SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies

Download SecureIT 2013 - Information Security - Vibha Agrawal, CA Technologies

Post on 28-Nov-2014




2 download

Embed Size (px)




<ul><li> 1. Secure Service DeliveryVibha AgrawalVice PresidenteGovernance </li> <li> 2. E-Governance Ecosystem Issues Vulnerable Home Infrastructure PC Applications GOI Unauthorized Access AgenciesCitizens Identity Theft CSC SDC/ NDC Insecure/ Service Cyber Providers Compromised end SWAN/NICNET/Business Cafe NKN points State Gov Illiterate Citizens Mobile Databases Agencies Data Leakage Weak Applications Financial Fraud </li> <li> 3. Statistics Insider attacks account for as much as 80% of all computer and Internet related crimes [1] Majority of insiders are privileged users and majority of attacks are launched from remote machines [2] Most of the attacks are because of the weak authentication i.e. passwordsSources:[1] Jim Carr. Strategies and issues: Thwarting insider attacks[2] National Threat Assessment Center - Insider Threat Study, </li> <li> 4. Information Security is NOT Infrastructure SecuritySecurity of KNOW Security of NO Know User No Viruses Know Access No Spywares Know Data No Vulnerabilities Know Activity No Holes Know Information Infrastructure No Intrusions Compliance Security Security Control and Visibility </li> <li> 5. Securing Information Systems Systems Vulnerability and Abuse Security Challenges and Vulnerability Front-end Back-end Citizen Servers Systems </li> <li> 6. information securitysecurely connecting users to data Providing the right people with the right access at the right time </li> <li> 7. Security Strategy and Vision Control Control Control Identity Access Information Content-Aware IAM The control you need to confidently drive business forward across physical, virtual and cloud environments7 </li> <li> 8. Secure Service DeliveryAuthentication Access Control Data &amp; System Security&amp; AuthorizationDepartment Users Citizens Data Loss Protection Privilege User Management Two Factor Identity Lifecycle Management Authentication Fraud &amp; Risk Management Fraud &amp; Risk Management Single Sign On Data Loss Protection </li> <li> 9. Single Secure Credential VPN Login Payment gateway integration Strong Authentication 2 FA Secure Software Digital Signing eDocument Token </li> <li> 10. ePramaan A MCIT approved framework </li> <li> 11. Learnings Keep it simple Build security in design, adding security later is complex and expensive in terms of time, labor and money To expect the application to cater for Security is an atrocious ask, rather we should leverage proven security products that are designed to do this job privileged users and insiders pose greater threat </li> <li> 12. thank youDeepak Singla Vivek SrivastavaAccount Director Account Director9990 414148 9899 203 585 </li> </ul>