Abstract image of a woman sitting on books and studying on a laptop

OWASP Iceland - Hvert er þroskastig netöryggismála á Íslandi? - April 2014

Svavar Ingi Hermannsson, profile picture
Svavar Ingi Hermannsson

The document provides an overview of a study conducted by KPMG on the state of information and cybersecurity in Iceland, focusing on various factors influencing security awareness and education. It discusses the methodology used to survey IP addresses and servers, revealing risks associated with web hosting and content management systems among Icelandic entities. The findings indicate a significant percentage of high-risk exposures and highlight the need for improved cybersecurity measures in various sectors.

Technology
1 of 29
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Hvert er þroskastig netöryggismála á Íslandi? OWASP Iceland – apríl 2014 Svavar Ingi Hermannsson KPMG, Ráðgjafarsvið
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 1 Dagskrá Kynning Tilgangur Heildarmynd – Almennar forsendur Netið skoðað – Aðferðir – Niðurstöður Varnarþættir – Eftirlitsþættir Yfirlit
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 2 Hver er ég? Svavar Ingi Hermannsson hefur sérhæft sig í tölvuöryggi síðustu 15 ár og hefur gengt ýmsum störfum tengt forritun og ráðgjöf í tölvuöryggi (innbrotsprófanir, veikleikagreiningar, kóðarýni, stjórnun upplýsingaöryggis (þar á meðal ISO/IEC 27001 og PCI DSS)). Svavar hefur kennt við Háskóla Íslands og Háskólann í Reykjavik, auk þess að hafa haldið námskeið fyrir viðskiptavini KPMG. Svavar var formaður faghóps um öryggismál hjá Skýrslutæknifélaginu frá 2007 til 2012. Svavar er með ýmsar gráður, meðal annars: CISSP, CISA, CISM. Kynning
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 3 Tilgangur rannsóknarinnar? KPMG hafði áhuga á að vita þroskastig upplýsinga og netöryggismála á íslandi. Spurning; Hvernig er netöryggi á Íslandi háttað? Við fundum engar rannsóknir sem gáfu heildaryfirlit yfir núverandi stöðu mála. Takmarkað af upplýsingum til staðar. Margar spurningar, fá svör
Púslum raðað saman
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 5 Rannsókn – Almennar forsendur – Menntun / Vitund Ýmsir þættir sem hafa áhrif á netöryggi: Menntun / Vitund Þáttaka stjórnenda / Fjárhagslegir þættir Símenntun / Upplýsinga- öryggisvottanir Mennta kerfið Netöryggi Á háskóla stigi: -Ef boðið hefur verið upp á kúrsa í tölvuöryggi þá hafa þeir verið valkúrsar. -Margir tölvuöryggiskúrsar í gegnum tíðina hafa lagt áherslu á dulkóðun. Hvernig styður núverandi menntakerfi við Vitundarvakningu í upplýsingaöryggi? Á grunnskóla / gagnfræðiskólastigi? - Það eru tækifæri til að byrja þar - Öryggisvitund snemma
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 6 Rannsókn – Almennar forsendur – Upplýsingaöryggisgráður Ýmsir þættir sem hafa áhrif á netöryggi: Upplýsingaöryggisgráður Þáttaka stjórnenda / Fjárhagslegir þættir Menntakerfið Netöryggi What security certifications is the industry using? 15 CEH 16 CISA 6 CISSP 4 CISM Source: (https://www.isaca.org/) Source: (https://www.eccouncil.org) Source: (https://www.isc2.org) Símenntun / Upplýsinga- öryggisvottanir
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 7 Rannsókn – Almennar forsendur – Aðgengilegar upplýsingar Fjöldi ISO/IEC 27001 vottaðra fyrirtækja á Íslandi Fjöldi tilkynntra afskræmdra vefsíðna á íslenskum lénum fyrir árið 2013, dagsetning 10.09.2013 (zone-h.org) #fjöldi skráðra .is léna 45.201 # tilkynntar afskræmingar 823 Það er tilhneiging að gera lítið úr afhausunum vefsíðna Það sem þau halda að það sé! Það sem við vitum að það er! 20
Netið skoðað
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 9 Netið skoðað – Allir vinir í skóginum Við vildum prófa allt… hinsvegar Við framkvæmdum ekki veikleikagreiningu á netunum sem við skönnuðum. Áhættan var talin of mikil!
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 10 Hvað var skoðað? ? Ísland (port skönnun) Netupplýsingar aðgengilegar almenningi (570 aðilar) IPv4 Opin port Keyrandi þjónustur Vefmiðlarar WCMS DNS Tveir stærstu þættir rannsóknarinnar
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 11 Aðferðir? ? ? Allar IPv4 úthlutaðar til Íslands skannaðar, 770.000 IP tölur í heildina Reykjavik Internet Exchange – RIX This is a list of Autonomous System Numbers that are, to the best of our knowledge, registered to Icelandic entities and are in use in Iceland. From the networks originated by these AS numbers we derive a list of IP networks in use in Iceland. Please note that this is not a geo-location service, as there are always networks in use in Iceland that are originated by external AS numbers or by AS numbers registered to foreign or international service providers. Some networks, registered to Icelandic entities, are in use abroad, partially or totally. When we refer to Icelandic AS-numbers or networks, please bear this in mind. Rannsóknin spannaði júní – ágúst 2013. Notast við •ADSL tengingu •Port skanna •Sérsniðin skönnunar og greiningar tól •Landið skannað: 100 port Source: (http://www.rix.is/english/is-as-nets-en.html)
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 12 Rannsókn – Skönnun á IP tölum Íslands Skönnun á öllum IPv4 sem tilheyra Íslandi, Í heildina 770.000 IP tölur Open ports 37.970 Http 13.924 Https 1949 Telnet 9670 POP3 1383 FTP 6021 2026 CISCO CISCO Telnet 755 Honey pots = 2
Lénin skoðuð
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 14 Rannsókn – Lénin Uppbygging rannsóknarinnar og umfang fyrir íslensku lénin. 300 stærstu Stærstu 300 fyrirtækin byggt á veltu fyrir árið 2012 Í heildina var notast við 570 lén í rannsókninni Sérvaldir aðilar Ýmsir aðilar úr fjármála og opinbera atvinnugeiranum Á þessari kynningu munum við einbeita okkur að heildinni auk þess sem eftirfarandi þrjár atvinnugreinar eru skoðaðar: Public – Financial - Healthcare Atvinnu- greinar Flokkað í 37 atvinnugreinar
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 15 Niðurstöður – Vefmiðlarar • Rannsóknin skoðaði vefmiðlarana sem hýstu 570 lénin • Áhætta er skilgreind sem mikil eða lítil 34,5% 36% Low Risk High Risk Heildar niðurstöður 29,5% Information not available 22% 41% 38% 33% 35% 41% 25% 33% 36% 41% 30% 36% 35% 37% 58% 47% 42% 17% 33% 30% 29% 22% 17% 20% 0% 20% 40% 60% 80% 100% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Atvinnugeiri Webserver niðurstöður eftir atvinnugeirum Low Risk High Risk Not known
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 16 Niðurstöður – Web Content Management Systems (WCMS) • Rannsóknin skoðaði WCMS í notkun hjá 570 lénunum. • Áhætta er skilgreind sem mikil eða lág. 8% 12% Low Risk High Risk 80% Information not available Heildar niðurstöður 2% 12% 8% 6% 6% 15% 4% 7% 5% 15% 18% 3% 10% 15% 33% 7% 93% 73% 75% 91% 84% 70% 63% 87% 0% 20% 40% 60% 80% 100% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Atvinnugeiri WebCMS niðurstöður eftir atvinnugeirum Low Risk High Risk Not known
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 17 Niðurstöður – Web Content Management Systems (WCMS) - framhald • Hversu mörg óþekkt WCMS voru Íslensk af þessum 570? Íslensk WCMS: 40,7% WCMS - A WCMS - B WCMS - C Dreifing 15,9 % 11 % 11 % Dreifing WCMS 68% 27% 58% 21% 19% 22% 21% 53% 0% 20% 40% 60% 80% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Hlutfall Atvinnugeiri Hlutfall íslenskra vefja eftir atvinnugeirum
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 18 Niðurstöður – DNS • Hvernig er dreifingin á DNS skráningu? • Fjöldi DNS miðlara fyrir 570 lénin: 309 SP A SP B SP C Dreifing léna 16,9 % 11,5 % 9 % Stærstu DNS miðlararnir Bind Microsoft Unknown / hidden Hlutdeild 32 % 5,2 % 61,5 % DNS útgáfur Bind sem lekur upplýsingum um stýrikerfi: 46
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 19 Niðurstöður – TLS/SSL • Hversu margar einstakar IP tölur voru fyrir 570 lénin? 342 IP tölur • Hversu margar af þessum 342 IP tölum bjóða upp á TLS/SSL? 188 (55%) Weak Cipher SSLv2 MD5 Veikleikar sem fundust 96,3 % 39,4 % 4,8 % Veikleikar skoðaðir: Self signed Expired Veikleikar sem fundust 16,5 % 15,4 % Aðrir þættir:
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 20 Niðurstöður – FTP • Hversu margar af 342 IP tölunum bjóða upp á FTP? 152 • Hversu margar af þessum 152 auglýsa TLS/SSL stuðning? 21 (13,8%) Microsoft Vsftpd Proftpd Hlutdeild 26,3 % 17,1 % 14,5 % Dreifing milli tegunda
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 21 Niðurstöður – Dreifing á IP tölur • Hvernig er dreifingunni háttað fyrir þessar 342 IP tölur með tilliti til 570 l? • Hversu stór hluti léna er á umfangsmestu IP tölurnar? 34 umfangsmestu IP tölur Aðrar IP tölur Teknar eru fyrir 34 stærstu af 342 38 % 62 % Dreifing léna á IP tölur 5 5 5 5 5 5 6 6 6 7 8 8 10 11 12 14 16 32 0 10 20 30 40 rrr.rrr.rrr qqq.qqq.qqq ppp.ppp.ppp ooo.ooo.ooo nnn.nnn.nnn mmm.mmm.mmm lll.lll.lll kkk.kkk.kkk jjj.jjj.jjj iii.iii.iii hhh.hhh.hhh ggg.ggg.ggg fff.fff.fff eee.eee.eee ddd.ddd.ddd ccc.ccc.ccc bbb.bbb.bbb aaa.aaa.aaa Lén IPtölur Fjöldi síðna á hverja IP tölu
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 22 Niðurstöður – Dreifing milli þjónustuaðila • Hvernig var dreifingin milli þjónustuaðila fyrir þessi 570 lén? SP A SP B SP C Hlutdeild 7,3 % 5,3 % 4,9 % Dreifing Þjónustuaðila Þj. 1 9% Þj 2 9% Þj. 3 8% Þj. 4 7% Þj. 5 7% Þj. 6 6%Þj. 7 5% Þj. 8 6% Þj. 9 6% Aðrir 37% Dreifing á lénum milli þjónustuaðila Dreifing þar sem Þjónustuaðilar eru þekktir:
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 23 Niðurstöður – Umfang og frávik nafnamiðlara • Hverjir eru stærstu nafnamiðlararnir? • Hversu mikið frávik eru á milli stærstu og minnstu nafnamiðlara hjá hverjum þjónustuaðila? 7 7 7 8 10 10 10 10 12 13 15 16 24 24 26 40 52 66 97 0 20 40 60 80 100 120 Nafnamiðlari 19 Nafnamiðlari 18 Nafnamiðlari 17 Nafnamiðlari 16 Nafnamiðlari 15 Nafnamiðlari 14 Nafnamiðlari 13 Nafnamiðlari 12 Nafnamiðlari 11 Nafnamiðlari 10 Nafnamiðlari 9 Nafnamiðlari 8 Nafnamiðlari 7 Nafnamiðlari 6 Nafnamiðlari 5 Nafnamiðlari 4 Nafnamiðlari 3 Nafnamiðlari 2 Nafnamiðlari 1 Lén Þjónustuaðili Umfang nafnamiðlara hjá þjónustuaðila 0% 0% 0% 0% 0% 0% 0% 0% 0% 6% 10% 14% 20% 42% 46% 50% 50% 71% 88% 0% 20% 40% 60% 80% 100% Nafnamiðlari 19 Nafnamiðlari 15 Nafnamiðlari 14 Nafnamiðlari 11 Nafnamiðlari 10 Nafnamiðlari 9 Nafnamiðlari 7 Nafnamiðlari 5 Nafnamiðlari 2 Nafnamiðlari 1 Nafnamiðlari 13 Nafnamiðlari 18 Nafnamiðlari 12 Nafnamiðlari 6 Nafnamiðlari 3 Nafnamiðlari 16 Nafnamiðlari 4 Nafnamiðlari 17 Nafnamiðlari 8 Frávik (munur á stærsta og lægsta nafnamiðlara) Þjónustuaðili Frávik á nafnamiðlurum þjónustuaðila
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 24 Varnarþættir
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 25 Hvaða fyrirbyggjandi stýringar og eftirlitsþættir eru í boði? Australian Government – Department of Defense “At least 85% of the targeted cyber intrusions that Defense Signals Directorate (DSD) responds to in 2011 could be prevented by following the Top 4 mitigation strategies listed in our Strategies to Mitigate Targeted Cyber Intrusions” Helstu 35 eftirlitsþættirnir og stýringarnar http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 26 Helstu 35 eftirlitsþættirnir og stýringarnar http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
Stóra spurningin / Yfirlit Hvert er þroskastig netöryggismála á Íslandi?
© 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we Endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. kpmg.com/socialmedia Spurningar? shermannsson@kpmg.is

More Related Content

PDF
EU data protection laws and impacts on healthcare applications and health data
Speck&Tech
 
PDF
WatchU Company Profile
Justin Fisher
 
PDF
Data Quality Challenges to Big Data_Practical Insights_KPMG Presentation 20.4...
Hugo van Hoogstraten
 
PPT
Astral Corporate Profile
guest7daa00a
 
PDF
2013 10-09 oneia what’s next with sr&ed
ONEIA
 
PPSX
IBPS SSC Govt Jobs News
MPUP School
 
PDF
UPPLÝSINGAÖRYGGI OG OPINBERIR VEFIR
Svavar Ingi Hermannsson
 
PPTX
Pharmacology
Tetraponera Rufonigra
 
EU data protection laws and impacts on healthcare applications and health data
Speck&Tech
 
WatchU Company Profile
Justin Fisher
 
Data Quality Challenges to Big Data_Practical Insights_KPMG Presentation 20.4...
Hugo van Hoogstraten
 
Astral Corporate Profile
guest7daa00a
 
2013 10-09 oneia what’s next with sr&ed
ONEIA
 
IBPS SSC Govt Jobs News
MPUP School
 
UPPLÝSINGAÖRYGGI OG OPINBERIR VEFIR
Svavar Ingi Hermannsson
 
Pharmacology
Tetraponera Rufonigra
 

Viewers also liked (12)

PPTX
Engaging Citizens in a Digital World: What Citizens Really Want from Digital ...
Andrea Frazier
 
PDF
Iapi.a
Putri Khayalan
 
PPTX
South Padre
kq569
 
PPTX
Kehoachbaiday
Ngọc Hiếu
 
PPS
Nos vamos de viaje
Frank Pozo
 
PPTX
Engaging citizens in a Digital World
Andrea Frazier
 
DOCX
Spektrofotometri adalah cabang dari spektroskopi
Fadhly M S
 
PPTX
West Las Vegas Middle School Yearbook title page
veronicamorris
 
PPTX
Efek Panas- Thermodinamika
Fadhly M S
 
PPTX
Deepwater: Business Ethics Simulation
waynebuck
 
PPT
metodologi penelitian kuantitatif bab 1 & 2
Fadhly M S
 
DOC
Manual karuna master.doc111111
Dkmshk Dkm Shk
 
Engaging Citizens in a Digital World: What Citizens Really Want from Digital ...
Andrea Frazier
 
Iapi.a
Putri Khayalan
 
South Padre
kq569
 
Kehoachbaiday
Ngọc Hiếu
 
Nos vamos de viaje
Frank Pozo
 
Engaging citizens in a Digital World
Andrea Frazier
 
Spektrofotometri adalah cabang dari spektroskopi
Fadhly M S
 
West Las Vegas Middle School Yearbook title page
veronicamorris
 
Efek Panas- Thermodinamika
Fadhly M S
 
Deepwater: Business Ethics Simulation
waynebuck
 
metodologi penelitian kuantitatif bab 1 & 2
Fadhly M S
 
Manual karuna master.doc111111
Dkmshk Dkm Shk
 
Ad

Similar to OWASP Iceland - Hvert er þroskastig netöryggismála á Íslandi? - April 2014 (20)

PPTX
Future of corporate sustainability reporting
UCLA Institute of the Environment and Sustainability
 
PDF
Content Development in a Digital World
TIAA-CREF via Accrue Partners
 
PDF
Don't Trust, And Verify - Mobile Application Attacks
Prathan Phongthiproek
 
PPTX
Audit process presentation
Mostafa Kamal
 
PDF
Odi privacy v0.3
odileeds
 
PDF
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Infosecurity2010
 
PDF
The Voyage to EU MDR Compliance
Greenlight Guru
 
PDF
Daryl Pereira(Compliance & Regulations Stream) Learning From The Expert – Mo...
Knowledge Group
 
PDF
ProIndústria 2017 - A09a - Inovação nos modelos de negócios para novos valore...
CADWARE-TECHNOLOGY
 
PDF
Ironwood Legal Solutions- Broucher
Rajesh Ponnan
 
PDF
Ironwood Broucher- Version 1
Rajesh Ponnan
 
PDF
Gm prs-0600-fintechenterpriseventurepulsereport-v7highres-160309142941
WenRon
 
PDF
Increasing content discoverability_LI
Anuschka Van Dijke
 
PDF
Sys value corporate presentation - security audits 2013
Filipe Rolo
 
PDF
presentation-kpmg-industry-4-0-digital-scm-for-enabling-growt-2019.pdf
SandeepMandal42
 
PDF
CC14GMS
Bethan Thomas
 
PDF
Secure Software Development – COBIT5 Perspective
SPIN Chennai
 
PDF
Cyber security conference 2016 - OpenSphere Overview
Dannisen Chellen
 
PPTX
Securing Your Digital Transformation: Cybersecurity and You
SAP Ariba
 
PPT
Owa Presentation 1.07.09
nmcauley
 
Future of corporate sustainability reporting
UCLA Institute of the Environment and Sustainability
 
Content Development in a Digital World
TIAA-CREF via Accrue Partners
 
Don't Trust, And Verify - Mobile Application Attacks
Prathan Phongthiproek
 
Audit process presentation
Mostafa Kamal
 
Odi privacy v0.3
odileeds
 
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Infosecurity2010
 
The Voyage to EU MDR Compliance
Greenlight Guru
 
Daryl Pereira(Compliance & Regulations Stream) Learning From The Expert – Mo...
Knowledge Group
 
ProIndústria 2017 - A09a - Inovação nos modelos de negócios para novos valore...
CADWARE-TECHNOLOGY
 
Ironwood Legal Solutions- Broucher
Rajesh Ponnan
 
Ironwood Broucher- Version 1
Rajesh Ponnan
 
Gm prs-0600-fintechenterpriseventurepulsereport-v7highres-160309142941
WenRon
 
Increasing content discoverability_LI
Anuschka Van Dijke
 
Sys value corporate presentation - security audits 2013
Filipe Rolo
 
presentation-kpmg-industry-4-0-digital-scm-for-enabling-growt-2019.pdf
SandeepMandal42
 
CC14GMS
Bethan Thomas
 
Secure Software Development – COBIT5 Perspective
SPIN Chennai
 
Cyber security conference 2016 - OpenSphere Overview
Dannisen Chellen
 
Securing Your Digital Transformation: Cybersecurity and You
SAP Ariba
 
Owa Presentation 1.07.09
nmcauley
 
Ad

Recently uploaded (20)

PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PPTX
Configure Apache Mutual Authentication
Antonino Piraino
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PPTX
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
Configure Apache Mutual Authentication
Antonino Piraino
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
The various Industrial Revolutions .pptx
bandileshozi3
 
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 

OWASP Iceland - Hvert er þroskastig netöryggismála á Íslandi? - April 2014

  • 1. Hvert er þroskastig netöryggismála á Íslandi? OWASP Iceland – apríl 2014 Svavar Ingi Hermannsson KPMG, Ráðgjafarsvið
  • 2. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 1 Dagskrá Kynning Tilgangur Heildarmynd – Almennar forsendur Netið skoðað – Aðferðir – Niðurstöður Varnarþættir – Eftirlitsþættir Yfirlit
  • 3. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 2 Hver er ég? Svavar Ingi Hermannsson hefur sérhæft sig í tölvuöryggi síðustu 15 ár og hefur gengt ýmsum störfum tengt forritun og ráðgjöf í tölvuöryggi (innbrotsprófanir, veikleikagreiningar, kóðarýni, stjórnun upplýsingaöryggis (þar á meðal ISO/IEC 27001 og PCI DSS)). Svavar hefur kennt við Háskóla Íslands og Háskólann í Reykjavik, auk þess að hafa haldið námskeið fyrir viðskiptavini KPMG. Svavar var formaður faghóps um öryggismál hjá Skýrslutæknifélaginu frá 2007 til 2012. Svavar er með ýmsar gráður, meðal annars: CISSP, CISA, CISM. Kynning
  • 4. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 3 Tilgangur rannsóknarinnar? KPMG hafði áhuga á að vita þroskastig upplýsinga og netöryggismála á íslandi. Spurning; Hvernig er netöryggi á Íslandi háttað? Við fundum engar rannsóknir sem gáfu heildaryfirlit yfir núverandi stöðu mála. Takmarkað af upplýsingum til staðar. Margar spurningar, fá svör
  • 6. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 5 Rannsókn – Almennar forsendur – Menntun / Vitund Ýmsir þættir sem hafa áhrif á netöryggi: Menntun / Vitund Þáttaka stjórnenda / Fjárhagslegir þættir Símenntun / Upplýsinga- öryggisvottanir Mennta kerfið Netöryggi Á háskóla stigi: -Ef boðið hefur verið upp á kúrsa í tölvuöryggi þá hafa þeir verið valkúrsar. -Margir tölvuöryggiskúrsar í gegnum tíðina hafa lagt áherslu á dulkóðun. Hvernig styður núverandi menntakerfi við Vitundarvakningu í upplýsingaöryggi? Á grunnskóla / gagnfræðiskólastigi? - Það eru tækifæri til að byrja þar - Öryggisvitund snemma
  • 7. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 6 Rannsókn – Almennar forsendur – Upplýsingaöryggisgráður Ýmsir þættir sem hafa áhrif á netöryggi: Upplýsingaöryggisgráður Þáttaka stjórnenda / Fjárhagslegir þættir Menntakerfið Netöryggi What security certifications is the industry using? 15 CEH 16 CISA 6 CISSP 4 CISM Source: (https://www.isaca.org/) Source: (https://www.eccouncil.org) Source: (https://www.isc2.org) Símenntun / Upplýsinga- öryggisvottanir
  • 8. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 7 Rannsókn – Almennar forsendur – Aðgengilegar upplýsingar Fjöldi ISO/IEC 27001 vottaðra fyrirtækja á Íslandi Fjöldi tilkynntra afskræmdra vefsíðna á íslenskum lénum fyrir árið 2013, dagsetning 10.09.2013 (zone-h.org) #fjöldi skráðra .is léna 45.201 # tilkynntar afskræmingar 823 Það er tilhneiging að gera lítið úr afhausunum vefsíðna Það sem þau halda að það sé! Það sem við vitum að það er! 20
  • 10. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 9 Netið skoðað – Allir vinir í skóginum Við vildum prófa allt… hinsvegar Við framkvæmdum ekki veikleikagreiningu á netunum sem við skönnuðum. Áhættan var talin of mikil!
  • 11. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 10 Hvað var skoðað? ? Ísland (port skönnun) Netupplýsingar aðgengilegar almenningi (570 aðilar) IPv4 Opin port Keyrandi þjónustur Vefmiðlarar WCMS DNS Tveir stærstu þættir rannsóknarinnar
  • 12. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 11 Aðferðir? ? ? Allar IPv4 úthlutaðar til Íslands skannaðar, 770.000 IP tölur í heildina Reykjavik Internet Exchange – RIX This is a list of Autonomous System Numbers that are, to the best of our knowledge, registered to Icelandic entities and are in use in Iceland. From the networks originated by these AS numbers we derive a list of IP networks in use in Iceland. Please note that this is not a geo-location service, as there are always networks in use in Iceland that are originated by external AS numbers or by AS numbers registered to foreign or international service providers. Some networks, registered to Icelandic entities, are in use abroad, partially or totally. When we refer to Icelandic AS-numbers or networks, please bear this in mind. Rannsóknin spannaði júní – ágúst 2013. Notast við •ADSL tengingu •Port skanna •Sérsniðin skönnunar og greiningar tól •Landið skannað: 100 port Source: (http://www.rix.is/english/is-as-nets-en.html)
  • 13. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 12 Rannsókn – Skönnun á IP tölum Íslands Skönnun á öllum IPv4 sem tilheyra Íslandi, Í heildina 770.000 IP tölur Open ports 37.970 Http 13.924 Https 1949 Telnet 9670 POP3 1383 FTP 6021 2026 CISCO CISCO Telnet 755 Honey pots = 2
  • 15. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 14 Rannsókn – Lénin Uppbygging rannsóknarinnar og umfang fyrir íslensku lénin. 300 stærstu Stærstu 300 fyrirtækin byggt á veltu fyrir árið 2012 Í heildina var notast við 570 lén í rannsókninni Sérvaldir aðilar Ýmsir aðilar úr fjármála og opinbera atvinnugeiranum Á þessari kynningu munum við einbeita okkur að heildinni auk þess sem eftirfarandi þrjár atvinnugreinar eru skoðaðar: Public – Financial - Healthcare Atvinnu- greinar Flokkað í 37 atvinnugreinar
  • 16. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 15 Niðurstöður – Vefmiðlarar • Rannsóknin skoðaði vefmiðlarana sem hýstu 570 lénin • Áhætta er skilgreind sem mikil eða lítil 34,5% 36% Low Risk High Risk Heildar niðurstöður 29,5% Information not available 22% 41% 38% 33% 35% 41% 25% 33% 36% 41% 30% 36% 35% 37% 58% 47% 42% 17% 33% 30% 29% 22% 17% 20% 0% 20% 40% 60% 80% 100% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Atvinnugeiri Webserver niðurstöður eftir atvinnugeirum Low Risk High Risk Not known
  • 17. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 16 Niðurstöður – Web Content Management Systems (WCMS) • Rannsóknin skoðaði WCMS í notkun hjá 570 lénunum. • Áhætta er skilgreind sem mikil eða lág. 8% 12% Low Risk High Risk 80% Information not available Heildar niðurstöður 2% 12% 8% 6% 6% 15% 4% 7% 5% 15% 18% 3% 10% 15% 33% 7% 93% 73% 75% 91% 84% 70% 63% 87% 0% 20% 40% 60% 80% 100% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Atvinnugeiri WebCMS niðurstöður eftir atvinnugeirum Low Risk High Risk Not known
  • 18. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 17 Niðurstöður – Web Content Management Systems (WCMS) - framhald • Hversu mörg óþekkt WCMS voru Íslensk af þessum 570? Íslensk WCMS: 40,7% WCMS - A WCMS - B WCMS - C Dreifing 15,9 % 11 % 11 % Dreifing WCMS 68% 27% 58% 21% 19% 22% 21% 53% 0% 20% 40% 60% 80% Opinberir Aðilar Almennur Iðnaður Fjármálafyrirtæki Matvælaiðnaður Ýmis Þjónusta Heildverslun Fiskvinnsla og Útgerð Heilsugæsla Hlutfall Atvinnugeiri Hlutfall íslenskra vefja eftir atvinnugeirum
  • 19. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 18 Niðurstöður – DNS • Hvernig er dreifingin á DNS skráningu? • Fjöldi DNS miðlara fyrir 570 lénin: 309 SP A SP B SP C Dreifing léna 16,9 % 11,5 % 9 % Stærstu DNS miðlararnir Bind Microsoft Unknown / hidden Hlutdeild 32 % 5,2 % 61,5 % DNS útgáfur Bind sem lekur upplýsingum um stýrikerfi: 46
  • 20. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 19 Niðurstöður – TLS/SSL • Hversu margar einstakar IP tölur voru fyrir 570 lénin? 342 IP tölur • Hversu margar af þessum 342 IP tölum bjóða upp á TLS/SSL? 188 (55%) Weak Cipher SSLv2 MD5 Veikleikar sem fundust 96,3 % 39,4 % 4,8 % Veikleikar skoðaðir: Self signed Expired Veikleikar sem fundust 16,5 % 15,4 % Aðrir þættir:
  • 21. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 20 Niðurstöður – FTP • Hversu margar af 342 IP tölunum bjóða upp á FTP? 152 • Hversu margar af þessum 152 auglýsa TLS/SSL stuðning? 21 (13,8%) Microsoft Vsftpd Proftpd Hlutdeild 26,3 % 17,1 % 14,5 % Dreifing milli tegunda
  • 22. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 21 Niðurstöður – Dreifing á IP tölur • Hvernig er dreifingunni háttað fyrir þessar 342 IP tölur með tilliti til 570 l? • Hversu stór hluti léna er á umfangsmestu IP tölurnar? 34 umfangsmestu IP tölur Aðrar IP tölur Teknar eru fyrir 34 stærstu af 342 38 % 62 % Dreifing léna á IP tölur 5 5 5 5 5 5 6 6 6 7 8 8 10 11 12 14 16 32 0 10 20 30 40 rrr.rrr.rrr qqq.qqq.qqq ppp.ppp.ppp ooo.ooo.ooo nnn.nnn.nnn mmm.mmm.mmm lll.lll.lll kkk.kkk.kkk jjj.jjj.jjj iii.iii.iii hhh.hhh.hhh ggg.ggg.ggg fff.fff.fff eee.eee.eee ddd.ddd.ddd ccc.ccc.ccc bbb.bbb.bbb aaa.aaa.aaa Lén IPtölur Fjöldi síðna á hverja IP tölu
  • 23. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 22 Niðurstöður – Dreifing milli þjónustuaðila • Hvernig var dreifingin milli þjónustuaðila fyrir þessi 570 lén? SP A SP B SP C Hlutdeild 7,3 % 5,3 % 4,9 % Dreifing Þjónustuaðila Þj. 1 9% Þj 2 9% Þj. 3 8% Þj. 4 7% Þj. 5 7% Þj. 6 6%Þj. 7 5% Þj. 8 6% Þj. 9 6% Aðrir 37% Dreifing á lénum milli þjónustuaðila Dreifing þar sem Þjónustuaðilar eru þekktir:
  • 24. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 23 Niðurstöður – Umfang og frávik nafnamiðlara • Hverjir eru stærstu nafnamiðlararnir? • Hversu mikið frávik eru á milli stærstu og minnstu nafnamiðlara hjá hverjum þjónustuaðila? 7 7 7 8 10 10 10 10 12 13 15 16 24 24 26 40 52 66 97 0 20 40 60 80 100 120 Nafnamiðlari 19 Nafnamiðlari 18 Nafnamiðlari 17 Nafnamiðlari 16 Nafnamiðlari 15 Nafnamiðlari 14 Nafnamiðlari 13 Nafnamiðlari 12 Nafnamiðlari 11 Nafnamiðlari 10 Nafnamiðlari 9 Nafnamiðlari 8 Nafnamiðlari 7 Nafnamiðlari 6 Nafnamiðlari 5 Nafnamiðlari 4 Nafnamiðlari 3 Nafnamiðlari 2 Nafnamiðlari 1 Lén Þjónustuaðili Umfang nafnamiðlara hjá þjónustuaðila 0% 0% 0% 0% 0% 0% 0% 0% 0% 6% 10% 14% 20% 42% 46% 50% 50% 71% 88% 0% 20% 40% 60% 80% 100% Nafnamiðlari 19 Nafnamiðlari 15 Nafnamiðlari 14 Nafnamiðlari 11 Nafnamiðlari 10 Nafnamiðlari 9 Nafnamiðlari 7 Nafnamiðlari 5 Nafnamiðlari 2 Nafnamiðlari 1 Nafnamiðlari 13 Nafnamiðlari 18 Nafnamiðlari 12 Nafnamiðlari 6 Nafnamiðlari 3 Nafnamiðlari 16 Nafnamiðlari 4 Nafnamiðlari 17 Nafnamiðlari 8 Frávik (munur á stærsta og lægsta nafnamiðlara) Þjónustuaðili Frávik á nafnamiðlurum þjónustuaðila
  • 25. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 24 Varnarþættir
  • 26. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 25 Hvaða fyrirbyggjandi stýringar og eftirlitsþættir eru í boði? Australian Government – Department of Defense “At least 85% of the targeted cyber intrusions that Defense Signals Directorate (DSD) responds to in 2011 could be prevented by following the Top 4 mitigation strategies listed in our Strategies to Mitigate Targeted Cyber Intrusions” Helstu 35 eftirlitsþættirnir og stýringarnar http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
  • 27. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. 26 Helstu 35 eftirlitsþættirnir og stýringarnar http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
  • 28. Stóra spurningin / Yfirlit Hvert er þroskastig netöryggismála á Íslandi?
  • 29. © 2014 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we Endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. kpmg.com/socialmedia Spurningar? shermannsson@kpmg.is