Hacking Trust
0 likes751 views
This document discusses several topics: 1) Growth of the Indonesian IT market projected to be worth $512 billion by 2012, with opportunities in e-government, financial services, computer and software sales, and IT services. 2) Cyber security issues in Indonesia including passwords, anti-virus software, email/communication security, mobile device security, privacy, and safe web browsing. 3) The concept of a "network of trust" involving various parties in software development and operations such as developers, customers, and auditors. 4) Changes in ISO 27001:2005 including additional controls for service delivery management and improving external risk management regarding third-party services. 5) The argument that information security is
Hacking Trust
- 1. HACKING TRUST IT Vendors and The Illusion of Safety
- 2. Introduction Artist Information security troublemaker Casual procrastinator http://treeatwork.blogspot.com/2008/11/interview-2-jim-geovedi.html
- 3. Overview Indonesian IT Growth Cyber Security Issues Network of Trust ISO 27001:2005 on third party services
- 5. Indonesian IT Growth Market overview Projected to be worth nearly US$ 512 billion by 2012 The government is pushing for more integrated e-government development, promoting a series of infrastructure and education initiatives Financial services and banking sectors accounting for as much as 30% of total spending forecast Source: Business Monitor International
- 6. Indonesian IT Growth Computer sales Notebook sales were the main driver of PC market growth in 2007 accounted for around 60% of unit sales Computer sales (including notebooks and peripherals) will be worth an estimated US$ 1.9 billion in full year 2008 Source: Business Monitor International
- 7. Indonesian IT Growth Software For 2008, legal software sales are forecast at US$ 361 million Indonesia having one of the worst records in the world in terms of its failure to significantly reduce the software piracy rate, which was estimated at 85% by Business Software Association in 2007 Source: Business Monitor International
- 8. Indonesian IT Growth IT Services Expected to be worth US$ 500 million in 2008 Hardware deployment services remain the largest Indonesian IT service approximately 20% share Opportunities are mainly in fundamental services: system integration, support systems, training, professional services, outsourcing, and Internet services Source: Business Monitor International
- 9. Indonesian IT Growth e-Readiness Only 14% of Indonesians have Internet access (32 million users) Low telephone line density, high charges, and low PC penetration are all significant obstacles In 2007 research, only 40% of Indonesian Internet users have ever made purchases through the Internet Source: Business Monitor International
- 11. Cyber Security Issues General security Passwords Anti-virus software Firewalls
- 12. Cyber Security Issues Email and communication Email attachments Social networking websites SPAM Blog Blind carbon copy VoIP Digital signatures Internet messaging
- 13. Cyber Security Issues Mobile Devices Physical security Data security USB drives Wireless network Bluetooth
- 14. Cyber Security Issues Privacy Anonymity Encryption Secure erase Supplementing passwords
- 15. Cyber Security Issues Safe browsing Active contents and cookies Website certificates Internationalised Domain Name klikbca.com ≠ klikbcå.com (xn--klikbc-nua.com) Browser security settings
- 16. Cyber Security Issues Software and applications Patches Operating systems End-user license agreements
- 17. Network of Trust
- 18. Developers Operations Contractors Finance Operating Systems Marketing ISP Vendors Network Infrastructure Auditors ASP System Integrators Consultants ERP System Analysis Operations Customers Intranet Applications Spies Applications Billing Competitors Business Associations Payment Gateway Corporation Lawyers Backup Business Units Database Board of Directors Executives Planning Secretary Analysis Anti-monopoly Design Development Fair Trades Regulation Government Implementation Money Laundry Surveillance Maintenance Marketing Business Intelligence Data Mining HRD
- 19. Access Management Database Development Audit Trails Code Audit Software Updates Application Performance Review Operating Systems System Hardening Logging Performance Optimisation IT Operations Installation ISP Network Configuration Administration Network Devices Maintenance Backup
- 20. Parties involved in a typical software attack The company that sold the software The attack tool writer The attacker him/herself The owner of the network
- 21. 100% of the liability shouldn't fall on the shoulders of the software vendor, just as 100% shouldn't fall on the attacker or the network owner. But today, 100% of the cost falls directly on the network owner, and that just has to stop. We will always pay for security. If software vendors have liability costs, they'll pass those on to us. It might not be cheaper than what we're paying today. But as long as we're going to pay, we might as well pay to fix the problem. Forcing the software vendor to pay to fix the problem and then pass those costs on to us means that the problem might actually get fixed.
- 22. ISO 27001:2005 on third party services
- 23. ISO 27001:2005 What's new? (compared to BS 7799:2000) 11 old controls modified,116 controls remaining, 17 new controls added — 133 controls in total 5 control objectives re-arranged, 8 new controls objectives added — 39 control objectives in total
- 24. ISO 27001:2005 What's new? Service Delivery Management Service delivery, monitoring and review of third party services, managing charges to third party services Based on BS 15000/ISO 2000
- 25. ISO 27001:2005 What's new? Improving the management of external risk Outsourcing, service providers, supplies, third parties, business partners, and customers SLAs and contracts, audits
- 26. Conclusion Information security isn't a technological problem It's economics problem Make vendors liable for security problems