security, present and future (dec 2011)
TRANSCRIPT
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Security, Present and Future
Marco Melo Raposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Present Day…
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
World in 201x…
Source: Economist, world in 2012
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
2010 CSI Annual report• Malware infection continued to be the most commonly seen attack
• Fewer financial fraud incidents than in previous years (8.7%)
• 45.6% subject of at least one targeted attack.
• Fewer organizations are willing to share specific information about losses.
• Regulatory compliance efforts have had a positive effect.
• Activities of malicious insiders NOT perceived as source of losses (59.1%). Only 39.5 can confirm the fact for sure.
• 51.1 % still not using cloud computing.
Source: CSI annual report 2011
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
2010 - Attacks Experienced
• Malware and Botactivity increasing
• Phishing almost on 40%
• Inside abuse decreasing
• “Legacy”menaces decreasing impact
Source: CSI annual report 2011
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Security Spending 2011-2015
• Security spending will almost double in 4 years
• NAR spends twice as much as EMEA or APAC
Source: IDC, 2011
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Accelerators & Inhibitors
�Compliance
�Convergence
�Industry transformation
�The digital marketplace
�Pervasive computing
�Green IT
�Saturation
Source: IDC Jan 2011
�Economy
�Profits
�Customer Demand
�Hardware
�Services
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Regulation
Relevant Regulation
• Directive 2009/136/CE - Serviço universal e aos direitos dos utilizadores, tratamento de dados pessoais e à protecção da privacidade e cooperaçãoentre as autoridades nacionais
• Lei n.º 109/2009 - Lei do cibercrime• Lei 67/ 98 – Lei da Protecção de Dados Pessoais
Recent Changes in Portuguese Regulation
• “Segurança e Integridade de Redes e Serviços” (lei n.º 51/2011)• “Protecção de Infra-estruturas Críticas” (dl n.º 62/2011
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Society
Corporate
The Hot Topics
Electronic ID
Privacy, accountability and trust
Reputation Systems
Web 2.0 (Or not)Electronic Payments
Endpoint Security
Digital footprint
Consumer devices gone wild
Information Warfare
Cloud Security
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Work-Life balance
Organization
Processes
Technology
Community
HumanRelations
Culture
Emergence
Human Factors
World
Culture
Emergence
Human Factors
People
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
The Ghost NetMarch, 2009
� A study revealed the a malware-based cyber espionage network called GhostNet
� Four control servers allowed attacker to control and receive data from compromised computers.
� A wide-ranging network of compromised computers: At least 1,295 infected computers in 103 countries was detected.
� 30% of the infected computers considered high-value: Ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan; embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan; the ASEAN ,Secretariat, SAARC, Asian Development Bank; news organizations; and an unclassified computer located at NATO headquarters.
� The GhostNet system directs infected computers to download a Trojan known as gh0st RAT that allows attackers to gain complete, real-time control.
� Instances of gh0st RAT are consistently controlled from commercial Internet access accounts located on the island of Hainan, People’s Republic of China.
http://www.infowar-monitor.net/ghostnet/
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
Closing Remarks
• Entering Information Age
• Threats are moving from enterprise to consumer
• Blending of physical instances
• Blending of corporate and private
• Security matters people
• Concerns will focus on– Privacy
– Critical Infrastructures
– Information warfare
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
More Info ??
• ENISA
www.enisa.europa.eu
• NIST
csrc.nist.gov
• EC
ec.europa.eu/justice/data-protection/index_en.htm
• Cloudsecurity
cloudsecurityalliance.org/
• CNPD Legislação Nacional
www.cnpd.pt/bin/legis/leis_nacional.htm
Free to copy, distribute. You must attribute the work in the manner specified by the author. You may not use this work for commercial purposes.
Marco Raposo 2011 http://pt.linkedin.com/in/marcoraposo
THANK YOU!
pt.linkedin.com/in/marcoraposo