Ngi trnh by:Ts. V Quc ThnhPh ch tch, Tng th k

Hip hi An ton thng tinVit Nam (VNISA)

BO CO TNG QUANAN TON THNG TIN VIT NAM 2012

2011 2012

Nc mnh v CNTT

ngdngCNTT

Cngnghip

vDchV

H tngtruynthng,

Internet

Anton

thngtin

Nhnlc

CNTT

ATTT

H tng CNTT (ICT Infrastructure)

Ch quyn s(DigitalSovereignty):Canada:

+ 2011+ 2012

Russia:+ 11/2012

Ruslan Gattarov, ngi ng u y ban Chnh sch thng tin ca Hing Lin bang: mc tiu tng th ca chin lc l phi m bo "chquyn s"

In the words of RuslanGattarov, head of theFederation CouncilInformation PolicyCommission, theoverall purpose of thestrategy must be toensure Russia's digitalsovereignty.

Ni dung

1. Mt s s kin v ATTT nm 2012(Information Security facts in 2012)

2. Kt qu kho st hin trng ATTT 2012 ca VNISA(VNISA Research on Information Security status in 2012)

3. Kt lun(Conclusions)3. Kt lun(Conclusions)

Ch th 897 CT-TTG ca TTCP: Tng cng cc hot ng bom an ton thng tin s

Hng trm website chnh ph gov.vn b hacker nc ngoi tncng

Vit Nam lin tc c tn trong nhiu danh sch quc t v cc vn lin quan n ATTT

Bng pht cc hnh thc la o mi qua nhiu phng thcnh tin nhn SMS , email , yahoo chat, website

Cc hng bo mt ca Vit Nam ng lot tung ra cc gii php,phn mm bo v cho Mobile.

Ban son tho Lut An ton thng tin s c thnh lp vi mctiu sm a lut vo hot ng***

Thng t Quy nh v iu phi cc hot ng ng cu s cmng Internet Vit Nam bt u trin khai trn thc t

Xut hin nhiu bin th virus n cp ti khon ngn hng trctuyn. Gi mo trang yahoo n cp mt khu ngi dng.

10 s kin ni bt v ATTTti Vit nam 2012 *

*Khng xp th t

Vit nam vn tip tc ng v tr cao trong nhiu danh sch quct cnh bo v cc nguy c mt an ton**

**: top 5 v NSD Internet; 15 pht tn m c; 10 tin rc; 15 zombie,*** Thng t lin tch 4 B, Vin KS v Ta n v B lut Hnh s ...

Nhiu c quan, t chc pht hin cc kt ni ngm v cc mc chuyn dng nh cp thng tin c ch ch (APT)

10 s kin ni bt v ATTTti Vit nam 2012 (tip)

Website mt doanh nghip ni ting v an ninh mng b tn cngv tip sau 2 tun trang forum ca h li b tn cng tip

Nguy c mt cuc chin tranh mng i vi Vit nam l c thxy ra, B trng tr li trc Quc hi, chiu 14/6.

Vn r r thng tin qua cc thit b vin thng nhp khu lic d lun ch

Vn nn rao bn thng tin c nhn trn mng cha c gii phpngn chn

5-2012 VNISA nh gi ngu nhin 100 webstite tn min.gov.vn cho thy 78% s website c th b tn cng ton din

Kt qu kho st 2012 ca VNISA

Kho st c tin hnh trong khong 3 thng,thc hin bi VNISA v VNCERT

Tng s phiu tr li y l 507, i din cho507 t chc vi y cc thnh phn

Kho st nhm nh gi mc nhn thc vng dng ATTT trong cc t chc, doanh nghip

Cc ni dung chnh

1. Nhn thc v cc cuc tn cng2. Cc bin php m bo ATTT3. Chi tiu cho ATTT4. o to v ATTT

1. Nhn thc v cc cuc tn cng

Bn c bit mng b tn cnghay khng?C c lng c thit hikhng?C quy trnh phn ng vi tncng hay khng?

H thng ca qu v tng b tn cng mng(Cyber Attack) hay khng (tnh t 1/2012)?

Xu hng nhn bit tn cng vn tng qua 2 nm.Cc cng c monitoring c c trin khai

Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012

Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012

Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012

Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012

APT (Advanced Persistent Threat):Ph hoi c ch ch: l ng c hng u c nhc n ~18%

T chc ca qu v c c lng c tng itn tht ti chnh khi b tn cng khng?

1. Kh nng nh gi tn tht ti chnh c tng ln2. a s khng r ng c tn cng l g hoc ng c khng r rng

(trn 70%)

201020112012

2. Cc bin php m bo ATTT

Cc bin php qun l: Quy trnh,Quy ch, Bo co, ...Cc bin php k thut, cng ngh:tng la, chng xm nhp, ...

T chc ca qu v c quy trnh thao tc chun(Standard operating procedures) phn hi linhng cuc tn cng my tnh hay khng ?

Nm 2011: T lni S lm trong3 thng ti tngmnh2012: cha ck hoch vncn l 33%

2010 2011 2012

Nu t chc ca qu v b tn cng mytnh, qu v s thng bo tin ny n ai?

Bo co 2010: a s vn ch bo co ni b, bo co bn ngoi tng so vi 2009

Thng sau bao lu qu v s thng bo thng tin ny?

Nhu cu tr gip ngay lptc tng cao

T chc ca qu v ang s dng cc cng ngh mbo ATTT no?

A - Nhm bo v d liu bng mt khu, mt m

S dng chng ch s kh nhiu, OTP cn t qu

Tng u n

T chc ca qu v ang s dng cc cng ngh mbo ATTT no?

B - Nhm bo v d liu bng mt khu, mt m

AV, FW, Anti-Spam s dng nhiu, nay chng li

T chc ca qu v ang s dng cc cng ngh mbo ATTT no?

C - Nhm cng c qun l, d qut

D c tng nhng t l cn qu thp, do nhn thc cha y cn y mnh khuyn co

Mi khong 10%

T chc ca qu v c Quy ch v ATTT(Security Policy) cha?

T l tng ln so vi 2011Cn khuyn co bt buc c

Quych

S xydngtrongthi gianti

Cha c Quy ch

T chc ca qu v c d nh thu ngoi (out-source)cc dch v v m bo an ton thng tin khng?

85%

15%

KhngC:

Cn khuyn khch s dng cc dchv chuyn nghip rng ri hn

2012

2011

C thc hin kim tra, nh gi ATTThay khng?

C76%

T nh gi haythu dch vchuyn nghip?

T thchin

82%

Cn tin ti dch v chuyn nghip v khch quan

3. Chi tiu cho ATTT khkhn hn

87% cho l trong nm 2012, chi tiu cho ATTT ca t chc hkhng gim57% cho rng chi tiu ny s phi tng ln trong nm 2013

Tuy nhin cc t l trn gim kh r so vi 2 nm trc

2010 2011 2012

T l u t cho ATTT trongngn sch dnh cho CNTT

T 10% - 15%

T 5% - 10%

Di 5%

Khc

Cnh bo: t l ln ch dnh ngn sch cho ATTT di 5%

Di 5%

4. Nhu cu o to v ATTT

Mi mt t chc c trung bnh:+ 0,89 chng ch quc t LIN QUAN n ATTT+ 1,2 chng ch trong nc LIN QUAN n ATTT

Ch c 49% t chc c k hoch o to v ATTT

Trong khi c n 57% t chc khng nh nhu cu c cn bchuyn trch v ATTT

2010 2011

2012

Kt lun

o ATTT (CIS)

Iwww.securitymetrics.org

ISO 27004

Bt u t 4/2011

National Cyber Security Index

Ch s ATTT s Vit nam(th nghim)

Da trn kt qu kho st vi 45 cu hi Tnh im t 1-100, trong gn 100 c

ngha l:oChun b y nht cho vn ATTT soMc xy ra s c thp nht c thoMc cnh gic v mt ATTT cao nht

Tp trung vo 23 indicators, c trng s t1-3

Kt quCh s ATTT s 2012 l 26%

Chung tay xy dng H tng thng tinan ton v Ch quyn s Quc gia

Together buildSecure Information Infrastructurefor National Digital Sovereignty