SIVANATHAN SUBRAMANIAM CISSP GCFA MScSIVANATHAN SUBRAMANIAM CISSP, GCFA, MSc

Manager, Global Response CentreITU‐T SG17 Meeting in Geneva, April 2010

fNon-profit organisation

F d “ d f b th t ”Focused on “upper end of cyber threats”

International & multilateral in natureInternational & multilateral in nature

Public-private partnershipPublic private partnership

Global HQ – Cyberjaya, MalaysiaGlobal HQ Cyberjaya, Malaysia

Staffed by international team of expertsy p

IndustryExpertsExperts

A d iAcademia

I t ti l

191Partner

CountriesInternational

Bodies

ThinkTank

No. Confirmed Partner Countries

1 Afghanistan2 Andorra3 Bulgaria4 Burkina Faso5 Cape Verde6 Costa Rica7 Côte d'Ivoire8 Democratic Republic of Congo9 Ghana10 Italy11 Kenya11 Kenya12 Lao PDR13 Malaysia14 Mauritius15 Moldova16 Montenegro16 Montenegro17 Morocco18 Nepal19 Nigeria20 Philippines21 Poland22 Romania23 Saudi Arabia24 Serbia25 Seychelles26 Sudan27 Switzerland27 Switzerland28 Syrian Arab Republic29 Tanzania30 Uganda31 UAE 32 Zambia33 Gabon34 Austria35 Israel36 Vatican37 Egypt

Eugene Kaspersky Eugene Kaspersky – Founder and CEO of Kaspersky Lab

dd éé l f lDr. Dr. HamadounHamadoun TouréTouré – Secretary General of International Telecommunications Union (ITU)

MikkoMikko HypponenHypponen – Chief Research Officer of F-Secure

St ChSt Ch F d d Ch i f T d MiSteve Chang Steve Chang – Founder and Chairman of Trend Micro

AymanAyman HaririHariri – Chairman of Oger SystemsAymanAyman Hariri Hariri – Chairman of Oger Systems

John W. ThompsonJohn W. Thompson – Chairman of Symantec CorporationJohn W. Thompson John W. Thompson Chairman of Symantec Corporation

Prof. Fred Piper Prof. Fred Piper – Cryptologist, Founder of the Information Security Group at Royal Holloway University of London

5

Security Group at Royal Holloway, University of London

IMPACT to operationalise UN’s globalb it i iti ti th h ITUcybersecurity initiatives through ITU.

MOU with ITU in 2008 – IMPACT HQ inC b j ill b th h i l h fCyberjaya will be the new physical home forITU’s Global Cybersecurity Agenda(GCA)

GCA – framework for internationalcooperation aimed at enhancing confidence

d i i h i f i iand security in the information society

The GCA has fostered initiatives such as theChild O li P t ti (COP) d th hChild Online Protection (COP) and throughits partnership with IMPACT and with thesupport of leading global players iscurrently deploying cybersecurity solutionsto countries around the world.

The Child Online Protection (COP) initiativeaims to tackle cybersecurity holisticallyaddressing legal, technical, organisational andprocedural issues as well as capacity buildingand international cooperation.

COP’s key objectives are:

– Identify key risks and vulnerabilities to children incyberspace;

– Create awareness of the risks and issues throughmultiple channels;

– Develop practical tools to help governmentsDevelop practical tools to help governments,organizations, industry and educators minimize risk;

– Share knowledge and experience while facilitatinginternational strategic partnerships to define andimplement these concrete goals.

Building the largest repository of Child Online Protection

Creating awareness through

Promoting capacity

IMPACT-ITU to formulate Online Protection

materialsthrough partners

p ybuilding policies

InternationalInternational OrganisationsOrganisations Industry PartnersIndustry PartnersInternational International OrganisationsOrganisations Industry PartnersIndustry Partners

Internet / Cyber Security Org Internet / Cyber Security Org

AcademiaAcademiaAcademiaAcademia

Over Over 225 225 universities in universities in IMPACT’s networkIMPACT’s network

.. and many more.. and many more

• Incident response coordination, reporting & analysis• Network early warning system (NEWS)Global Response Network early warning system (NEWS)• Collaborative platform for experts (ESCAPE)• IMPACT GRC Sensor Networks (IGSN)

Global Response Centre

• International certification programs (SANS, EC-Council, (ISC)2)• Specialised skill trainings• Specialised seminars, workshops & conferences

Training & Skills DevelopmentDevelopment

• IMPACT Government Security Scorecard (IGSS)Security IMPACT Government Security Scorecard (IGSS)• Computer Incident Response Team – CIRT-Lite• Security audits, international best practices• IMPACT Research Online Network (IRON), joint research efforts

Security Assurance &

Research

• Formulation of policies• Advisory services on policy and regulatory to partner countries

C ti & ll b ti

Policy & International • Cooperation & collaborations

• Child Online Protection (COP)International Cooperation

ESCAPE Features

Member Profiling

Additional Features

More Featuresg

Group Management

Event Management

ea u es

Multiple Language s

ea u es

Rating

ManagementManagement

Calendars

C

Tags

EnhancedIRON -

ESCAPE –

Industry

ForumsCollaboration

Chat

Polls

Enhanced Security

Document Upload

ESCAPE -Countries

Academia

Forums

Bl

Collaboration

Site statistics

Multimedia support

BlogsCluster Maps Search

NEWS Features

IMPACT GRC Sensor Networks

IMPACT CIRT-Lite Architecture

CIRT-Lite Database

IMPACT IGSS Architecture

Govern

REGULATIONS FRAMEWORKS STANDARDS

Define

CORPORATE POLICIES

Control

IT CONTROL CHECKS

Govern

REGULATIONS FRAMEWORKS STANDARDS

Define

CORPORATE POLICIES

Control

IT CONTROL CHECKS

Operating SystemsSOX COSO Internal policies

MEASURE

RECORD

REPORT

Operating SystemsSOX COSO Internal policies

MEASURE

RECORD

REPORT

p g y

Databases

Applications

Directories

People

HIPAA

GLBA

FISMA

Basel ll

COBIT

ISO17799

NIST

PCI-DSS

CIS

NIST

NSA

RECORDp g y

Databases

Applications

Directories

People

HIPAA

GLBA

FISMA

Basel ll

COBIT

ISO17799

NIST

PCI-DSS

CIS

NIST

NSA

RECORD

Determine risk and develop appropriate policies

Monitor compliance and remediate problems

Demonstrate due care and optimize controls

PeopleBasel ll NSA

Determine risk and develop appropriate policies

Monitor compliance and remediate problems

Demonstrate due care and optimize controls

PeopleBasel ll NSA

IMPACT Government Security Scorecard (IGSS) System

Some Key Activities by Divisiony y

Global Response Centre

Afghanistan Incident

Response Coordination

Dissemination of Threat

Information toIMPACT GRC

Sensor Honeynet Project

ISO/IEC 27037 (Co-Mission Coordination

for Partner Countries

Information to Partner

CountriesNetworks pilot

projectsProject

Workshop27037 (Co-

editor)

Some Key Activities by Division (cont…)y y ( )

Training & Skills Development

IMPACT Network

Investigation IMPACT-SANS

IMPACT Network

Forensics &IMPACT

SecurityCoreDeveloped

Cybersecurity for Law

Enforcement Training

SANS Trainings

Forensics & Investigations

Training

SecurityCoreTrainings Training

Roadmap

Some Key Activities by Division (cont…)y y ( )

Security Assurance & Research

IGSS Pilot Project for

MoU Signing with

ISO/IEC 27001 PacCERT

Establishment CIRT-Lite Malaysian

GovernmentUniversities &

CollegesCertification

(ISMS)Establishment

Project Deployment

Some Key Activities by Division (cont…)y y ( )

Policy & International Cooperation

IMPACTIMPACT-

K k IMPACT-IMPACT-Industry Partner

IMPACT-Microsoft Critical

Information

Kaspersky Seminar on Formulating

Effective

IMPACTTrend Micro Seminar –The Botnet IMPACT

QuarterlyPartner Media

Roundtable

Information Infrastructure

Protection Seminar

Effective Global

Counter-Phishing

Storm: Challenges &

Global C ti

Quarterly Report to ITU

Seminar Phishing Efforts Cooperation

IMPACTJalan IMPACT,

63000 Cyberjaya Malaysia.

Tel: +60 (3) 8313 2020Fax: +60 (3) 8319 2020

22

Email: contactus@impact-alliance.org