Pyramid of Cyber Security
-
Upload
jiri-napravnik -
Category
Internet
-
view
846 -
download
0
Transcript of Pyramid of Cyber Security
test4
PYRAMID of Cyber Security
Current rules of IT Security are not a dogma, what not works well,
it must be changed
author : Ji Npravnk [email protected]
People create software, computer viruses and Cyber security
rules
People can change this !!
author : Ji Npravnk [email protected]
PYRAMID of Cyber Security
When a child wants to ride a bike, he/ she must learn to sit, stand, walk, then hold your balance while running and only then has the chance to learn to ride a bicycle well.
In the IT environment is an important initial steps omitted.
That is the
cause of persistent problems
with IT security and data
protection.
PYRAMID of Cyber Security
Content :
IT and non-IT environment
The Three Laws of Cyber Securiry
Analysis of the source code
Methods for user login
PYRAMID of Cyber Security
IT and non-IT environmentFood, toysTesting food or toys for harmful substances
ISO 7002, ISO 6541, etc.
CarsNCAP crash tests
ISO 16949, etc.
SoftwareIn SW is a lot of mistakes. Specialist say : It is not possible to do otherwise.
In the software was hidden features - http://www.eeggs.com/tree/1119.html
PYRAMID of Cyber Security
IT and non-IT environment
Production of Food or Cars must respect the laws of nature - biology, chemistry, physics, etc.
Creating software is only human activity which does not respect the laws of nature.
Quality and security software are based only on human work
PYRAMID of Cyber Security
The current state of IT securityFirst, there was created the HW / SW market, free and uncontrolled market. After several security incidents are dealt IT security
How to solve security, today say authors SW and advisors
Cyber Security is now a business
Authors SW claims to customers that there is no other solution
PYRAMID of Cyber Security
The current state of IT Security
Flaw, Back Door is maybe the interest of creators and governments
Today there is no evidence for
or against
This is a great system error
Is time to change the Cyber Security
PYRAMID of Cyber Security
The current state of IT Security
In fact : The virus can attacks the adversary system, but can turn against its creators
Misinformation and concealment makes it difficult for revealing the actual attacker, and may be accused innocent
Revealing and description of the virus is a source of information for other virus writers
PYRAMID of Cyber Security
Corfirmation Bias
The current solution is the only possible
It is not possible to create better solutions
Users are inexperienced, inattentive. They are the greatest risk to IT
PYRAMID of Cyber Security
To whom help the change of the basics of IT and who earn on it?
Owners, CEOs, CIOs, CSIOs, users and admins
Confidence returns to IT
Changes will also help authors SW
It will also help authors of
security solutions
PYRAMID of Cyber Security
The Three Laws of Cyber Security
Basis of security
for the entire
field of IT
PYRAMID of Cyber Security
The Three Laws of Cyber Security
It will be a basic control mechanism
Compares the parameters of file from the user's computer and compares it with the same file by the author SW
This a new control mechanism is for all operating systems and
applications. Can check Desktop, Server, smartphone, tablet, SCADA
/ PLC, IoT, etc.
Can also check the firmware and all files from the upgrade.
PYRAMID of Cyber Security
The Three Laws of Cyber Security
It will be a basic check mechanism
In the users device (PC, phone, SCADA, IoT) will not be able to install a file that can not be verified
In the users device can not run the application whose parts (files and/ or libraries) can not be verified
File that changed the virus, hacker or some other error is detected quickly and can not be run on the device (PC, phone, SCADA, IoT, etc.)
PYRAMID of Cyber Security
The Three Laws of Cyber Security
PYRAMID of Cyber Security
The Three Laws of Cyber Security
Possible objections - this solutions do not solve weaknesses in the
software (operating systems or app)
YES. Reducing the number of weaknesses is the task for the
authors SW
The Three Laws of Cyber security set rules to prevent editing files by a virus or hackers
The system, which will be use The Three Laws of Cyber security, will be resistant computer viruses
PYRAMID of Cyber Security
Analysis of the source code
Analysis will contribute
to a sustained reduction
of weaknesses or close backdoor in the programs
PYRAMID of Cyber Security
Analysis of the source code
Tools for searching weaknesses in source code already
exist
Tools are becoming increasingly sophisticated
Now, in the present analysis / modernization of the source code is not mandatory. It depends on the access of SW firms
PYRAMID of Cyber Security
Analysis of the source code
There are projectsOWASP, etc.
Exist commercial solutionsCheckmarx, Klockwork, VERACODE, atd.
Now is not pressure on SW companies to carry out an analysis of the source code
PYRAMID of Cyber Security
The Three Laws of Cyber Security and
Analysis of the source code
The Three Laws of Cyber Security ensures that in the device (PC, phone, SCADA, IoT, etc.) will not run an infected or unknown program.
Analysis of the source code will help improve quality of SW. This will reduce the space through which hacker can to exploit file
PYRAMID of Cyber Security
The Three Laws of Cyber Security and
Analysis of the source code
The first and second level of the pyramid of ICT security remove virus infections and hacker attacks through bugs/ vulnerabilities in the programs.
The next level - attack using stolen username and passwordIt's a similar situation as theft and misuse of keys from an apartment or car
PYRAMID of Cyber Security
Rules for users login
In the IT environment is still talking about the fact that users use passwords that can be easily guessed
Human behavior is not easy to change
Settings of server / login are easy to change
PYRAMID of Cyber Security
Rules for users login
Weak passwordsInstead of an inexperienced user can solve the problem an experienced author and / or the system administrator
Creator of the system or administrator will always have more experience than a regular user
Creator of the system or the administrator can set restrictions that will prevent users to use weak password
PYRAMID of Cyber Security
Rules for users login
Example beyond IT - seat belts in the carUseing seat belts is uncomfortable
Many users are reluctant to use seat belts
Solution: automobile manufacturers in the new models use control on seat belts. If the driver moves off without a fastened seat belts then is heard a warning.
PYRAMID of Cyber Security
1,Basis - comparing the checksums of the files in the user's device with checksums same file from author SWThe virus has no chance of long-term work in the user's device
2, The next level - Analysis of the source code of software, especially operating systemsVirus or hacker does not have a chance once-times or repeatedly abused weaknesses in SW
3, Changed looking at user logonMillions of users can not be changed. A simpler is to change approach the authors of applications like the changed approach automobile manufacturers to control seat belts
Current rules of Cyber Security are not a dogma !!
IT is the technical branch. Like in mechanical or electrical engineering, it is possible to change the outdated solutions.
It is therefore possible to change the basics of the IT.
Current rules of Cyber Security are not a dogma !!
Do you really want to change the situation in the Cyber security?
Support the three laws of Cyber security and other changes associated with it.
Share the link of this presentation, or email us, thank you
Current rules of Cyber Security are not a dogma !!
Thank you for your time and interest
author : Ji Npravnk [email protected]