Upload
duong-khanh-duong
View
221
Download
4
Embed Size (px)
DESCRIPTION
VNISA
Citation preview
Ngi trnh by:Ts. V Quc ThnhPh ch tch, Tng th k
Hip hi An ton thng tinVit Nam (VNISA)
BO CO TNG QUANAN TON THNG TIN VIT NAM 2012
2011 2012
Nc mnh v CNTT
ngdngCNTT
Cngnghip
vDchV
H tngtruynthng,
Internet
Anton
thngtin
Nhnlc
CNTT
ATTT
H tng CNTT (ICT Infrastructure)
Ch quyn s(DigitalSovereignty):Canada:
+ 2011+ 2012
Russia:+ 11/2012
Ruslan Gattarov, ngi ng u y ban Chnh sch thng tin ca Hing Lin bang: mc tiu tng th ca chin lc l phi m bo "chquyn s"
In the words of RuslanGattarov, head of theFederation CouncilInformation PolicyCommission, theoverall purpose of thestrategy must be toensure Russia's digitalsovereignty.
Ni dung
1. Mt s s kin v ATTT nm 2012(Information Security facts in 2012)
2. Kt qu kho st hin trng ATTT 2012 ca VNISA(VNISA Research on Information Security status in 2012)
3. Kt lun(Conclusions)3. Kt lun(Conclusions)
Ch th 897 CT-TTG ca TTCP: Tng cng cc hot ng bom an ton thng tin s
Hng trm website chnh ph gov.vn b hacker nc ngoi tncng
Vit Nam lin tc c tn trong nhiu danh sch quc t v cc vn lin quan n ATTT
Bng pht cc hnh thc la o mi qua nhiu phng thcnh tin nhn SMS , email , yahoo chat, website
Cc hng bo mt ca Vit Nam ng lot tung ra cc gii php,phn mm bo v cho Mobile.
Ban son tho Lut An ton thng tin s c thnh lp vi mctiu sm a lut vo hot ng***
Thng t Quy nh v iu phi cc hot ng ng cu s cmng Internet Vit Nam bt u trin khai trn thc t
Xut hin nhiu bin th virus n cp ti khon ngn hng trctuyn. Gi mo trang yahoo n cp mt khu ngi dng.
10 s kin ni bt v ATTTti Vit nam 2012 *
*Khng xp th t
Vit nam vn tip tc ng v tr cao trong nhiu danh sch quct cnh bo v cc nguy c mt an ton**
**: top 5 v NSD Internet; 15 pht tn m c; 10 tin rc; 15 zombie,*** Thng t lin tch 4 B, Vin KS v Ta n v B lut Hnh s ...
Nhiu c quan, t chc pht hin cc kt ni ngm v cc mc chuyn dng nh cp thng tin c ch ch (APT)
10 s kin ni bt v ATTTti Vit nam 2012 (tip)
Website mt doanh nghip ni ting v an ninh mng b tn cngv tip sau 2 tun trang forum ca h li b tn cng tip
Nguy c mt cuc chin tranh mng i vi Vit nam l c thxy ra, B trng tr li trc Quc hi, chiu 14/6.
Vn r r thng tin qua cc thit b vin thng nhp khu lic d lun ch
Vn nn rao bn thng tin c nhn trn mng cha c gii phpngn chn
5-2012 VNISA nh gi ngu nhin 100 webstite tn min.gov.vn cho thy 78% s website c th b tn cng ton din
Kt qu kho st 2012 ca VNISA
Kho st c tin hnh trong khong 3 thng,thc hin bi VNISA v VNCERT
Tng s phiu tr li y l 507, i din cho507 t chc vi y cc thnh phn
Kho st nhm nh gi mc nhn thc vng dng ATTT trong cc t chc, doanh nghip
Cc ni dung chnh
1. Nhn thc v cc cuc tn cng2. Cc bin php m bo ATTT3. Chi tiu cho ATTT4. o to v ATTT
1. Nhn thc v cc cuc tn cng
Bn c bit mng b tn cnghay khng?C c lng c thit hikhng?C quy trnh phn ng vi tncng hay khng?
H thng ca qu v tng b tn cng mng(Cyber Attack) hay khng (tnh t 1/2012)?
Xu hng nhn bit tn cng vn tng qua 2 nm.Cc cng c monitoring c c trin khai
Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012
Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012
Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012
Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012
APT (Advanced Persistent Threat):Ph hoi c ch ch: l ng c hng u c nhc n ~18%
T chc ca qu v c c lng c tng itn tht ti chnh khi b tn cng khng?
1. Kh nng nh gi tn tht ti chnh c tng ln2. a s khng r ng c tn cng l g hoc ng c khng r rng
(trn 70%)
201020112012
2. Cc bin php m bo ATTT
Cc bin php qun l: Quy trnh,Quy ch, Bo co, ...Cc bin php k thut, cng ngh:tng la, chng xm nhp, ...
T chc ca qu v c quy trnh thao tc chun(Standard operating procedures) phn hi linhng cuc tn cng my tnh hay khng ?
Nm 2011: T lni S lm trong3 thng ti tngmnh2012: cha ck hoch vncn l 33%
2010 2011 2012
Nu t chc ca qu v b tn cng mytnh, qu v s thng bo tin ny n ai?
Bo co 2010: a s vn ch bo co ni b, bo co bn ngoi tng so vi 2009
Thng sau bao lu qu v s thng bo thng tin ny?
Nhu cu tr gip ngay lptc tng cao
T chc ca qu v ang s dng cc cng ngh mbo ATTT no?
A - Nhm bo v d liu bng mt khu, mt m
S dng chng ch s kh nhiu, OTP cn t qu
Tng u n
T chc ca qu v ang s dng cc cng ngh mbo ATTT no?
B - Nhm bo v d liu bng mt khu, mt m
AV, FW, Anti-Spam s dng nhiu, nay chng li
T chc ca qu v ang s dng cc cng ngh mbo ATTT no?
C - Nhm cng c qun l, d qut
D c tng nhng t l cn qu thp, do nhn thc cha y cn y mnh khuyn co
Mi khong 10%
T chc ca qu v c Quy ch v ATTT(Security Policy) cha?
T l tng ln so vi 2011Cn khuyn co bt buc c
Quych
S xydngtrongthi gianti
Cha c Quy ch
T chc ca qu v c d nh thu ngoi (out-source)cc dch v v m bo an ton thng tin khng?
85%
15%
KhngC:
Cn khuyn khch s dng cc dchv chuyn nghip rng ri hn
2012
2011
C thc hin kim tra, nh gi ATTThay khng?
C76%
T nh gi haythu dch vchuyn nghip?
T thchin
82%
Cn tin ti dch v chuyn nghip v khch quan
3. Chi tiu cho ATTT khkhn hn
87% cho l trong nm 2012, chi tiu cho ATTT ca t chc hkhng gim57% cho rng chi tiu ny s phi tng ln trong nm 2013
Tuy nhin cc t l trn gim kh r so vi 2 nm trc
2010 2011 2012
T l u t cho ATTT trongngn sch dnh cho CNTT
T 10% - 15%
T 5% - 10%
Di 5%
Khc
Cnh bo: t l ln ch dnh ngn sch cho ATTT di 5%
Di 5%
4. Nhu cu o to v ATTT
Mi mt t chc c trung bnh:+ 0,89 chng ch quc t LIN QUAN n ATTT+ 1,2 chng ch trong nc LIN QUAN n ATTT
Ch c 49% t chc c k hoch o to v ATTT
Trong khi c n 57% t chc khng nh nhu cu c cn bchuyn trch v ATTT
2010 2011
2012
Kt lun
o ATTT (CIS)
Iwww.securitymetrics.org
ISO 27004
Bt u t 4/2011
National Cyber Security Index
Ch s ATTT s Vit nam(th nghim)
Da trn kt qu kho st vi 45 cu hi Tnh im t 1-100, trong gn 100 c
ngha l:oChun b y nht cho vn ATTT soMc xy ra s c thp nht c thoMc cnh gic v mt ATTT cao nht
Tp trung vo 23 indicators, c trng s t1-3
Kt quCh s ATTT s 2012 l 26%
Chung tay xy dng H tng thng tinan ton v Ch quyn s Quc gia
Together buildSecure Information Infrastructurefor National Digital Sovereignty