informationsecurity

14
Information Security and Bangladesh Name: Umme Habiba ID: 142-15-3677, Section: B Abstract Information is critical to any business and paramount to the survival of any organization in today’s globalized digital economy. IT professionals must have core knowledge of information security management and the governance requirements involved. This report investigates the evolution of information security; where it came from, where it is today and the direction in which it is moving. It is argued that information security is not about looking at the past in anger of an attack once faced; neither is it about looking at the present in fear of being attacked; nor about looking at the future with uncertainty about

Upload: umme-habiba-madhobi

Post on 06-Jan-2017

10 views

Category:

Engineering


0 download

TRANSCRIPT

Information Security and Bangladesh Name: Umme Habiba

ID: 142-15-3677, Section: B

Abstract

Information is critical to any business and paramount to the survival of any organization in today’s globalized digital economy. IT professionals must have core knowledge of information security management and the governance requirements involved. This report investigates the evolution of information security; where it came from, where it is today and the direction in which it is moving. It is argued that information security is not about looking at the past in anger of an attack once faced; neither is it about looking at the present in fear of being attacked; nor about looking at the future with uncertainty about what might befall us. The message is that organizations and individuals must be alert at all times. Furthermore, this report also highlights critical information security issues that are being overlooked or not being addressed by research efforts currently undertaken. New research efforts are required that minimize the gap between regulatory issues and technical implementations.

Keywords

Information security; Information security topics; Goals; Information security trends; Security implementation approach.

1. Introduction :

Information security has evolved from addressing minor and harmless security breaches to managing those with a huge impact on organizations’ economic growth.

Information security: a “well-informed sense of assurance that the information risks and controls are in balance.” —James Anderson, Inovant (2002)

IT professionals must have core knowledge of information security management and the governance requirements involved. The IT industry is a relatively new sector in the country's economy. Though it is yet to make tangible contributions in the national economy, it is an important growth industry. Comparatively, the information security of Bangladesh is not as much better as others developed country.

2. Information security:

The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information. The best offense is a good defense when it comes to our network’s security. Security testing and assessments provide organizations with the knowledge, expertise and efficiency needed to conduct thorough security and risk evaluations of our environment.

Necessary tools: policy, awareness, training, education, technology

Fig.1: Components of Information Security

3. Goals:

A primary goal of information security is to fulfill the above demands that clarify how reliable our security is! Controlling access to sensitive information is crucial to the security of any organization. Information security can be decomposed into three basic categories:

Confidentiality making sure that those who should not see information.

Integrity making sure that the information has not been changed from its original.

Availability making sure that the information is available for use when you need it.

These categories are not mutually exclusive as a loss in confidentiality can often times lead to a loss in integrity and/or availability. Many different security models have been proposed to help address the concerns of confidentiality, integrity and availability.

4. Approaches to Information Security Implementation:

A. Bottom-Up Approach:

Grassroots effort: systems administrators attempt to improve security of their systems

Key advantage: technical expertise of individual administrators

Seldom works, as it lacks a number of critical features:

Participant support

Organizational staying power

B. Top-Down Approach:

Initiated by upper management

Issue policy, procedures and processes

Dictate goals and expected outcomes of project

Determine accountability for each required action

The most successful also involve formal development strategy referred to as systems development life cycle.

Fig.2: Approaches to Information Security Implementation.

5.Information security trends in Bangladesh:

Located in South Asia, Bangladesh is an Islamic country with a young and rapidly growing population of 164 million.

According to the BASIS 2012 survey the ICT industry has consistently grown in recent years at 20 to 30 percent per annum. Over 800 registered ICT companies generated total revenues of approximately $250 million. More than 75 percent of companies are involved in customized application development and maintenance, 50 percent are dedicated to IT enabled services, and 45 percent offer E-commerce/Web services. The survey also shows that 60 percent of companies solely focus on the domestic market.

According to this survey, we can say that our ICT industry has grown up day by day and plays a vital role on our economy. That’s why our information security system needs to be modified for our future betterment and improvement.

In February 2012, Bangladesh Declared Cyber War against India on the Protest of Unjust Border Killings By Indian BSF and Indian Cyber Warriors and finally Bangladesh defeated India. That means our security system was not bad but it is not satisfactory at all as several time it’s bank are hacked by outer country’s hacker.

Capitalizing on weaknesses in the security of the Bangladesh Central Bank, including the possible involvement of some of its employees,[6] perpetrators attempted to steal $951 million from the Bangladesh central bank's account with the Federal Reserve Bank of New York sometime between February 4–5 in 2016 when Bangladesh Bank's offices were closed. The perpetrators managed to compromise Bangladesh Bank's computer network, observe how transfers are done, and gain access to the bank's credentials for payment transfers. They used these credentials to authorize about three dozen requests to the Federal Reserve Bank of New York to transfer funds from the account Bangladesh Bank held there to accounts in Sri Lanka and the Philippines.

Thirty transactions worth $851 million were flagged by the banking system for staff review, but five requests were granted; $20 million to Sri Lanka (later recovered[7][8]), and $81 million lost to the Philippines, entering the Southeast Asian country's banking system on February 5, 2016. This money was laundered through casinos and some later transferred to Hong Kong.

In 2013, the Sonali Bank of Bangladesh was also successfully targeted by hackers who were able to cart away US$250,000. In 2015, two other

hacking attempts were recorded, a $12 million theft from Banco del Austro in Ecuador in January and an attack on Vietnam's Tien Phong Bank in December that was not successful. In all these cases, the perpetrators are suspected to have been aided by insiders within the targeted banks, who assisted in taking advantage of weaknesses within the SWIFT global payment network.

Investigation

Initially, Bangladesh Bank was uncertain if its system had been compromised. The governor of the central bank engaged World Informatics Cyber Security, a US based firm, to lead the security incident response, vulnerability assessment and remediation. World Informatics Cyber Security brought in the leading forensic investigation company Mandiant, a FireEye company, for the investigation. These cyber security experts found "footprints" and malware of hackers, which suggested that the system had been breached. The investigators also said that the hackers were based outside Bangladesh. An internal investigation has been launched by Bangladesh Bank regarding the case.

The Bangladesh Bank's forensic investigation found out that malware was installed within the bank's system sometime in January 2016, and gathered information on the bank's operational procedures for international payments and fund transfers.

The investigation also looked into an unsolved 2013 hacking incident at the Sonali Bank, wherein US$250,000 was stolen by still unidentified hackers. According to reports, just as in the 2016 Central Bank hack, the

theft also used fraudulent fund transfers using the Swift International Payment Network. The incident was treated by Bangladeshi police authorities as a cold-case until the suspiciously similar 2016 Bangladesh Central Bank heist.

Bangladesh Bank chief governor Atiur Rahman resigned from his post amid the current investigation of the heist and money laundering. He submitted his resignation letter to Prime Minister Sheikh Hasina on March 15, 2016. Before the resignation was made public, Rahman stated that he would resign for the sake of his country.

6. Conclusion:

Information security is a “well-informed sense of assurance that the information risks and controls are in balance.” Computer security began immediately after first mainframes were developed. Successful organizations have multiple layers of security in place: physical, personal, operations, communications, network, and information. Security should be considered a balance between protection and availability. Information security must be managed similar to any major system implemented in an organization using a methodology like SecSDLC.

At last, I want to say that information of any country is as like as backbone of its. So, it’s security protection need to be a great concerning and sensitive issue of all country for more secure life.

7. References

[1] https://en.wikipedia.org/wiki/Information_security

[2] https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist

[3] http://www.sciencedirect.com/science/article/pii/S016740480

8001168

[4] http://newsinfo.inquirer.net/773842/bangladesh-central-bank-governor-quits-over-81m-heist

[5] http://www.thedailystar.net/news-detail-120615

[6] http://www.journals.elsevier.com/journal-of-information-security-and-applications/call-for-papers/special-issue-on-security-and-dependability-of-internet-of-t

[7]http://www.computerweekly.com/feature/How-to-create-a-good-information-security-policy

[8]Anderson, J. M. (2003). "Why we need a new definition of information security".Computers & Security, 22(4), 308–313. doi:10.1016/S0167-4048(03)00407-3.

[9]Jump up ̂  Venter, H. S., & Eloff, J. H. P. (2003). "A taxonomy for information security technologies".Computers & Security, 22(4), 299–307. doi:10.1016/S0167-4048(03)00406-1.

[10] https://www.youtube.com/watch?v=MsCe1x3zLAU