within the firewall and from outside Corporates have the skills to assist the law enforcement in Cyber Security. Cyber Space has no boundaries either between the countries nor between the private sector and the public sector
–

Involvement of Corporates in cyber security is critical

3

Naavi

Cyber Law College

What Companies need to do?

..

4

Naavi

Cyber Law College

Four Dimensions to Corporate Role
 

Self Security
– –

If each one of us is secure, the nation is secure Security is not effective when it is imposed. Developing a voluntary adoption of security culture is required Private-Public collaboration holds the key for national security even in cyber space

Developing a security culture within our organization Assisting the Government in its security functions
–





Contributing to the development of Cyber Security culture in the Country
–

We owe it to the society

5

Naavi

Cyber Law College

Securing the Corporate environment.. A self evaluation


Today our corporate assets are as much in the form of “Information Wealth” as in the form of “Physical Assets”.
–
–

Have we recognized the value of these assets? Have we secured these assets at the raw material/work in progress/finished goods state?

6

Naavi

Cyber Law College

Securing Self…2




Can any of our employees send out sensitive information in the form of an e-mail from within the organization? Can an outsider unauthorisedly intrude into our information space?
–

These are the focus areas for “Data Protection” and “Firewalls”


As much relevant in a textile company as a software company

7

Naavi

Cyber Law College

Are we focussed on Information Security?


How much is our investment in Information Security?
–

Vis a vis the physical security?



Have we conducted an Information Risk Audit?
–

ISO 27001 (in addition to quality audits)

8

Naavi

Cyber Law College

Have we conducted an ITA 2008 Risk Audit?


May be we have not even recognized the need
–

We need to look at the Indian Information Security Framework (IISF 309.. Refer for details at www.naavi.org) Due Diligence
    



Have we recognized that ITA 2008 has mandated?
–

Data Retention norms Traffic data archival Security Incident breach reporting norms Auditing of e-documents Use of Digital Signatures in communication?
–

If not, this is our first step in fulfilling our role in securing the nation in cyber space

9

Naavi

Cyber Law College

Why My Security is relevant for National Security




Unlike a physical space, there is no defined border for Indian Cyber Space which can be guarded by a National Army or a Border Security Force. The enemy can enter the Indian Cyber Space through any Computer connected to Cyber Space.
–

Every Internet ready device (Computer or Mobile) is a potential gateway for our enemies to enter.
Naavi Cyber Law College

10

Cyber Patrolling


Cyber Tools are also the tools of communication for conventional attackers also
–

Patrolling Cyber Space is an absolute necessity
  

At the ISP level At the Cyber Café level At the individual desktop level

11

Naavi

Cyber Law College

Corporate Role in Cyber Patrolling


Co-operate with the relevant agencies engaged in Cyber Patrolling
–

Avoid Criminals taking shelter under excuses such as “Privacy” or “Freedom of Speech”


These are rights to protect the law abiding community and not the law breaking community
–

Eg: Google/Yahoo proxies – Blocking of an objectionable site

 

Invest in Cyber Patrolling Projects Support and Promote Cyber Patrolling Projects of the Government
Naavi Cyber Law College

12

Developing a security culture within our organization
 

Make “Due Diligence” a voluntary compliance Programme for every employee Before you hire an employee, ask him


“I know you are a Cyber Professional. Are you a certified Ethical Cyber Professional?”
–
–

Ensure that every employee of your organization is Cyber Law Aware Engage in Cyber Ethics training and certification across the enterprise



When your IS Manager asks for top management support, accord it the right priority
–

Remember
 

IS is as important as Marketing or Finance or HR. IS is not a burden to be tolerated but an essential ingredient of management policy

13

Naavi

Cyber Law College

Assisting the Government in its security functions


Private-Public collaboration holds the key for national security even in cyber space
–

Encourage the State Government to set up a State level Cyber Security Advisory Committee
 

And participate in its activities wholeheartedly Lend your brains and resources to help Government agencies and Voluntary Organizations to work for Cyber Security in the interest of the nation.

14

Naavi

Cyber Law College

Contributing to the development of Cyber Security culture in the Country
  

For the Government,
– –

it is a duty to protect the Country and therefore the Cyber Space It is a passion

For certain voluntary organizations Corporates owe it to the society
–

Help establish
    

“Cyber Security Research” “Cyber Forensic Centers” of International excellence Academic institutions who focus on “Techno Legal Information Security education” “Cyber Crime Insurance” in India “National Cyber Security Guard”
–

..and

15

Naavi

Cyber Law College

Contributing to the development of Cyber Security culture in the Country


Remember that
–

Information Security is a key corporate necessity and More Investments will come from the stake holders in due course



This also means that
–

“Cyber Security” is a great investment opportunity for Companies who have a vision of leadership for the future.
 

It is the infrastructure for the Digital World. If it is good for Entrepreneurs to invest in Steel, Cement, Construction, it is also good to invest in a Cyber Security Company

16

Naavi

Cyber Law College

Thank You

naavi@vsnl.com www.naavi.org +9343554943

17

Naavi

Cyber Law College


				
Lingjuan Ma Lingjuan Ma MS
About work for China Compulsory Certification. Some of the documents come from Internet, if you hold the copyright please contact me by huangcaijin@sohu.com