SlideShare una empresa de Scribd logo

Tt 06-ck

Narinrit Prem-apiwathanokul
Narinrit Prem-apiwathanokul

The document is an agenda for the Cyber Defense Initiative Conference 2011 being held from March 20-21, 2012 in Bangkok, Thailand. The conference theme is "Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity." The agenda includes discussions on mobile challenges for enterprises, what to look for in mobile device management (MDM) solutions, advanced threats over networks, and advanced network analysis tools. It also provides questions to consider when evaluating MDM solutions and discusses the need for intelligence-driven security and best-of-breed solutions to address evolving cyber threats.

EducaciónTecnologíaNoticias y política
1 de 48
Descargar para leer sin conexión
www.cdicconfere n ce. c om Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” รับมือภัยยุคใหม่ดวย ้ MDM และ Deep Network Traffic Analysis อ.ไชยกร อภิวฒโนกุล ั CISSP, CSSLP, GCFA, (IRCA:ISMS) Chief Executive Officer, S-Generation Co., Ltd. Committee, Thailand Information Security Association (TISA)
Name: Chaiyakorn Apiwathanokul ไชยกร อภิวัฒโนกุล Title: Chief Executive Officer Company: S-GENERATION Company Limited Asia Forensic Hub Company Limited Certificates: CISSP, CSSLP, IRCA:ISMS (ISO27001), SANS:GCFA • CSO ASEAN Award 2010 by Ministry of Information and Communications and Ministry of Public Security, Vietnam • 2010 Asia-Pacific Information Security Leadership Achievements (ISLA) by (ISC)2, Honoree in the Senior Information Security Professional category • Security Sub-commission under Thailand Electronic Transaction Commission (ET Act B.E. 2544) • Contribute to Thailand Cyber Crime Act B.E.2550 • Workgroup for CA service standard development • Committee of national standard adoption of ISO27001/ISO27002 • Committee of Thailand Information Security Association (TISA) • Committee of Cybersecurity workforce development, Division of Skill Development, Ministry of Labour chaiyakorna@hotmail.com • Advisor to Department of Special Investigation (DSI) • Advisor to Ministry of Defense, Cyber Operation Center 1997 1999 2000 2004 2006 2011
Press Release “ปั จจุบันโทรศัพ ท์มอ ถือกลายเป็ นปั จ จั ยพื้นฐานทีสาคัญสาหรั บหลายๆ คน ื ่ นอกจากจะใชเป็ นโทรศัพท์แล ้ว ยังเป็ นเสมือนเครืองคอมพิวเตอร์เล็ กๆ ทีม ี ้ ่ ่ ิ ่ ่ ้ ื่ ่ ประสทธิภาพสูงเครืองหนึงทีใชในการเชอมต่อเข ้าสูโลกอินเทอร์เน็ ต สามารถ ่ ท ากิจ กรรมหลากหลายทั ง ส ่ว นตั ว เรื่อ งงาน และธุ ร กรรมต่ า งๆ จึง ท าให ้ ้ โทรศัพ ท์มอ ถือ กลายเป็ นเป้ าหมายใหม่ทสาคัญสาหรั บด ้านมืด ของโลกไซ ื ี่ ั เบอร์ เพราะโทรศพท์มอถือในปั จจุบันแทบไม่ตางอะไรกับเครือง PC เครือง ื ่ ่ ่ หนึงเลย เพียงแต่ขนาดเล็กลงและสามารถพกพาไปได ้อย่างสะดวกบนฝ่ ามือ ่ ่ ั จึงนาไปสูคาถามว่าแล ้วโทรศพท์มอถือเหล่านี้ได ้รับการปกป้ องคุ ้มครองจาก ื ่ ่ ่ ภัยต่างๆ เหมือนกับทีเราปกป้ องเครือง PC ของเราหรือไม่ เชน การ patch OS, โปรแกรมป้ องกันไวรัส และ ไฟร์วอล ทีป้องกันไม่ให ้เครืองเราถูกโจมตี ่ ่ ่ หรือสงข ้อมูลจากเครืองของเราออกไปโดยทีเราไม่รู ้ตัว” ่ ่ ... ไชยกร อภิวัฒโนกุล
Agenda  Mobile challenges for enterprises  What to look for in MDM solution  Advanced threats over the network  Advanced tool for advanced analysis 4
www.cdicconfere n ce. c om Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” 5
Simple Questions  Do you LOCK your mobile device?  Do you have Anti-malware installed?  How many Apps in you device?  Are them all Trustworthy?  Have you ROOTED/Jail-broken your device? 6
The 'lost' cell phone project  What would you do if you found a smartphone?  Symantec researchers intentionally drop 50 smartphones in 5 cities  Some traps and tracking apps were installed to observe the behavior of the phone finders  Contact, banks info, HR files, saved password http://digitallife.today.msnbc.msn.com/_news/2012/03/08/10595092-exclusive-the-lost-cell-phone-project-and-the-dark-things-it-says-about-us
This map shows where one finder moved the phone; a chart on the right shows what apps and files were accessed.
Findings  43% of finders clicked on an app labeled "online banking.“  53% clicked on a filed named "HR salaries."  57% opened a file named "saved passwords”  60% checked on social networking tools and personal e-mail  72% tried on folder labeled "private photos”
Findings  89% of finders clicked on something they probably shouldn't have.  Only 50% of finders offered to return the gadgets  30% of finders in NY return the gadgets  70% of finders in Ottawa return the gadgets  The person who returned the phone also tamper to personal information
Studies show  50% of smartphone users do not have password-protect their phones  “Convenience” supersedes “Security”  100% of those who lost their phones never thought they would  After 1 phone lost, behavior changes
The Common Fails!  Lost  Free WiFi lovers  Stolen  Lots of apps  Left unattended (trusted/untrusted)  No passcode  Location service protected  Just click  Full time WiFi on and with “Auto connect”
Common Mobile Spyware Features  Call Log  Cell ID Locations  Each incoming and outgoing number is logged  ID information on all cell towers that the along with duration and time stamp. device enters into range of is recorded. SMS (Text Messages) Log E-Mail Log  Every text message is logged even if the phone's  All inbound & outbound email activity from the logs are deleted. Includes full text. primary email account is recorded. GPS Locations Log Calendar Events  GPS postions are uploaded every thirty minutes  Every calendar event is logged. Date, time, with a link to a map. and locations are recorded. Contacts URL (Website) Log  Every contact on the phone is logged. New  All URL website addresses visited using the contacts added are also recorded. phone's browser are logged. Tasks Photo & Video Log  All personal tasks that are created are logged  All photos & videos taken by the phone are and viewable. recorded & are viewable. Memos  Every memo input into the phone is logged and viewable.
ดักฟั งการสนทนา
Mobile device + Camera + GPS + social media = ? ่ ้ โปรแกรมถ่ายรูปบนมือถือ ทีใชอยู่ บอก ข ้อมูลอย่างอืนด ้วยหรือ ?? ่ Exif Meta Data ความเสยงี่ - ถูกติดตามได ้จากใครก็ได ้ แฟนคลับ ?? ี - มิจฉาชพ ผู ้ไม่หวังดี ?? - ขบวนการค ้ามนุษย์
SSL Strip  https > http  https (without awareness) = http  Man-in-the-Middle Attack http://surajonunix.wordpress.com/2012/02/24/man-in-the-middle-using-ssl- strip/
Free WiFi…Are you sure ?
There are ways to compromise your mobile device 18
Where is your business data? 76% of smartphone and tablet users access business information on their mobile devices. Source: globalthreatcenter.com Where to draw the line? Corporate Data/App Personal Devices
One phone for personal and one for work?  unlikely
Take Control and Respect Privacy Mixture Environment Corporate Personal owned issued devices Corporate Data/App devices Personal Data/App 21
Facts about Consumerization 600 surveys US, DE, JP June 2011 Source: Cesare Garlati @ Trend Micro
Take The Balance Security Risk  IT Risk  Business Risk Business SECURITY Enablement
Solution  Administrative Control – Corporate policy – Standard/Guideline – Process/Procedure  Physical Control –Tools  Logical Control –Tools ISACA, BMIS (Business Model for Information Security
ISO27001 Compliance Requirement A.7 Asset management A.7.2 Information classification A.9 Physical and environmental security A.9.2 Equipment security A.9.2.5 Security of equipment off-premises A.9.2.6 Secure disposal or re-use of equipment A.11 Access control A.11.7 Mobile computing and teleworking A.11.7.1 Mobile computing and communications A.11.7.2 Teleworking
Tool to use for controlling mobile devices in enterprise MDM Mobile Device Management 26
www.cdicconfere n ce. c om Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” 27
28
URGENT: End-to-End Mobile Security Framework
Example of Policy Implementation
Example of Policy Implementation
10 Questions to ask 1. Does your solution feature end-to-end security across mobile devices, apps, the network, and data? 2. Beyond setting security policies, does your solution give me the option to set dynamic, context-aware policies? 3. Beyond application security and access policies, does your MDM solution let me grant granular access to mobile apps on an app-by-app basis, and can I segregate my critical business apps from non-compliant or potentially malicious apps? 34
10 Questions to ask 4. Can your solution monitor and profile mobile network traffic and user behavior, and can we integrate it with our Security Information and Event Management (SIEM) solution? 5. If we use your MDM solution, can our IT department support employee devices remotely? 6. Is your solution architected for security, and will my data reside behind my firewall? 35
10 Questions to ask 7. Can your solution scale to support multiple locations and all of my employees? Tell me about your largest deployment (size, hardware required to support), and how many large production deployments do you have, and how long have you had them? 8. Is your solution highly available at all tiers: web, app, data, and, in the case of cloud, at the data center? Do you back that up with a 100% uptime service level agreement for cloud? 9. Does your solution feature flexible deployment options? 36
10 Questions to ask 10. Does your solution feature Mobile Data Leakage Prevention, or prevent leakage of my sensitive business data via mobile devices? 37
www.cdicconfere n ce. c om Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” 39
Intelligence-driven security 40
Intelligence-driven security 41
www.cdicconfere n ce. c om Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” 42
43
The Need for Best-of-Breed 44
To Look For 45
Key Questions  Key challenge of network security today?  Network awareness?  Building perimeter around data?  Intelligent-driven security?  Network intelligence into business intelligence?  How to analyze encrypted/obfuscated traffic? 46
Conclusion  The war continues  The bad guys are still out there  Technology changes, strategy changes  If you are out of the speed, you will lose 47
www.cd iccon f e r en c e.c o m Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” © 2012 S-Generation Co., Ltd.
Please visit h t t p : / / w w w. S - G E N E R AT I O N . c o m for more information Thank You www.cdicconference.com 49

Recomendados

Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attackyennhi2812
 
Cyber security
Cyber securityCyber security
Cyber securitycolebassett
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizationsOPSWAT
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-managementMark Gibson
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsJim Kaplan CIA CFE
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber securitySandip Juthani
 

Recomendados

Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attackyennhi2812
 
Cyber security
Cyber securityCyber security
Cyber securitycolebassett
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizationsOPSWAT
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-managementMark Gibson
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsJim Kaplan CIA CFE
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber securitySandip Juthani
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Mobile security
Mobile securityMobile security
Mobile securityCyberoamAcademy
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
Mobile security
Mobile securityMobile security
Mobile securityhome
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018joshquarrie
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
Cyber security
Cyber securityCyber security
Cyber securitySakib Sami
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack MethodologiesGeeks Anonymes
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityJamshidRaqi
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects HelpNetwork Simulation Tools
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
Current Emerging Threats
Current Emerging ThreatsCurrent Emerging Threats
Current Emerging Threatsdnomura
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
Digital Security
Digital Security Digital Security
Digital Security MCMAUP01
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of SecurityVeracode
 
Cloud Security by CK
Cloud Security by CKCloud Security by CK
Cloud Security by CKNarinrit Prem-apiwathanokul
 
IMC: risk base security
IMC: risk base securityIMC: risk base security
IMC: risk base securityNarinrit Prem-apiwathanokul
 

Más contenido relacionado

La actualidad más candente

Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
Mobile security
Mobile securityMobile security
Mobile securityhome
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018joshquarrie
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
Cyber security
Cyber securityCyber security
Cyber securitySakib Sami
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack MethodologiesGeeks Anonymes
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
Current Emerging Threats
Current Emerging ThreatsCurrent Emerging Threats
Current Emerging Threatsdnomura
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
Digital Security
Digital Security Digital Security
Digital Security MCMAUP01
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of SecurityVeracode
 

La actualidad más candente (20)

Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Mobile security
Mobile securityMobile security
Mobile security
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects Help
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber security
 
Current Emerging Threats
Current Emerging ThreatsCurrent Emerging Threats
Current Emerging Threats
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
 
Digital Security
Digital Security Digital Security
Digital Security
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of Security
 

Destacado

Vp Leadership And Organizational Development
Vp Leadership And Organizational DevelopmentVp Leadership And Organizational Development
Vp Leadership And Organizational DevelopmentAudianDunahm
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...KYAW THU WIN
 
Myanmar _ Investment Guide - Book 1 (ENG)
Myanmar _ Investment Guide - Book 1 (ENG)Myanmar _ Investment Guide - Book 1 (ENG)
Myanmar _ Investment Guide - Book 1 (ENG)Dr. Oliver Massmann
 

Destacado (12)

Cloud Security by CK
Cloud Security by CKCloud Security by CK
Cloud Security by CK
 
IMC: risk base security
IMC: risk base securityIMC: risk base security
IMC: risk base security
 
SecurityExchange2009-Key Note
SecurityExchange2009-Key NoteSecurityExchange2009-Key Note
SecurityExchange2009-Key Note
 
Chaiyakorn
ChaiyakornChaiyakorn
Chaiyakorn
 
IT Security EBK2008 Summary
IT Security EBK2008 SummaryIT Security EBK2008 Summary
IT Security EBK2008 Summary
 
Vp Leadership And Organizational Development
Vp Leadership And Organizational DevelopmentVp Leadership And Organizational Development
Vp Leadership And Organizational Development
 
Introduction to INFOSEC Professional
Introduction to INFOSEC ProfessionalIntroduction to INFOSEC Professional
Introduction to INFOSEC Professional
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
Addressing CIP
Addressing CIPAddressing CIP
Addressing CIP
 
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
 
Myanmar _ Investment Guide - Book 1 (ENG)
Myanmar _ Investment Guide - Book 1 (ENG)Myanmar _ Investment Guide - Book 1 (ENG)
Myanmar _ Investment Guide - Book 1 (ENG)
 

Similar a Tt 06-ck

The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Andris Soroka
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Advanced monitoring
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET Journal
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantVladimir Jirasek
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Kaspars Petersons - BYOD - more like BYOP
Kaspars Petersons - BYOD - more like BYOPKaspars Petersons - BYOD - more like BYOP
Kaspars Petersons - BYOD - more like BYOPDevConFu
 
Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享m12016changTIIMP
 
Symantec AppCenter Webinar.pptx
Symantec AppCenter Webinar.pptxSymantec AppCenter Webinar.pptx
Symantec AppCenter Webinar.pptxArrow ECS UK
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxvoversbyobersby
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
BYOD - Bring Your Own Device
BYOD - Bring Your Own DeviceBYOD - Bring Your Own Device
BYOD - Bring Your Own DeviceRihab Chebbah
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxmariuse18nolet
 

Similar a Tt 06-ck (20)

The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot security
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Kaspars Petersons - BYOD - more like BYOP
Kaspars Petersons - BYOD - more like BYOPKaspars Petersons - BYOD - more like BYOP
Kaspars Petersons - BYOD - more like BYOP
 
AD-MPEX-BRO-09Dec2014
AD-MPEX-BRO-09Dec2014AD-MPEX-BRO-09Dec2014
AD-MPEX-BRO-09Dec2014
 
Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享
 
Sophos
SophosSophos
Sophos
 
Symantec AppCenter Webinar.pptx
Symantec AppCenter Webinar.pptxSymantec AppCenter Webinar.pptx
Symantec AppCenter Webinar.pptx
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
BYOD - Bring Your Own Device
BYOD - Bring Your Own DeviceBYOD - Bring Your Own Device
BYOD - Bring Your Own Device
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
Recent trends in cloud computing articles
Recent trends in cloud computing articlesRecent trends in cloud computing articles
Recent trends in cloud computing articles
 

Más de Narinrit Prem-apiwathanokul

Infosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandInfosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandNarinrit Prem-apiwathanokul
 

Más de Narinrit Prem-apiwathanokul (6)

How to address C-Level properly?
How to address C-Level properly?How to address C-Level properly?
How to address C-Level properly?
 
Infosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandInfosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For Thailand
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
 
CCA Preparation for Organization
CCA Preparation for OrganizationCCA Preparation for Organization
CCA Preparation for Organization
 

Último

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxdhanalakshmis0310
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 

Último (20)

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 

Tt 06-ck

  • 1. www.cdicconfere n ce. c om Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” รับมือภัยยุคใหม่ดวย ้ MDM และ Deep Network Traffic Analysis อ.ไชยกร อภิวฒโนกุล ั CISSP, CSSLP, GCFA, (IRCA:ISMS) Chief Executive Officer, S-Generation Co., Ltd. Committee, Thailand Information Security Association (TISA)
  • 2. Name: Chaiyakorn Apiwathanokul ไชยกร อภิวัฒโนกุล Title: Chief Executive Officer Company: S-GENERATION Company Limited Asia Forensic Hub Company Limited Certificates: CISSP, CSSLP, IRCA:ISMS (ISO27001), SANS:GCFA • CSO ASEAN Award 2010 by Ministry of Information and Communications and Ministry of Public Security, Vietnam • 2010 Asia-Pacific Information Security Leadership Achievements (ISLA) by (ISC)2, Honoree in the Senior Information Security Professional category • Security Sub-commission under Thailand Electronic Transaction Commission (ET Act B.E. 2544) • Contribute to Thailand Cyber Crime Act B.E.2550 • Workgroup for CA service standard development • Committee of national standard adoption of ISO27001/ISO27002 • Committee of Thailand Information Security Association (TISA) • Committee of Cybersecurity workforce development, Division of Skill Development, Ministry of Labour chaiyakorna@hotmail.com • Advisor to Department of Special Investigation (DSI) • Advisor to Ministry of Defense, Cyber Operation Center 1997 1999 2000 2004 2006 2011
  • 3. Press Release “ปั จจุบันโทรศัพ ท์มอ ถือกลายเป็ นปั จ จั ยพื้นฐานทีสาคัญสาหรั บหลายๆ คน ื ่ นอกจากจะใชเป็ นโทรศัพท์แล ้ว ยังเป็ นเสมือนเครืองคอมพิวเตอร์เล็ กๆ ทีม ี ้ ่ ่ ิ ่ ่ ้ ื่ ่ ประสทธิภาพสูงเครืองหนึงทีใชในการเชอมต่อเข ้าสูโลกอินเทอร์เน็ ต สามารถ ่ ท ากิจ กรรมหลากหลายทั ง ส ่ว นตั ว เรื่อ งงาน และธุ ร กรรมต่ า งๆ จึง ท าให ้ ้ โทรศัพ ท์มอ ถือ กลายเป็ นเป้ าหมายใหม่ทสาคัญสาหรั บด ้านมืด ของโลกไซ ื ี่ ั เบอร์ เพราะโทรศพท์มอถือในปั จจุบันแทบไม่ตางอะไรกับเครือง PC เครือง ื ่ ่ ่ หนึงเลย เพียงแต่ขนาดเล็กลงและสามารถพกพาไปได ้อย่างสะดวกบนฝ่ ามือ ่ ่ ั จึงนาไปสูคาถามว่าแล ้วโทรศพท์มอถือเหล่านี้ได ้รับการปกป้ องคุ ้มครองจาก ื ่ ่ ่ ภัยต่างๆ เหมือนกับทีเราปกป้ องเครือง PC ของเราหรือไม่ เชน การ patch OS, โปรแกรมป้ องกันไวรัส และ ไฟร์วอล ทีป้องกันไม่ให ้เครืองเราถูกโจมตี ่ ่ ่ หรือสงข ้อมูลจากเครืองของเราออกไปโดยทีเราไม่รู ้ตัว” ่ ่ ... ไชยกร อภิวัฒโนกุล
  • 4. Agenda  Mobile challenges for enterprises  What to look for in MDM solution  Advanced threats over the network  Advanced tool for advanced analysis 4
  • 5. www.cdicconfere n ce. c om Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” 5
  • 6. Simple Questions  Do you LOCK your mobile device?  Do you have Anti-malware installed?  How many Apps in you device?  Are them all Trustworthy?  Have you ROOTED/Jail-broken your device? 6
  • 7. The 'lost' cell phone project  What would you do if you found a smartphone?  Symantec researchers intentionally drop 50 smartphones in 5 cities  Some traps and tracking apps were installed to observe the behavior of the phone finders  Contact, banks info, HR files, saved password http://digitallife.today.msnbc.msn.com/_news/2012/03/08/10595092-exclusive-the-lost-cell-phone-project-and-the-dark-things-it-says-about-us
  • 8. This map shows where one finder moved the phone; a chart on the right shows what apps and files were accessed.
  • 9. Findings  43% of finders clicked on an app labeled "online banking.“  53% clicked on a filed named "HR salaries."  57% opened a file named "saved passwords”  60% checked on social networking tools and personal e-mail  72% tried on folder labeled "private photos”
  • 10. Findings  89% of finders clicked on something they probably shouldn't have.  Only 50% of finders offered to return the gadgets  30% of finders in NY return the gadgets  70% of finders in Ottawa return the gadgets  The person who returned the phone also tamper to personal information
  • 11. Studies show  50% of smartphone users do not have password-protect their phones  “Convenience” supersedes “Security”  100% of those who lost their phones never thought they would  After 1 phone lost, behavior changes
  • 12. The Common Fails!  Lost  Free WiFi lovers  Stolen  Lots of apps  Left unattended (trusted/untrusted)  No passcode  Location service protected  Just click  Full time WiFi on and with “Auto connect”
  • 13. Common Mobile Spyware Features  Call Log  Cell ID Locations  Each incoming and outgoing number is logged  ID information on all cell towers that the along with duration and time stamp. device enters into range of is recorded. SMS (Text Messages) Log E-Mail Log  Every text message is logged even if the phone's  All inbound & outbound email activity from the logs are deleted. Includes full text. primary email account is recorded. GPS Locations Log Calendar Events  GPS postions are uploaded every thirty minutes  Every calendar event is logged. Date, time, with a link to a map. and locations are recorded. Contacts URL (Website) Log  Every contact on the phone is logged. New  All URL website addresses visited using the contacts added are also recorded. phone's browser are logged. Tasks Photo & Video Log  All personal tasks that are created are logged  All photos & videos taken by the phone are and viewable. recorded & are viewable. Memos  Every memo input into the phone is logged and viewable.
  • 15. Mobile device + Camera + GPS + social media = ? ่ ้ โปรแกรมถ่ายรูปบนมือถือ ทีใชอยู่ บอก ข ้อมูลอย่างอืนด ้วยหรือ ?? ่ Exif Meta Data ความเสยงี่ - ถูกติดตามได ้จากใครก็ได ้ แฟนคลับ ?? ี - มิจฉาชพ ผู ้ไม่หวังดี ?? - ขบวนการค ้ามนุษย์
  • 16. SSL Strip  https > http  https (without awareness) = http  Man-in-the-Middle Attack http://surajonunix.wordpress.com/2012/02/24/man-in-the-middle-using-ssl- strip/
  • 18. There are ways to compromise your mobile device 18
  • 19. Where is your business data? 76% of smartphone and tablet users access business information on their mobile devices. Source: globalthreatcenter.com Where to draw the line? Corporate Data/App Personal Devices
  • 20. One phone for personal and one for work?  unlikely
  • 21. Take Control and Respect Privacy Mixture Environment Corporate Personal owned issued devices Corporate Data/App devices Personal Data/App 21
  • 22. Facts about Consumerization 600 surveys US, DE, JP June 2011 Source: Cesare Garlati @ Trend Micro
  • 23. Take The Balance Security Risk  IT Risk  Business Risk Business SECURITY Enablement
  • 24. Solution  Administrative Control – Corporate policy – Standard/Guideline – Process/Procedure  Physical Control –Tools  Logical Control –Tools ISACA, BMIS (Business Model for Information Security
  • 25. ISO27001 Compliance Requirement A.7 Asset management A.7.2 Information classification A.9 Physical and environmental security A.9.2 Equipment security A.9.2.5 Security of equipment off-premises A.9.2.6 Secure disposal or re-use of equipment A.11 Access control A.11.7 Mobile computing and teleworking A.11.7.1 Mobile computing and communications A.11.7.2 Teleworking
  • 26. Tool to use for controlling mobile devices in enterprise MDM Mobile Device Management 26
  • 27. www.cdicconfere n ce. c om Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” 27
  • 28. 28
  • 29. URGENT: End-to-End Mobile Security Framework
  • 30.
  • 31. Example of Policy Implementation
  • 32. Example of Policy Implementation
  • 33.
  • 34. 10 Questions to ask 1. Does your solution feature end-to-end security across mobile devices, apps, the network, and data? 2. Beyond setting security policies, does your solution give me the option to set dynamic, context-aware policies? 3. Beyond application security and access policies, does your MDM solution let me grant granular access to mobile apps on an app-by-app basis, and can I segregate my critical business apps from non-compliant or potentially malicious apps? 34
  • 35. 10 Questions to ask 4. Can your solution monitor and profile mobile network traffic and user behavior, and can we integrate it with our Security Information and Event Management (SIEM) solution? 5. If we use your MDM solution, can our IT department support employee devices remotely? 6. Is your solution architected for security, and will my data reside behind my firewall? 35
  • 36. 10 Questions to ask 7. Can your solution scale to support multiple locations and all of my employees? Tell me about your largest deployment (size, hardware required to support), and how many large production deployments do you have, and how long have you had them? 8. Is your solution highly available at all tiers: web, app, data, and, in the case of cloud, at the data center? Do you back that up with a 100% uptime service level agreement for cloud? 9. Does your solution feature flexible deployment options? 36
  • 37. 10 Questions to ask 10. Does your solution feature Mobile Data Leakage Prevention, or prevent leakage of my sensitive business data via mobile devices? 37
  • 38. www.cdicconfere n ce. c om Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” 39
  • 41. www.cdicconfere n ce. c om Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” 42
  • 42. 43
  • 43. The Need for Best-of-Breed 44
  • 45. Key Questions  Key challenge of network security today?  Network awareness?  Building perimeter around data?  Intelligent-driven security?  Network intelligence into business intelligence?  How to analyze encrypted/obfuscated traffic? 46
  • 46. Conclusion  The war continues  The bad guys are still out there  Technology changes, strategy changes  If you are out of the speed, you will lose 47
  • 47. www.cd iccon f e r en c e.c o m Cyber Defense Initiative Conference 2011 20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” © 2012 S-Generation Co., Ltd.
  • 48. Please visit h t t p : / / w w w. S - G E N E R AT I O N . c o m for more information Thank You www.cdicconference.com 49