![Page 1: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/1.jpg)
Secure Service Delivery
Vibha AgrawalVice PresidenteGovernance
![Page 2: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/2.jpg)
E-Governance Ecosystem
Issues• Vulnerable
Infrastructure• Unauthorized
Access• Identity Theft• Insecure/
Compromised end points
• Illiterate Citizens• Data Leakage• Weak Applications• Financial Fraud
GOI Agencie
s
State Gov
Agencies
Service Provider
s
Citizens
Business
Home PC
CSC
Cyber Cafe
Mobile
Applications
SDC/ NDC
SWAN/NICNET/ NKN
Databases
![Page 3: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/3.jpg)
Statistics
— Insider attacks account for as much as 80% of all computer and Internet related crimes [1]
—Majority of insiders are privileged users and majority of attacks are launched from remote machines [2]
—Most of the attacks are because of the weak authentication i.e. passwords
Sources:
[1] Jim Carr. Strategies and issues: Thwarting insider attacks
[2] National Threat Assessment Center - Insider Threat Study, http://www.ustreas.gov/usss/ntac_its.shtml
![Page 4: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/4.jpg)
Information Security is NOT Infrastructure Security
Information
Security
Infrastructure
Security
Control and Visibility
Security of NO• No Viruses• No Spywares• No Vulnerabilities• No Holes• No Intrusions
Security of KNOW• Know User• Know
Access• Know Data• Know
Activity• Know
Compliance
![Page 5: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/5.jpg)
Securing Information Systems Systems Vulnerability and Abuse
—Security Challenges and Vulnerability
Front-end
Servers
Back-end SystemsCitizen
![Page 6: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/6.jpg)
information security securely connecting users to data
Providing the right people with the
right access at the right time
![Page 7: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/7.jpg)
Security Strategy and Vision
Identity
Control
Content-Aware IAM
Access
Control
Information
Control
The control you need to confidently drive business forward
across physical, virtual and cloud environments
7
![Page 8: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/8.jpg)
Secure Service Delivery
Citizens
Department Users
Authentication &
Authorization
Data & System SecurityAccess Control
• Two Factor Authentication
• Single Sign On• Data Loss
Protection
• Data Loss Protection• Privilege User
Management• Identity Lifecycle
Management• Fraud & Risk
Management
• Fraud & Risk Management
![Page 9: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/9.jpg)
Single Secure Credential
Secure eDocument
Strong Authentication
Digital Signing
Payment gateway integrationVPN Login
2 FA Softwa
re Token
![Page 10: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/10.jpg)
ePramaan – A MCIT approved framework
![Page 11: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/11.jpg)
Learning's…
—Keep it simple
—Build security in design, adding security later is complex and expensive in terms of time, labor and money
—To expect the application to cater for Security is an atrocious ask, rather we should leverage proven security products that are designed to do this job
—privileged users and insiders pose greater threat
![Page 12: SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies](https://reader035.vdocument.in/reader035/viewer/2022062614/547a34bbb4af9f9b158b4a50/html5/thumbnails/12.jpg)
thank you
Deepak Singla
Account Director
9990 414148
Vivek Srivastava
Account Director
9899 203 585