Pyramid of Cyber Security

test4

PYRAMID of Cyber Security

Current rules of IT Security are not a dogma, what not works well, it must be changed

author : Ji Npravnk [email protected]

People create software, computer viruses and Cyber security rules

People can change this !!



When a child wants to ride a bike, he/ she must learn to sit, stand, walk, then hold your balance while running and only then has the chance to learn to ride a bicycle well.

In the IT environment is an important initial steps omitted. That is the
cause of persistent problems
with IT security and data
protection.


Content :

IT and non-IT environment

The Three Laws of Cyber Securiry

Analysis of the source code

Methods for user login


IT and non-IT environmentFood, toysTesting food or toys for harmful substances

ISO 7002, ISO 6541, etc.

CarsNCAP crash tests

ISO 16949, etc.

SoftwareIn SW is a lot of mistakes. Specialist say : It is not possible to do otherwise.

In the software was hidden features - http://www.eeggs.com/tree/1119.html


IT and non-IT environment

Production of Food or Cars must respect the laws of nature - biology, chemistry, physics, etc.

Creating software is only human activity which does not respect the laws of nature.

Quality and security software are based only on human work


The current state of IT securityFirst, there was created the HW / SW market, free and uncontrolled market. After several security incidents are dealt IT security

How to solve security, today say authors SW and advisors

Cyber Security is now a business

Authors SW claims to customers that there is no other solution


The current state of IT Security

Flaw, Back Door is maybe the interest of creators and governments

Today there is no evidence for
or against

This is a great system error

Is time to change the Cyber Security


The current state of IT Security

In fact : The virus can attacks the adversary system, but can turn against its creators

Misinformation and concealment makes it difficult for revealing the actual attacker, and may be accused innocent

Revealing and description of the virus is a source of information for other virus writers


Corfirmation Bias

The current solution is the only possible

It is not possible to create better solutions

Users are inexperienced, inattentive. They are the greatest risk to IT


To whom help the change of the basics of IT and who earn on it?

Owners, CEOs, CIOs, CSIOs, users and admins

Confidence returns to IT

Changes will also help authors SW

It will also help authors of
security solutions


The Three Laws of Cyber Security

Basis of security
for the entire
field of IT



It will be a basic control mechanism

Compares the parameters of file from the user's computer and compares it with the same file by the author SW

This a new control mechanism is for all operating systems and applications. Can check Desktop, Server, smartphone, tablet, SCADA / PLC, IoT, etc.
Can also check the firmware and all files from the upgrade.



It will be a basic check mechanism

In the users device (PC, phone, SCADA, IoT) will not be able to install a file that can not be verified

In the users device can not run the application whose parts (files and/ or libraries) can not be verified

File that changed the virus, hacker or some other error is detected quickly and can not be run on the device (PC, phone, SCADA, IoT, etc.)





Possible objections - this solutions do not solve weaknesses in the software (operating systems or app)

YES. Reducing the number of weaknesses is the task for the authors SW

The Three Laws of Cyber security set rules to prevent editing files by a virus or hackers

The system, which will be use The Three Laws of Cyber security, will be resistant computer viruses



Analysis will contribute
to a sustained reduction
of weaknesses or close backdoor in the programs



Tools for searching weaknesses in source code already exist

Tools are becoming increasingly sophisticated

Now, in the present analysis / modernization of the source code is not mandatory. It depends on the access of SW firms



There are projectsOWASP, etc.

Exist commercial solutionsCheckmarx, Klockwork, VERACODE, atd.

Now is not pressure on SW companies to carry out an analysis of the source code


The Three Laws of Cyber Security and

The Three Laws of Cyber Security ensures that in the device (PC, phone, SCADA, IoT, etc.) will not run an infected or unknown program.

Analysis of the source code will help improve quality of SW. This will reduce the space through which hacker can to exploit file


The Three Laws of Cyber Security and

The first and second level of the pyramid of ICT security remove virus infections and hacker attacks through bugs/ vulnerabilities in the programs.

The next level - attack using stolen username and passwordIt's a similar situation as theft and misuse of keys from an apartment or car


Rules for users login

In the IT environment is still talking about the fact that users use passwords that can be easily guessed

Human behavior is not easy to change

Settings of server / login are easy to change



Weak passwordsInstead of an inexperienced user can solve the problem an experienced author and / or the system administrator

Creator of the system or administrator will always have more experience than a regular user

Creator of the system or the administrator can set restrictions that will prevent users to use weak password



Example beyond IT - seat belts in the carUseing seat belts is uncomfortable

Many users are reluctant to use seat belts

Solution: automobile manufacturers in the new models use control on seat belts. If the driver moves off without a fastened seat belts then is heard a warning.


1,Basis - comparing the checksums of the files in the user's device with checksums same file from author SWThe virus has no chance of long-term work in the user's device

2, The next level - Analysis of the source code of software, especially operating systemsVirus or hacker does not have a chance once-times or repeatedly abused weaknesses in SW

3, Changed looking at user logonMillions of users can not be changed. A simpler is to change approach the authors of applications like the changed approach automobile manufacturers to control seat belts

Current rules of Cyber Security are not a dogma !!

IT is the technical branch. Like in mechanical or electrical engineering, it is possible to change the outdated solutions.

It is therefore possible to change the basics of the IT.


Do you really want to change the situation in the Cyber security?

Support the three laws of Cyber security and other changes associated with it.

Share the link of this presentation, or email us, thank you


Thank you for your time and interest


Pyramid of Cyber Security

Internet

Transcript of Pyramid of Cyber Security