Download Human and Institutional Capacity Building for Information Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
Document related concepts
no text concepts found
Transcript 
Human and Institutional Capacity
Building for Information Security
2014. 10. 14
Wan S. Yi
VP, Ph.D., CISSP
Korea Internet & Security Agency
1
Need for Information Security
2
Current Status
3 Main Activities
4
Strategy for IS Capacity Building
Ⅰ. Need for Info. Sec.
Korean Government Effort in ICT
Cyber crisis response
cooperation system
Develop Master plan for Korean ICT
1994 Created Ministry of Information and Communication (MIC)
1995 Developed plan for high speed information communication network
Adopted Law
1996 Framework act on information promotion
Acquire Stable Budget
Dedicated Professional Agencies
KISA, KISDI, ETRI, NIPA, NIA
Public Outreach
Han River Miracle
25,000
GDP per capita (current US$)
20,000
15,000
10,000
5,000
0
1960 1963 1966 1969 1972 1975 1978 1981 1984 1987 1990 1993 1996 1999 2002 2005 2008 2011
5
Seoul, in 1950s
Seoul, in 2013
Han River, in 1950s
Han River, in 2013
Within 60 years..
Korea’s GDP per capita exceeded $ 23,837 in 2013,
compared to that of $155 in 1960
Korea marks..
33rd in Global GDP ranking (’13)
9th highest world’s trade volume (’13)
7th highest export volume (’13)
1st out of 193 countries in ICT Development Index rankings of ITU (’13)
1st out of 192 countries, in E-Government Development Rankings of UN (’14.6.)
10
GDP Growth Contribution of ICT
Unit: %
25
GDP ratio (2011)
GDP Growth contribution (2012)
20.8
20
15.8
15
10.5
10
10.5
8.9
8.4
5.1 5.3
5
5.8
5.3 5.3
5.9
10.5
7.0
10.5
7.0
5.3 5.3
6.2
6.0
4.5
2.7
0
0.0
0.0
0.0
-5.0
-5.3
-10.0
Agr.,Fishing Chemical
Metal
ICT sector
(Mfg.+Serv.)
Auto. Construnction
Wholesale Finance Real estate BusinessPublic admin.Education Health
&
&
&
&
&
activity
Ship
Retail
Renting
Defence
Social work
11
Ⅱ. Current Status
Current landscape of ICT
Rapidly expanding broadband
The ICT sector and the crisis
Business & Household adoption and use
Digital content
Government priorities
Internet of things
50 billion mobile wireless devices connected to Internet by 2020
700 million M2M enabled cars by 2020
Security and Privacy
Threats to Information Society
Cyber space is becoming increasingly crucial for the creation of broader societal benefits. However
these economic and social benefits might at risk by poor security, such as the growth in cyber crime or
cyber attack against Critical Information Infrastructures (CIIs)
Banking
Information &
Telecommunications
Health
Transportation
E-Government
Energy
Military
Gaps in Information Security Capacity
•
Source: Fighting to Close the Gap,
Ernst & Young’s 2012 Global
Information Security Survey
Changes of Cybersecurity Threats
Purpose : show-off
financial
cyber terrorism (social
Technique : manual
stealth, automatic
organized and intelligent
Target : individual system
large-scale, network
social infrastructure,
unrest)
state
High
destruction
of industry
infrastructure
Strategic information war
• Hacktivism
P
r
o
f
e
s
s
i
o
n
a
l
I
t
y
• Sophisticated and continuous attack
• Cyber terror
Purposed cyber attack-professional hacker
Social
confusion,
political
purpose
Common cyber attack
Service
stop
• Attack to unspecified objects
for fun
purposed
DDoS attack
DoS
• Curiosity
System
infringement
Invasion
trial
Low
Sophisticated
malicious
code
• Pursuit purposed monetary benefit
• Small monetary purpose
As of now
scanning
Small scale
• Common attack
• Employed
hacker
Scale of damage
• National terrorism
Large scale
Current Status – Examples of Cyber Attacks
2003
2004
1
2005
2
2006
2007
2008
3
2009
2010
2011
4
2012
5
2013
6
7
2013
2014
2014
8 9
No.
Date
Cyber Attack
1
2003. 1
A computer virus shut down servers at the country's largest Internet service provider, KT Corp,
disconnecting five million customers from the web
2
2005. 6
224,400 cases of ID theft were identified by NCSoft (online game company)
3
2008. 2
10.8 million cases of ID theft were identified by Auction Korea (online shopping company)
4
2009. 7
7.7 DDoS attack to portal sites, online bank and government’s homepages in US and South Korea
occurred
5
2011. 9
35 million cases of ID theft were identified by SK Communications (portal site)
6
2013. 3
Major television broadcasters and banks were under cyber attack
(48,700 PCs, Servers and ATMs were damaged)
7
2013. 6
The websites of S. Korea’s presidential office, government agencies and some media organizations
were attacked
8
2014. 1
85 million personal information from KB Card, NH Card, Lotte Card has been disclosed
9
2014. 3
9.8 million personal information from KT has been disclosed
Current Status – Threats
Incidents in One Day [2013]
Malicious codes appear : 6,617
source from KISA (2,415,046/Y)
’12 : 1,435, ↑ 361%
Mobile Malicious codes appear : 2.4
source from KISA (analyzed by KISA)
Homepage Defacement : 4.7
source from KISA (17,00/Y)
’12 : 8.7, ↓ 46%
Web-embedded malicious code : 48.6
source from KISA (17,750/Y)
’12 : 35.7, ↑ 36.1%
Zombie PC : 3,340
source from KISA
Sinkhole(1,240,906/Y)
’12 : 8,821, ↓ 63%
DDoS Attack : 1.6
source from KISA (users’ report : 53)
source from KISA IX detection : 415
source from KISA cyber shelter : 116
’12 : 1.6, ↑ 6.7%
Phishing Site : 21.9
source from KISA 7,999/Y
’12 : 19, ↑ 15%
Spam : 59,830
source from KISA
’12 : 89,628, ↓ 33%
Cyber Incidences – Global Issue
22 government, corporate site were attacked 3 times
Attack using
Money was not the objective
highly organized
Self destructed so that attack path could not be predicted
scenario
Malicious Code Distributer (6 site)
Pusan Webhard Site
Attacked Site
Seoul
Webhard
Side
Attacker
Pusan
Total of 36 Sites
(Korea : 22, Global : 14)
GuaChon
Seoul
Manage zombie
PCs
Management Server
(6 Nations 9Servers in US and Germany)
JinJu
Store info. on zombie
PCs
Send DDoS attack
command
Erase HDD
Info. Store Server
(59 Nations 416 Server)
Attack command server
Destroy zombie PC
(1 in US)
(6 Nations 6 Servers in US etc.)
Recollection Server
(3 Nations 3 Server in Canada/Venezuela etc.
etc.)
2-9
Ⅲ. Main Activities
K-Link Program
Purpose
Invite ICT policy makers and public officials
To share knowledge Korea has gained during development process
Subjects on mobile communication, information security, spectrum management,
e-Government, transition to IPv6 and digital broadcasting, etc.
Programs
High-level official course: focused on ICT policy
Intensive course: 2 weeks, focused on one specific subject
Youth ICT course: offered to international students in Korea
Integrated course: consists of 3 different subjects
* 4,858 participants, 155 countries(from 1998 to 2014)
APISC Security Training Course
To learn and share experience on computer incidents prevention and response
5 days, mainly focus on the CSIRT establishment and operation
203 trainees from 40 countries(from 2005~ )
IS Experience Sharing Activity
Rwanda
MoU with Rwanda Gov.(RDB) on Information Security(July 2011)
Rwandan President Visit to KISA Situation Room(December 2011)
Projects on CERT, SOC, PKI and training program(December 2012 ~)
Cybersecurity Workshop
Costa Rica (Jan 2013)
Bangladesh (May 2013)
Indonesia (May 2013)
Uganda (July 2013)
Kenya (July 2013)
Thailand (Sept 2013)
Azerbaijan (Nov 2013)
Oman (Oct. 2013, April 2014)
Croatia (May 2014)
Belarus (May 2014)
Cambodia (Aug. 2014)
Mongolia (Sept. 2014)
Uzbekistan (Sept. 2014)
APCICT ICT Security Training
APCICT & the Union Civil Service Board (UCSB) of Myanmar jointly
organized the National workshop on e-Government and Information
Security & Privacy (May 2013, July 2014, Myanmar)
50 trainees from Myanmar government
“Academy of ICT Essentials for
Government Leaders”
Training on Module 6 provides an
overview of the need for information
security, major issues and trends,
and the process of formulating an
information security strategy, etc.
Knowledge Sharing Program(KSP)
Modulization of Information Security Activities
Main policies of information security
√ Policies and strategies
√ Information security laws & regulations
Main information security activities
√ Internet incident response, e-gov security, CIIP,
PKI, ISMS, IS product evaluation, Privacy, etc.
Basic implementation activities
√ Education and training, R&D, awareness, partnership
Evaluation
√ Accomplishment and comparison
Implications
Knowledge Sharing Program
Cooperation with UAE ADSIC
ISMS Recommendation for UAE ADSIC
Capacity building plan for UAE Abu Dhabi
√ Framework for Information Security Workforce
Development and Policy Development
√ Best practices in information security policy:
High level workforce development programs
Center for strategic & international studies
policies
Homeland security policy
Information security education certification
programs
Central American ICT Training Center
To increase broadband penetration rate and to support e-Government projects
Inaugurated on 9th June 2014 in Nicaragua
Training center for 7 central- ameriacan nations
CIIP, mobile information security, guideline for IS, training, etc.
Global Cybersecurity Center for Development(GCCD)
Bring together the extensive experience of Korea’s cybersecurity
Education & training for improvement of capability for IS
CIIP, mobile information security, guideline for IS, training, etc.
Ⅳ. Strategy for IS CB
Development of Framework for IS Workforce
Ecosystem for training Information Security workforce
Graduate schools
Universities
High schools
Liberal arts
Department of Information Security
Information security
multidisciplinary major
Reemploym
ent and
lifelong
education
Vocational
(re)employment/supply of Information security workforce
Expansion of the Information Security
workforce demand structure
Infrastructure for training workforce
Information security managers/CSO
(planning/audit, etc.)
Effective measurement of Information security education
programs
Information security consultants
(risk/assessment, etc.)
Enhanced prediction of domestic supply and demand of
Information security workforce
Engineers (operation/development, etc.)
Establishment of Essential Body of Knowledge (EBK)
Academia Centers
ITRC (IT Research Center) project(1998 ~)
Internet Incident Response Technology Research Centers in colleges (40 Centers)
Smart Grid Security Center
BcN, Home Network, u-office wireless network, RFID/USN
Improvement of security processing speed
RRC (Regional Research Center) project(1995 ~)
Regional Research Centers, which conduct information security research
Real-time intrusion prediction and early warning technology
IT system security level evaluation tools
USN security research
Information Security Core Workforce Development Program
Objective
: To foster 2,000 high-level information security experts customized
to the needs of enterprises
Background : Industrial demand for high-level technology, education opportunities
are provided to the frontline workforce with focus on practical skills
AKIS
(Academy of Knowledge
Information Security)
Digital Forensics
Biometrics
RFID/USN Security
Information security consultants
High Demand for education;
however, private
educational institutions were
not willing to provide them
due to high initial
investment costs
Employment-contract Information Security Master’s Program
Objective : To foster 300 high-caliber experts
Background : 2008 knowledge information security industry promotion plan
Enterprises
Jointly Plan and Run the Curricula
consortium
Master’s degree
Universities
New Information Security Job Creation Program
Objective : To create jobs in the information security area and revitalize
the information security industry
Enterprises
Educational Institutions
The potential employees
consortium
Professional
The unemployed
Conclusion
and Q&A
Related documents
TODAY’S TECHNOLOGY CAN CHANGE IN THE BLINK OF AN EYE.
TODAY’S TECHNOLOGY CAN CHANGE IN THE BLINK OF AN EYE.
Siemplify, a fast-growing cyber security start
Siemplify, a fast-growing cyber security start
Artificial Intelligence Engineer
Artificial Intelligence Engineer
Maritime Cyber Vulnerabilities in the Energy Domain
Maritime Cyber Vulnerabilities in the Energy Domain
• Overview of Cyber Security & need of cyber security • Introduction
• Overview of Cyber Security & need of cyber security • Introduction
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
Yabadabadoo Key Stage 2 Year B Summer Term
Yabadabadoo Key Stage 2 Year B Summer Term
Athens, 18 th May 2016 Professor Georgios Doukidis, Director
Athens, 18 th May 2016 Professor Georgios Doukidis, Director
NOTE: Your selected records (to a maximum of 500
NOTE: Your selected records (to a maximum of 500
Connecting the dots in Cyber Security Regional Workshop on Cyber Security Policies
Connecting the dots in Cyber Security Regional Workshop on Cyber Security Policies