Upload
duongbao
View
220
Download
3
Embed Size (px)
Citation preview
SIVANATHAN SUBRAMANIAM CISSP GCFA MScSIVANATHAN SUBRAMANIAM CISSP, GCFA, MSc
Manager, Global Response CentreITU‐T SG17 Meeting in Geneva, April 2010
fNon-profit organisation
F d “ d f b th t ”Focused on “upper end of cyber threats”
International & multilateral in natureInternational & multilateral in nature
Public-private partnershipPublic private partnership
Global HQ – Cyberjaya, MalaysiaGlobal HQ Cyberjaya, Malaysia
Staffed by international team of expertsy p
IndustryExpertsExperts
A d iAcademia
I t ti l
191Partner
CountriesInternational
Bodies
ThinkTank
No. Confirmed Partner Countries
1 Afghanistan2 Andorra3 Bulgaria4 Burkina Faso5 Cape Verde6 Costa Rica7 Côte d'Ivoire8 Democratic Republic of Congo9 Ghana10 Italy11 Kenya11 Kenya12 Lao PDR13 Malaysia14 Mauritius15 Moldova16 Montenegro16 Montenegro17 Morocco18 Nepal19 Nigeria20 Philippines21 Poland22 Romania23 Saudi Arabia24 Serbia25 Seychelles26 Sudan27 Switzerland27 Switzerland28 Syrian Arab Republic29 Tanzania30 Uganda31 UAE 32 Zambia33 Gabon34 Austria35 Israel36 Vatican37 Egypt
Eugene Kaspersky Eugene Kaspersky – Founder and CEO of Kaspersky Lab
dd éé l f lDr. Dr. HamadounHamadoun TouréTouré – Secretary General of International Telecommunications Union (ITU)
MikkoMikko HypponenHypponen – Chief Research Officer of F-Secure
St ChSt Ch F d d Ch i f T d MiSteve Chang Steve Chang – Founder and Chairman of Trend Micro
AymanAyman HaririHariri – Chairman of Oger SystemsAymanAyman Hariri Hariri – Chairman of Oger Systems
John W. ThompsonJohn W. Thompson – Chairman of Symantec CorporationJohn W. Thompson John W. Thompson Chairman of Symantec Corporation
Prof. Fred Piper Prof. Fred Piper – Cryptologist, Founder of the Information Security Group at Royal Holloway University of London
5
Security Group at Royal Holloway, University of London
IMPACT to operationalise UN’s globalb it i iti ti th h ITUcybersecurity initiatives through ITU.
MOU with ITU in 2008 – IMPACT HQ inC b j ill b th h i l h fCyberjaya will be the new physical home forITU’s Global Cybersecurity Agenda(GCA)
GCA – framework for internationalcooperation aimed at enhancing confidence
d i i h i f i iand security in the information society
The GCA has fostered initiatives such as theChild O li P t ti (COP) d th hChild Online Protection (COP) and throughits partnership with IMPACT and with thesupport of leading global players iscurrently deploying cybersecurity solutionsto countries around the world.
The Child Online Protection (COP) initiativeaims to tackle cybersecurity holisticallyaddressing legal, technical, organisational andprocedural issues as well as capacity buildingand international cooperation.
COP’s key objectives are:
– Identify key risks and vulnerabilities to children incyberspace;
– Create awareness of the risks and issues throughmultiple channels;
– Develop practical tools to help governmentsDevelop practical tools to help governments,organizations, industry and educators minimize risk;
– Share knowledge and experience while facilitatinginternational strategic partnerships to define andimplement these concrete goals.
Building the largest repository of Child Online Protection
Creating awareness through
Promoting capacity
IMPACT-ITU to formulate Online Protection
materialsthrough partners
p ybuilding policies
InternationalInternational OrganisationsOrganisations Industry PartnersIndustry PartnersInternational International OrganisationsOrganisations Industry PartnersIndustry Partners
Internet / Cyber Security Org Internet / Cyber Security Org
AcademiaAcademiaAcademiaAcademia
Over Over 225 225 universities in universities in IMPACT’s networkIMPACT’s network
.. and many more.. and many more
• Incident response coordination, reporting & analysis• Network early warning system (NEWS)Global Response Network early warning system (NEWS)• Collaborative platform for experts (ESCAPE)• IMPACT GRC Sensor Networks (IGSN)
Global Response Centre
• International certification programs (SANS, EC-Council, (ISC)2)• Specialised skill trainings• Specialised seminars, workshops & conferences
Training & Skills DevelopmentDevelopment
• IMPACT Government Security Scorecard (IGSS)Security IMPACT Government Security Scorecard (IGSS)• Computer Incident Response Team – CIRT-Lite• Security audits, international best practices• IMPACT Research Online Network (IRON), joint research efforts
Security Assurance &
Research
• Formulation of policies• Advisory services on policy and regulatory to partner countries
C ti & ll b ti
Policy & International • Cooperation & collaborations
• Child Online Protection (COP)International Cooperation
ESCAPE Features
Member Profiling
Additional Features
More Featuresg
Group Management
Event Management
ea u es
Multiple Language s
ea u es
Rating
ManagementManagement
Calendars
C
Tags
EnhancedIRON -
ESCAPE –
Industry
ForumsCollaboration
Chat
Polls
Enhanced Security
Document Upload
ESCAPE -Countries
Academia
Forums
Bl
Collaboration
Site statistics
Multimedia support
BlogsCluster Maps Search
NEWS Features
IMPACT GRC Sensor Networks
IMPACT CIRT-Lite Architecture
CIRT-Lite Database
IMPACT IGSS Architecture
Govern
REGULATIONS FRAMEWORKS STANDARDS
Define
CORPORATE POLICIES
Control
IT CONTROL CHECKS
Govern
REGULATIONS FRAMEWORKS STANDARDS
Define
CORPORATE POLICIES
Control
IT CONTROL CHECKS
Operating SystemsSOX COSO Internal policies
MEASURE
RECORD
REPORT
Operating SystemsSOX COSO Internal policies
MEASURE
RECORD
REPORT
p g y
Databases
Applications
Directories
People
HIPAA
GLBA
FISMA
Basel ll
COBIT
ISO17799
NIST
PCI-DSS
CIS
NIST
NSA
RECORDp g y
Databases
Applications
Directories
People
HIPAA
GLBA
FISMA
Basel ll
COBIT
ISO17799
NIST
PCI-DSS
CIS
NIST
NSA
RECORD
Determine risk and develop appropriate policies
Monitor compliance and remediate problems
Demonstrate due care and optimize controls
PeopleBasel ll NSA
Determine risk and develop appropriate policies
Monitor compliance and remediate problems
Demonstrate due care and optimize controls
PeopleBasel ll NSA
IMPACT Government Security Scorecard (IGSS) System
Some Key Activities by Divisiony y
Global Response Centre
Afghanistan Incident
Response Coordination
Dissemination of Threat
Information toIMPACT GRC
Sensor Honeynet Project
ISO/IEC 27037 (Co-Mission Coordination
for Partner Countries
Information to Partner
CountriesNetworks pilot
projectsProject
Workshop27037 (Co-
editor)
Some Key Activities by Division (cont…)y y ( )
Training & Skills Development
IMPACT Network
Investigation IMPACT-SANS
IMPACT Network
Forensics &IMPACT
SecurityCoreDeveloped
Cybersecurity for Law
Enforcement Training
SANS Trainings
Forensics & Investigations
Training
SecurityCoreTrainings Training
Roadmap
Some Key Activities by Division (cont…)y y ( )
Security Assurance & Research
IGSS Pilot Project for
MoU Signing with
ISO/IEC 27001 PacCERT
Establishment CIRT-Lite Malaysian
GovernmentUniversities &
CollegesCertification
(ISMS)Establishment
Project Deployment
Some Key Activities by Division (cont…)y y ( )
Policy & International Cooperation
IMPACTIMPACT-
K k IMPACT-IMPACT-Industry Partner
IMPACT-Microsoft Critical
Information
Kaspersky Seminar on Formulating
Effective
IMPACTTrend Micro Seminar –The Botnet IMPACT
QuarterlyPartner Media
Roundtable
Information Infrastructure
Protection Seminar
Effective Global
Counter-Phishing
Storm: Challenges &
Global C ti
Quarterly Report to ITU
Seminar Phishing Efforts Cooperation
IMPACTJalan IMPACT,
63000 Cyberjaya Malaysia.
Tel: +60 (3) 8313 2020Fax: +60 (3) 8319 2020
22
Email: [email protected]