Information Security: Challenges, Trends

1
Information SecurityChallenges, Trends
SolutionsSherif El-Kassas, PhDDepartment of
CSEAmerican University in Cairo
2
News
3
Security News and Trends (cont.)
4
Security News and Trends (cont.)
http//pcworld.about.com/od/cybercrime/Data-thieve
s-steal-credit-card.htm
5
Security News and Trends (cont.)
http//www.justice.gov/criminal/cybercrime/nolanSe
nt.pdf
6
Security News and Trends (cont.)
http//www.justice.gov/criminal/cybercrime/tandiwi
djojoSent.pdf
7
Security News and Trends (cont.)
http//www.braintree.gov.uk/Braintree/community/co
mmunitysafety/CurrentIssues/CashMachineScam.htm
8
Security News and Trends (cont.)
9
Security News and Trends (cont.)
http//news.bbc.co.uk/2/hi/uk_news/4356661.stm
10
Security News and Trends
11
(No Transcript)
12
Security News and Trends (cont.)
13
(No Transcript)
14
Egypt and the region
15
Security Trends Newsin Egypt the region
Countries Generating Most Online fraud
Nir Kshetri, The Simple Economics of
Cybercrimes, IEEE Security Privacy,
January/February 2006
16
Security Trends News (Egypt the region)

• Thousands hit by card fraud
• The card details of potentially thousands of UAE
• residents have been stolen by a gang of
  fraudsters who hacked into a
• bank's ATM machine, the central bank said in a
  statement on its website.
• http//www.arabianbusiness.com/512710-thousands-hi
  t-by-card-fraud

17
http//www.zone-h.org/
Search with Egypts TLD .eg
17
18
Field experience
19
sitegov.eg inurlcode filetypeasp
20
(No Transcript)
21
(No Transcript)
22
Email Phishing
23
Email Phishing
24
Wireless technology
Net Stumbler
WireShark
AirSnort
25
Applications Platforms
Storm Worm botnet 1M to 10M hosts! Storm Worm
botnet could be worlds most powerful
supercomputer (http//blogs.zdnet.com/security/?p
493)
26
Types of attacks
27
Types of Threats Attacks

• Technical
• Using technological means to break into an
  organization's network and systems
• Physical
• Physically access and attack the enterprise
• Social
• Social engineering attacks

28
The Minikin 17cm x 12.4cm x 5.8cm 10/100
Ethernet 2 USB ports optional wifi
http//ztechshop.net/computers/minikin/
29
Linutop 2 14 x 14 x 3.5 cm 10/100 Ethernet 4
USB 2.0 ports
http//www.linutop.com/linutop2/info/presse.en.htm
l
30
http//www.linuxdevices.com/articles/AT2016997232.
html
31
(No Transcript)
32
(No Transcript)
33
Seeking answers
34
Understanding Addressing Security Threats

• Perspective to security
• Security Prevention
• Detection
• Response

35
Understanding Addressing Security Threats

• Layered view of information security

Data Information
Applications
System
Network
36
Security is Socio-technical Physical!

• Security ? Technological Security

37
Security Risks
Business Risks
Security Risks
Technological
38
Business Risks
Security Risks
Technological
39
How do we Address the Risk?
40
Security is a Process!
41
The Security Process
42
Security Quality Standards
43
ISO 17799 / 27001 / 27002

• Personnel Security
• Security Organization
• Computer Network Management
• Asset Classification and Control
• Security Policy

• Business Continuity Planning
• System Access Control
• System Development and Maintenance
• Physical and Environmental Security
• Compliance

44
Qualified Professionals

• SANS Institute Certified Engineers.
• CISSP Certified and Trained Engineers.
• ISO 270012005 Lead Auditors.
• Certified Ethical Hackers.
• Product related engineers with extensive
  knowledge of various security products.
• etc.

45
Conclusions

• Security is a Process
• Security is Physical, Social, and Technical
• Education
• Standard based Quality focus
• Trends
• Applications and particularly Client software
• Targeted attacks
• Liability the economics of InfoSec