SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies
-
Upload
elets-technomedia-pvt-ltd -
Category
Documents
-
view
426 -
download
2
description
Transcript of SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies
Secure Service Delivery
Vibha AgrawalVice PresidenteGovernance
E-Governance Ecosystem
Issues• Vulnerable
Infrastructure• Unauthorized
Access• Identity Theft• Insecure/
Compromised end points
• Illiterate Citizens• Data Leakage• Weak Applications• Financial Fraud
GOI Agencie
s
State Gov
Agencies
Service Provider
s
Citizens
Business
Home PC
CSC
Cyber Cafe
Mobile
Applications
SDC/ NDC
SWAN/NICNET/ NKN
Databases
Statistics
— Insider attacks account for as much as 80% of all computer and Internet related crimes [1]
—Majority of insiders are privileged users and majority of attacks are launched from remote machines [2]
—Most of the attacks are because of the weak authentication i.e. passwords
Sources:
[1] Jim Carr. Strategies and issues: Thwarting insider attacks
[2] National Threat Assessment Center - Insider Threat Study, http://www.ustreas.gov/usss/ntac_its.shtml
Information Security is NOT Infrastructure Security
Information
Security
Infrastructure
Security
Control and Visibility
Security of NO• No Viruses• No Spywares• No Vulnerabilities• No Holes• No Intrusions
Security of KNOW• Know User• Know
Access• Know Data• Know
Activity• Know
Compliance
Securing Information Systems Systems Vulnerability and Abuse
—Security Challenges and Vulnerability
Front-end
Servers
Back-end SystemsCitizen
information security securely connecting users to data
Providing the right people with the
right access at the right time
Security Strategy and Vision
Identity
Control
Content-Aware IAM
Access
Control
Information
Control
The control you need to confidently drive business forward
across physical, virtual and cloud environments
7
Secure Service Delivery
Citizens
Department Users
Authentication &
Authorization
Data & System SecurityAccess Control
• Two Factor Authentication
• Single Sign On• Data Loss
Protection
• Data Loss Protection• Privilege User
Management• Identity Lifecycle
Management• Fraud & Risk
Management
• Fraud & Risk Management
Single Secure Credential
Secure eDocument
Strong Authentication
Digital Signing
Payment gateway integrationVPN Login
2 FA Softwa
re Token
ePramaan – A MCIT approved framework
Learning's…
—Keep it simple
—Build security in design, adding security later is complex and expensive in terms of time, labor and money
—To expect the application to cater for Security is an atrocious ask, rather we should leverage proven security products that are designed to do this job
—privileged users and insiders pose greater threat
thank you
Deepak Singla
Account Director
9990 414148
Vivek Srivastava
Account Director
9899 203 585