Scribd Logo
Upload

Welcome to Scribd!

  • Securing The Digital Economy - Presentation

    Uploaded by

    valym
    57 views16 pages
    Attacks may gain the victim's trust by posing as a friend. "123456" also topped a similar chart based on statistical analysis of 10,000 Hotmail passwords published in October, 2009. The most popular password is.

    Original Description:

    Original Title

    Securing the Digital Economy_presentation

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Attacks may gain the victim's trust by posing as a friend. "123456" also topped a similar chart based on statistical analysis of 10,000 Hotmail passwords published in October, 2009. The most popular password is.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    57 views16 pages

    Securing The Digital Economy - Presentation

    Uploaded by

    valym
    Attacks may gain the victim's trust by posing as a friend. "123456" also topped a similar chart based on statistical analysis of 10,000 Hotmail passwords published in October, 2009. The most popular password is.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 16

    Securing the Digital

    Economy
    Valentin P. MĂZĂREANU, Phd Alina MARIN, PhD student

    The Faculty of Economics and Business Administration


    “Alexandru Ioan Cuza University” from Iasi
    SPAM (SPIM & SPIT) Malicious programs type virus

    Worm
    Trojan horse
    Backdoor
    Spyware attacks and keyloggers

    Snooping or Sniffing
    Spoofing
    Logic Bombs

    Unauthorized modification of information


    Phishing
    stored in different environments

    Hacking and Cracking


    Denial of service
    Theft and distribution of
    confidential or personal data
    Clickjacking

    The World We Live In


    Attackers may gain the victim’s trust
    by posing as a friend.

    We Love Facebook ... SCAM


    Following (HACHED)
    Tweets to Malware

    Followers

    Retweet

    Twitter ... aware


    Targeted Applications in 2009
    Source: FSecure

    Applications Vulnerability
    Based on the analysis of 32 million breached passwords
    (RockYou.com )

    the same password “123456” also topped a


    similar chart based on statistical analysis of
    10,000 Hotmail passwords published in October, 2009.

    And The Most Popular Password Is...


    Proxy Proxy

    SIP

    BYE

    Elena Radu

    - Interception
    - Redirecting
    - Calling with different number
    Hacker
    - Joke: bip every 5 minutes, lasting 5 years
    - Call interrupted / Call abandoned

    Snnifing Through VoIP


    see the address

    see the REAL address

    We Are Phishing YOU!


    See the address
    (IT’s REAL and it’s httpS)

    UPS! Where is the


    Secured Sign

    We Are Spoofing YOU, too!


    Mijloace de contact furnizate de bancă pe pagina de contact

    11%
    6% email tip "office@"
    38%
    alte forme de adrese de email
    alte mijloace de contact
    email tip "centrala@"
    31%
    email tip "info@"
    14%

    July, 2008
    Obs. office@hvblocuinte.ro (as image) but still office@...

    SPAM (how to)


     Protocols (HTTPS, SET, SSL, SPA)

     VPNs

     Cryptography

     Biometry

     Behaviometry

     Smart Cards

    Securing Transaction
    OBJECTIVES - ASSETS – NO CONTROLS? = VULNERABILITY - RISK

    Auto Industry
     Confidentiality of the plans  access control policy;
    Pension System
    •ASSET  Integrity of data about employee  access control policy in
    order to keep the data for a long term;
    Ticketing System
     Availability of the system  business continuity plans;

    - intentional and unintentional errors


    •VULNERABILITY - “GIGO” phenomenon
    - arrogance / ignorance / fear

    - IDEAL: scenarios for the relation above


    - REALITY:
    - no scenarios;
    •RISC - no statistical data;
    - risks are complex (see human nature)
     Risk Management is Required

    Security Means Risk Management


     Ex. Project Management Institute, Software
    Engineering Institute, Barry Boehm, COBIT,
    AS/NZS 4360:2004, BIS, The Orange Book,
    COSO, ISO 31000 etc.
    1. planificarea managementului riscului (analiza
    mediului intern și extern);
    2. identificarea riscului;
    3. analiza cantitativă a riscului;
    4. analiza calitativă a riscului;
    5. planificarea răspunsului la risc (dezvoltare &
    implementare);
    6. monitorizarea şi controlul riscului.
    ▪ riscuri vechi & riscuri noi
    ▪ comunicarea despre risc
    Models of Risk Management
     User Awareness !!!

     Risk Management Culture before Risk


    Management Standard

     Do not try to untie the Gordian Knot! Cut


    It! (adapt risk management models to you
    not your organization to models)

    Conclusions
     Thank you and PRMIA promo (see next
    slide)

    Thank you!
     PRMIA Bucharest Chapter INVITES YOU

     19 of March 2010, Iasi


    ◦ OPERATIONAL RISK – PET OR BEAST?
    ◦ Operational Risk Management Workshop, with
    Hansruedi Schütter, Executive Director, Asia and
    Middle East for RiskBusiness International Ltd.

     12 of March 2010, Bucharest


    ◦ Liquidity Risk Management Global Event Series with
    Edward Bace from European Bank for
    Reconstruction and Development and Mr. Andrei
    Ratiu from Ernst&Young Romania

    The Professional Risk Manager’s


    International (PRMIA) Association

    You might also like