SlideShare una empresa de Scribd logo

Hacking Trust

Jim Geovedi
Jim Geovedi
1 de 26
HACKING TRUST IT Vendors and The Illusion of Safety
Introduction Artist Information security troublemaker Casual procrastinator http://treeatwork.blogspot.com/2008/11/interview-2-jim-geovedi.html
Overview Indonesian IT Growth Cyber Security Issues Network of Trust ISO 27001:2005 on third party services
Indonesian IT Growth
Indonesian IT Growth Market overview Projected to be worth nearly US$ 512 billion by 2012 The government is pushing for more integrated e-government development, promoting a series of infrastructure and education initiatives Financial services and banking sectors accounting for as much as 30% of total spending forecast Source: Business Monitor International
Indonesian IT Growth Computer sales Notebook sales were the main driver of PC market growth in 2007 accounted for around 60% of unit sales Computer sales (including notebooks and peripherals) will be worth an estimated US$ 1.9 billion in full year 2008 Source: Business Monitor International
Indonesian IT Growth Software For 2008, legal software sales are forecast at US$ 361 million Indonesia having one of the worst records in the world in terms of its failure to significantly reduce the software piracy rate, which was estimated at 85% by Business Software Association in 2007 Source: Business Monitor International
Indonesian IT Growth IT Services Expected to be worth US$ 500 million in 2008 Hardware deployment services remain the largest Indonesian IT service approximately 20% share Opportunities are mainly in fundamental services: system integration, support systems, training, professional services, outsourcing, and Internet services Source: Business Monitor International
Indonesian IT Growth e-Readiness Only 14% of Indonesians have Internet access (32 million users) Low telephone line density, high charges, and low PC penetration are all significant obstacles In 2007 research, only 40% of Indonesian Internet users have ever made purchases through the Internet Source: Business Monitor International
Cyber Security Issues
Cyber Security Issues General security Passwords Anti-virus software Firewalls
Cyber Security Issues Email and communication Email attachments Social networking websites SPAM Blog Blind carbon copy VoIP Digital signatures Internet messaging
Cyber Security Issues Mobile Devices Physical security Data security USB drives Wireless network Bluetooth
Cyber Security Issues Privacy Anonymity Encryption Secure erase Supplementing passwords
Cyber Security Issues Safe browsing Active contents and cookies Website certificates Internationalised Domain Name klikbca.com ≠ klikbcå.com (xn--klikbc-nua.com) Browser security settings
Cyber Security Issues Software and applications Patches Operating systems End-user license agreements
Network of Trust
Developers Operations Contractors Finance Operating Systems Marketing ISP Vendors Network Infrastructure Auditors ASP System Integrators Consultants ERP System Analysis Operations Customers Intranet Applications Spies Applications Billing Competitors Business Associations Payment Gateway Corporation Lawyers Backup Business Units Database Board of Directors Executives Planning Secretary Analysis Anti-monopoly Design Development Fair Trades Regulation Government Implementation Money Laundry Surveillance Maintenance Marketing Business Intelligence Data Mining HRD
Access Management Database Development Audit Trails Code Audit Software Updates Application Performance Review Operating Systems System Hardening Logging Performance Optimisation IT Operations Installation ISP Network Configuration Administration Network Devices Maintenance Backup
Parties involved in a typical software attack The company that sold the software The attack tool writer The attacker him/herself The owner of the network
100% of the liability shouldn't fall on the shoulders of the software vendor, just as 100% shouldn't fall on the attacker or the network owner. But today, 100% of the cost falls directly on the network owner, and that just has to stop. We will always pay for security. If software vendors have liability costs, they'll pass those on to us. It might not be cheaper than what we're paying today. But as long as we're going to pay, we might as well pay to fix the problem. Forcing the software vendor to pay to fix the problem and then pass those costs on to us means that the problem might actually get fixed.
ISO 27001:2005 on third party services
ISO 27001:2005 What's new? (compared to BS 7799:2000) 11 old controls modified,116 controls remaining, 17 new controls added — 133 controls in total 5 control objectives re-arranged, 8 new controls objectives added — 39 control objectives in total
ISO 27001:2005 What's new? Service Delivery Management Service delivery, monitoring and review of third party services, managing charges to third party services Based on BS 15000/ISO 2000
ISO 27001:2005 What's new? Improving the management of external risk Outsourcing, service providers, supplies, third parties, business partners, and customers SLAs and contracts, audits
Conclusion Information security isn't a technological problem It's economics problem Make vendors liable for security problems

Recomendados

Legal IT Article - Outsourcing - Back to the Future by Dave Cunningham july 04
Legal IT Article - Outsourcing - Back to the Future by Dave Cunningham july 04Legal IT Article - Outsourcing - Back to the Future by Dave Cunningham july 04
Legal IT Article - Outsourcing - Back to the Future by Dave Cunningham july 04
David Cunningham
 
TripleTree eDiscovery
TripleTree eDiscoveryTripleTree eDiscovery
TripleTree eDiscovery
Chris Hoffmann
 
Rawat Ibm Compliance Webinar
Rawat Ibm Compliance WebinarRawat Ibm Compliance Webinar
Rawat Ibm Compliance Webinar
Rajeev (Raj) Rawat
 
Intro to yakpact fexco prizebond team slideshare
Intro to yakpact fexco prizebond team slideshareIntro to yakpact fexco prizebond team slideshare
Intro to yakpact fexco prizebond team slideshare
Cormac Murphy
 
BI Forum 2009 - BI Mega Trends
BI Forum 2009 - BI Mega TrendsBI Forum 2009 - BI Mega Trends
BI Forum 2009 - BI Mega Trends
OKsystem
 
Hybrid Cloud, BigData and Consumerization The 2012 Trends
Hybrid Cloud, BigData and Consumerization The 2012 TrendsHybrid Cloud, BigData and Consumerization The 2012 Trends
Hybrid Cloud, BigData and Consumerization The 2012 Trends
Software Park Thailand
 
Mis 3
Mis 3Mis 3
Mis 3
Yogesh Thawait
 
Technology Trends in the Financial Service Industry
Technology Trends in the Financial Service IndustryTechnology Trends in the Financial Service Industry
Technology Trends in the Financial Service Industry
larzryan
 

Recomendados

Legal IT Article - Outsourcing - Back to the Future by Dave Cunningham july 04
Legal IT Article - Outsourcing - Back to the Future by Dave Cunningham july 04Legal IT Article - Outsourcing - Back to the Future by Dave Cunningham july 04
Legal IT Article - Outsourcing - Back to the Future by Dave Cunningham july 04
David Cunningham
 
TripleTree eDiscovery
TripleTree eDiscoveryTripleTree eDiscovery
TripleTree eDiscovery
Chris Hoffmann
 
Rawat Ibm Compliance Webinar
Rawat Ibm Compliance WebinarRawat Ibm Compliance Webinar
Rawat Ibm Compliance Webinar
Rajeev (Raj) Rawat
 
Intro to yakpact fexco prizebond team slideshare
Intro to yakpact fexco prizebond team slideshareIntro to yakpact fexco prizebond team slideshare
Intro to yakpact fexco prizebond team slideshare
Cormac Murphy
 
BI Forum 2009 - BI Mega Trends
BI Forum 2009 - BI Mega TrendsBI Forum 2009 - BI Mega Trends
BI Forum 2009 - BI Mega Trends
OKsystem
 
Hybrid Cloud, BigData and Consumerization The 2012 Trends
Hybrid Cloud, BigData and Consumerization The 2012 TrendsHybrid Cloud, BigData and Consumerization The 2012 Trends
Hybrid Cloud, BigData and Consumerization The 2012 Trends
Software Park Thailand
 
Mis 3
Mis 3Mis 3
Mis 3
Yogesh Thawait
 
Technology Trends in the Financial Service Industry
Technology Trends in the Financial Service IndustryTechnology Trends in the Financial Service Industry
Technology Trends in the Financial Service Industry
larzryan
 
Lean IT
Lean ITLean IT
Lean IT
George Sullenberger III, PMP, CSM
 
Paul Butterworth Policy Based Approach
Paul Butterworth Policy Based ApproachPaul Butterworth Policy Based Approach
Paul Butterworth Policy Based Approach
SOA Symposium
 
Guerilla Marketing of Enterprise Architecture Management
Guerilla Marketing of Enterprise Architecture ManagementGuerilla Marketing of Enterprise Architecture Management
Guerilla Marketing of Enterprise Architecture Management
Christian Kählig
 
Oracle Procurement Channel
Oracle Procurement ChannelOracle Procurement Channel
Oracle Procurement Channel
antonella Buonagurio
 
2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference
Steve Gerick
 
Enrterprise Apps Cio Summit 2009pdf
Enrterprise Apps Cio Summit 2009pdfEnrterprise Apps Cio Summit 2009pdf
Enrterprise Apps Cio Summit 2009pdf
Einat Shimoni
 
Presentation mktspl
Presentation mktsplPresentation mktspl
Presentation mktspl
Amit Tiwari
 
T-Systems Core Belief Collaboration - Portfolio
T-Systems Core Belief Collaboration - PortfolioT-Systems Core Belief Collaboration - Portfolio
T-Systems Core Belief Collaboration - Portfolio
Manuela Vrbat
 
Australia Department of Immigration and Citizenship - A Case Study on Transfo...
Australia Department of Immigration and Citizenship - A Case Study on Transfo...Australia Department of Immigration and Citizenship - A Case Study on Transfo...
Australia Department of Immigration and Citizenship - A Case Study on Transfo...
Vincent Kwon
 
JOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing Anywhere
JOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing AnywhereJOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing Anywhere
JOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing Anywhere
Congresso Internacional Energia – Políticas, Inovação e Negócios
 
Ipscf2011 I K Price Infor10 Ea Mv10 1 Roadmap
Ipscf2011 I K Price Infor10 Ea Mv10 1 RoadmapIpscf2011 I K Price Infor10 Ea Mv10 1 Roadmap
Ipscf2011 I K Price Infor10 Ea Mv10 1 Roadmap
ricardorodalves
 
E12 Sox And Identity Management
E12 Sox And Identity ManagementE12 Sox And Identity Management
E12 Sox And Identity Management
Alexandre Luna
 
Challenges financial information_systems_a_clarke
Challenges financial information_systems_a_clarkeChallenges financial information_systems_a_clarke
Challenges financial information_systems_a_clarke
Shane Dempsey
 
Distribution Automation & Grid Modernization Business Case Summit 2013
Distribution Automation & Grid Modernization Business Case Summit 2013Distribution Automation & Grid Modernization Business Case Summit 2013
Distribution Automation & Grid Modernization Business Case Summit 2013
philbrown49
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
IBM Sverige
 
MITA Beyond MMIS Presentation
MITA Beyond MMIS PresentationMITA Beyond MMIS Presentation
MITA Beyond MMIS Presentation
REMilk
 
9sept2009 iiruc
9sept2009 iiruc9sept2009 iiruc
9sept2009 iiruc
Agora Group
 
Win and Manage more Government Business with GovWin CRM
Win and Manage more Government Business with GovWin CRMWin and Manage more Government Business with GovWin CRM
Win and Manage more Government Business with GovWin CRM
marcomm2
 
Realising Enhanced Value Due To Business Network Redesign Through Extended Er...
Realising Enhanced Value Due To Business Network Redesign Through Extended Er...Realising Enhanced Value Due To Business Network Redesign Through Extended Er...
Realising Enhanced Value Due To Business Network Redesign Through Extended Er...
Donovan Mulder
 
Consolidating sap applications for improved operational costs looking at sap ...
Consolidating sap applications for improved operational costs looking at sap ...Consolidating sap applications for improved operational costs looking at sap ...
Consolidating sap applications for improved operational costs looking at sap ...
IBM India Smarter Computing
 
Hacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry BirdsHacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry Birds
Jim Geovedi
 
Hacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverHacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to Discover
Jim Geovedi
 

Más contenido relacionado

La actualidad más candente

Paul Butterworth Policy Based Approach
Paul Butterworth Policy Based ApproachPaul Butterworth Policy Based Approach
Paul Butterworth Policy Based Approach
SOA Symposium
 
Enrterprise Apps Cio Summit 2009pdf
Enrterprise Apps Cio Summit 2009pdfEnrterprise Apps Cio Summit 2009pdf
Enrterprise Apps Cio Summit 2009pdf
Einat Shimoni
 
Presentation mktspl
Presentation mktsplPresentation mktspl
Presentation mktspl
Amit Tiwari
 
JOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing Anywhere
JOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing AnywhereJOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing Anywhere
JOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing Anywhere
Congresso Internacional Energia – Políticas, Inovação e Negócios
 
Ipscf2011 I K Price Infor10 Ea Mv10 1 Roadmap
Ipscf2011 I K Price Infor10 Ea Mv10 1 RoadmapIpscf2011 I K Price Infor10 Ea Mv10 1 Roadmap
Ipscf2011 I K Price Infor10 Ea Mv10 1 Roadmap
ricardorodalves
 
E12 Sox And Identity Management
E12 Sox And Identity ManagementE12 Sox And Identity Management
E12 Sox And Identity Management
Alexandre Luna
 
Challenges financial information_systems_a_clarke
Challenges financial information_systems_a_clarkeChallenges financial information_systems_a_clarke
Challenges financial information_systems_a_clarke
Shane Dempsey
 
Distribution Automation & Grid Modernization Business Case Summit 2013
Distribution Automation & Grid Modernization Business Case Summit 2013Distribution Automation & Grid Modernization Business Case Summit 2013
Distribution Automation & Grid Modernization Business Case Summit 2013
philbrown49
 
Realising Enhanced Value Due To Business Network Redesign Through Extended Er...
Realising Enhanced Value Due To Business Network Redesign Through Extended Er...Realising Enhanced Value Due To Business Network Redesign Through Extended Er...
Realising Enhanced Value Due To Business Network Redesign Through Extended Er...
Donovan Mulder
 

La actualidad más candente (20)

Lean IT
Lean ITLean IT
Lean IT
 
Paul Butterworth Policy Based Approach
Paul Butterworth Policy Based ApproachPaul Butterworth Policy Based Approach
Paul Butterworth Policy Based Approach
 
Guerilla Marketing of Enterprise Architecture Management
Guerilla Marketing of Enterprise Architecture ManagementGuerilla Marketing of Enterprise Architecture Management
Guerilla Marketing of Enterprise Architecture Management
 
Oracle Procurement Channel
Oracle Procurement ChannelOracle Procurement Channel
Oracle Procurement Channel
 
2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference
 
Enrterprise Apps Cio Summit 2009pdf
Enrterprise Apps Cio Summit 2009pdfEnrterprise Apps Cio Summit 2009pdf
Enrterprise Apps Cio Summit 2009pdf
 
Presentation mktspl
Presentation mktsplPresentation mktspl
Presentation mktspl
 
T-Systems Core Belief Collaboration - Portfolio
T-Systems Core Belief Collaboration - PortfolioT-Systems Core Belief Collaboration - Portfolio
T-Systems Core Belief Collaboration - Portfolio
 
Australia Department of Immigration and Citizenship - A Case Study on Transfo...
Australia Department of Immigration and Citizenship - A Case Study on Transfo...Australia Department of Immigration and Citizenship - A Case Study on Transfo...
Australia Department of Immigration and Citizenship - A Case Study on Transfo...
 
JOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing Anywhere
JOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing AnywhereJOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing Anywhere
JOSÉ BASÍLIO SIMÕES - Presidente da ISA – Intelligent Sensing Anywhere
 
Ipscf2011 I K Price Infor10 Ea Mv10 1 Roadmap
Ipscf2011 I K Price Infor10 Ea Mv10 1 RoadmapIpscf2011 I K Price Infor10 Ea Mv10 1 Roadmap
Ipscf2011 I K Price Infor10 Ea Mv10 1 Roadmap
 
E12 Sox And Identity Management
E12 Sox And Identity ManagementE12 Sox And Identity Management
E12 Sox And Identity Management
 
Challenges financial information_systems_a_clarke
Challenges financial information_systems_a_clarkeChallenges financial information_systems_a_clarke
Challenges financial information_systems_a_clarke
 
Distribution Automation & Grid Modernization Business Case Summit 2013
Distribution Automation & Grid Modernization Business Case Summit 2013Distribution Automation & Grid Modernization Business Case Summit 2013
Distribution Automation & Grid Modernization Business Case Summit 2013
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
 
MITA Beyond MMIS Presentation
MITA Beyond MMIS PresentationMITA Beyond MMIS Presentation
MITA Beyond MMIS Presentation
 
9sept2009 iiruc
9sept2009 iiruc9sept2009 iiruc
9sept2009 iiruc
 
Win and Manage more Government Business with GovWin CRM
Win and Manage more Government Business with GovWin CRMWin and Manage more Government Business with GovWin CRM
Win and Manage more Government Business with GovWin CRM
 
Realising Enhanced Value Due To Business Network Redesign Through Extended Er...
Realising Enhanced Value Due To Business Network Redesign Through Extended Er...Realising Enhanced Value Due To Business Network Redesign Through Extended Er...
Realising Enhanced Value Due To Business Network Redesign Through Extended Er...
 
Consolidating sap applications for improved operational costs looking at sap ...
Consolidating sap applications for improved operational costs looking at sap ...Consolidating sap applications for improved operational costs looking at sap ...
Consolidating sap applications for improved operational costs looking at sap ...
 

Destacado

Hacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry BirdsHacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry Birds
Jim Geovedi
 
Hacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverHacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to Discover
Jim Geovedi
 
Wireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers PlaygroundWireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers Playground
Jim Geovedi
 
Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot Security
Jim Geovedi
 
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Jim Geovedi
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008
Jim Geovedi
 
Warezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingWarezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite Hacking
Jim Geovedi
 
Satellite Telephony Security
Satellite Telephony SecuritySatellite Telephony Security
Satellite Telephony Security
Jim Geovedi
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Jim Geovedi
 
Hacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionHacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT Connection
Jim Geovedi
 
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipHacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Jim Geovedi
 
Waluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaWaluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social Media
Jim Geovedi
 
Cheating the 10,000 hour rule
Cheating the 10,000 hour ruleCheating the 10,000 hour rule
Cheating the 10,000 hour rule
Jim Geovedi
 

Destacado (20)

Hacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry BirdsHacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry Birds
 
Hacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverHacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to Discover
 
Internet Worms
Internet WormsInternet Worms
Internet Worms
 
Wireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers PlaygroundWireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers Playground
 
Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot Security
 
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008
 
Warezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingWarezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite Hacking
 
Satellite Telephony Security
Satellite Telephony SecuritySatellite Telephony Security
Satellite Telephony Security
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
 
Hacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionHacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT Connection
 
The 21st Century Bank Job
The 21st Century Bank JobThe 21st Century Bank Job
The 21st Century Bank Job
 
Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?
 
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipHacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
 
Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)
 
Professional Hackers
Professional HackersProfessional Hackers
Professional Hackers
 
Waluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaWaluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social Media
 
AI & NLP pada @begobet
AI & NLP pada @begobetAI & NLP pada @begobet
AI & NLP pada @begobet
 
Cheating the 10,000 hour rule
Cheating the 10,000 hour ruleCheating the 10,000 hour rule
Cheating the 10,000 hour rule
 
IDS & Log Management
IDS & Log ManagementIDS & Log Management
IDS & Log Management
 

Similar a Hacking Trust

3 forrester - tag management state of the union
3 forrester - tag management state of the union3 forrester - tag management state of the union
3 forrester - tag management state of the union
Ensighten
 
Fussion Middleware
Fussion MiddlewareFussion Middleware
Fussion Middleware
didemtopuz
 
Enterprise Analysts And Business Analysts Companions Or Competitors
Enterprise Analysts And Business Analysts Companions Or CompetitorsEnterprise Analysts And Business Analysts Companions Or Competitors
Enterprise Analysts And Business Analysts Companions Or Competitors
Mia Horrigan
 
Building highly scalable process and rule-driven applications with JBoss Ente...
Building highly scalable process and rule-driven applications with JBoss Ente...Building highly scalable process and rule-driven applications with JBoss Ente...
Building highly scalable process and rule-driven applications with JBoss Ente...
Eric D. Schabell
 
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ie
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ieGordon baisley - eircom - Introducing the EDM role with www.softtest.ie
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ie
David O'Dowd
 
Managing the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-PManaging the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-P
Colloquium
 
M2M Billing - Comarch M2M Projects
M2M Billing - Comarch M2M ProjectsM2M Billing - Comarch M2M Projects
M2M Billing - Comarch M2M Projects
Comarch
 
Fcs Corporate
Fcs CorporateFcs Corporate
Fcs Corporate
deepu86
 

Similar a Hacking Trust (20)

E biz blueprint
E biz blueprintE biz blueprint
E biz blueprint
 
DPS: Operative Spotlight on the Changing Face of Digital Publishing Operations
DPS: Operative Spotlight on the Changing Face of Digital Publishing OperationsDPS: Operative Spotlight on the Changing Face of Digital Publishing Operations
DPS: Operative Spotlight on the Changing Face of Digital Publishing Operations
 
3 forrester - tag management state of the union
3 forrester - tag management state of the union3 forrester - tag management state of the union
3 forrester - tag management state of the union
 
Fussion Middleware
Fussion MiddlewareFussion Middleware
Fussion Middleware
 
EMC Documentum & Captiva
EMC Documentum & CaptivaEMC Documentum & Captiva
EMC Documentum & Captiva
 
Industrial Automation Services
Industrial Automation ServicesIndustrial Automation Services
Industrial Automation Services
 
The Digital Intelligence Imperative — Driving Digital Customer Experiences W...
The Digital Intelligence Imperative — Driving Digital Customer Experiences W... The Digital Intelligence Imperative — Driving Digital Customer Experiences W...
The Digital Intelligence Imperative — Driving Digital Customer Experiences W...
 
Enterprise Analysts And Business Analysts Companions Or Competitors
Enterprise Analysts And Business Analysts Companions Or CompetitorsEnterprise Analysts And Business Analysts Companions Or Competitors
Enterprise Analysts And Business Analysts Companions Or Competitors
 
Da Vinci Performance Management 4 13 09
Da Vinci Performance Management 4 13 09Da Vinci Performance Management 4 13 09
Da Vinci Performance Management 4 13 09
 
Corporate overview 2.0
Corporate overview 2.0Corporate overview 2.0
Corporate overview 2.0
 
Building highly scalable process and rule-driven applications with JBoss Ente...
Building highly scalable process and rule-driven applications with JBoss Ente...Building highly scalable process and rule-driven applications with JBoss Ente...
Building highly scalable process and rule-driven applications with JBoss Ente...
 
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ie
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ieGordon baisley - eircom - Introducing the EDM role with www.softtest.ie
Gordon baisley - eircom - Introducing the EDM role with www.softtest.ie
 
Introduction to the BPM Lifecycle
Introduction to the BPM LifecycleIntroduction to the BPM Lifecycle
Introduction to the BPM Lifecycle
 
Hexaware insurance analytics
Hexaware insurance analyticsHexaware insurance analytics
Hexaware insurance analytics
 
Indian it industry
Indian it industryIndian it industry
Indian it industry
 
Managing the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-PManaging the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-P
 
Thoughts on Utility, Grid, on demand, cloud computing and appliances
Thoughts on Utility, Grid, on demand, cloud computing and appliancesThoughts on Utility, Grid, on demand, cloud computing and appliances
Thoughts on Utility, Grid, on demand, cloud computing and appliances
 
M2M Billing - Comarch M2M Projects
M2M Billing - Comarch M2M ProjectsM2M Billing - Comarch M2M Projects
M2M Billing - Comarch M2M Projects
 
Fcs Corporate
Fcs CorporateFcs Corporate
Fcs Corporate
 
Xoriant - Financial services expertise
Xoriant - Financial services expertiseXoriant - Financial services expertise
Xoriant - Financial services expertise
 

Hacking Trust

  • 1. HACKING TRUST IT Vendors and The Illusion of Safety
  • 2. Introduction Artist Information security troublemaker Casual procrastinator http://treeatwork.blogspot.com/2008/11/interview-2-jim-geovedi.html
  • 3. Overview Indonesian IT Growth Cyber Security Issues Network of Trust ISO 27001:2005 on third party services
  • 5. Indonesian IT Growth Market overview Projected to be worth nearly US$ 512 billion by 2012 The government is pushing for more integrated e-government development, promoting a series of infrastructure and education initiatives Financial services and banking sectors accounting for as much as 30% of total spending forecast Source: Business Monitor International
  • 6. Indonesian IT Growth Computer sales Notebook sales were the main driver of PC market growth in 2007 accounted for around 60% of unit sales Computer sales (including notebooks and peripherals) will be worth an estimated US$ 1.9 billion in full year 2008 Source: Business Monitor International
  • 7. Indonesian IT Growth Software For 2008, legal software sales are forecast at US$ 361 million Indonesia having one of the worst records in the world in terms of its failure to significantly reduce the software piracy rate, which was estimated at 85% by Business Software Association in 2007 Source: Business Monitor International
  • 8. Indonesian IT Growth IT Services Expected to be worth US$ 500 million in 2008 Hardware deployment services remain the largest Indonesian IT service approximately 20% share Opportunities are mainly in fundamental services: system integration, support systems, training, professional services, outsourcing, and Internet services Source: Business Monitor International
  • 9. Indonesian IT Growth e-Readiness Only 14% of Indonesians have Internet access (32 million users) Low telephone line density, high charges, and low PC penetration are all significant obstacles In 2007 research, only 40% of Indonesian Internet users have ever made purchases through the Internet Source: Business Monitor International
  • 11. Cyber Security Issues General security Passwords Anti-virus software Firewalls
  • 12. Cyber Security Issues Email and communication Email attachments Social networking websites SPAM Blog Blind carbon copy VoIP Digital signatures Internet messaging
  • 13. Cyber Security Issues Mobile Devices Physical security Data security USB drives Wireless network Bluetooth
  • 14. Cyber Security Issues Privacy Anonymity Encryption Secure erase Supplementing passwords
  • 15. Cyber Security Issues Safe browsing Active contents and cookies Website certificates Internationalised Domain Name klikbca.com ≠ klikbcå.com (xn--klikbc-nua.com) Browser security settings
  • 16. Cyber Security Issues Software and applications Patches Operating systems End-user license agreements
  • 18. Developers Operations Contractors Finance Operating Systems Marketing ISP Vendors Network Infrastructure Auditors ASP System Integrators Consultants ERP System Analysis Operations Customers Intranet Applications Spies Applications Billing Competitors Business Associations Payment Gateway Corporation Lawyers Backup Business Units Database Board of Directors Executives Planning Secretary Analysis Anti-monopoly Design Development Fair Trades Regulation Government Implementation Money Laundry Surveillance Maintenance Marketing Business Intelligence Data Mining HRD
  • 19. Access Management Database Development Audit Trails Code Audit Software Updates Application Performance Review Operating Systems System Hardening Logging Performance Optimisation IT Operations Installation ISP Network Configuration Administration Network Devices Maintenance Backup
  • 20. Parties involved in a typical software attack The company that sold the software The attack tool writer The attacker him/herself The owner of the network
  • 21. 100% of the liability shouldn't fall on the shoulders of the software vendor, just as 100% shouldn't fall on the attacker or the network owner. But today, 100% of the cost falls directly on the network owner, and that just has to stop. We will always pay for security. If software vendors have liability costs, they'll pass those on to us. It might not be cheaper than what we're paying today. But as long as we're going to pay, we might as well pay to fix the problem. Forcing the software vendor to pay to fix the problem and then pass those costs on to us means that the problem might actually get fixed.
  • 22. ISO 27001:2005 on third party services
  • 23. ISO 27001:2005 What's new? (compared to BS 7799:2000) 11 old controls modified,116 controls remaining, 17 new controls added — 133 controls in total 5 control objectives re-arranged, 8 new controls objectives added — 39 control objectives in total
  • 24. ISO 27001:2005 What's new? Service Delivery Management Service delivery, monitoring and review of third party services, managing charges to third party services Based on BS 15000/ISO 2000
  • 25. ISO 27001:2005 What's new? Improving the management of external risk Outsourcing, service providers, supplies, third parties, business partners, and customers SLAs and contracts, audits
  • 26. Conclusion Information security isn't a technological problem It's economics problem Make vendors liable for security problems