Informacijska ili kibernetska sigurnost
Download
Report
Transcript Informacijska ili kibernetska sigurnost
Kriminalitet u kibernetskom prostoru
Suvremene oblike
Igor Bernik, Univerza v Mariboru, Fakulteta za varnostne vede
Informacijska ili kibernetska sigurnost
evolucija ili revolucija
Revolucija infrastrukture
Eksplozija podataka
Stalno uključen, stalno priključen u kibernetski prostor
Buduče financije - cash ili e-payment, substituti?
Nove, strože regulacije i standardi
Više interneta – zemlja nije jedna, zemlja je više?
Novi modeli identitete i poverenja? (new identity and
trust models)
Kibernetski kriminalitet
u modernom svjetu
Institucije i zakonodaja, medžunarodna usaglašenost
Izvršioci kibernetskog kriminala, motivi, klasifikacija
izvršioca
Kibernetička infrastruktura za vršenje različitih krivičnih
djela
Zaštita sistema od napada
Novi pojavni oblici kibernetskog kriminaliteta
Strah pred kibernetskim kriminalitetom
Istraživanje kibernetskog kriminaliteta
Introduction of topic
What do we understand as cybercrime
What is particularly ‘cyber’ about it?
We belive: Criminal acts is punishable by law.
For most of criminal acts conducted in cyberspace
we use ’classic legislation’ (theft, abuse, child
pornograpy, etc.).
Cybercrime is the use of information technology
to carry criminal acts.
Guidelines
To ensure protection against cyber criminals, to
reduce endangerment and avoid possible
consequences, it is important to adhere to the
following basic guidelines:
Be careful when opening links received by e-mail
(Trojan horse malware, phishing etc.).
Be aware that your personal data can be used to
profile your activities, thus making you vulnerable to
manipulation and/or identity theft.
Try to check the identity of anyone who wishes to
acquire your personal data.
Be careful which data and software application you
load onto your computer or mobile device. Some
applications enable theft of personal or business
data.
Guidelines, cont.
Make sure that your anti-virus program is regularly
updated and that a firewall is installed.
Protect your passwords, and take notice of anyone who
is shoulder surfing while you type them in.
Periodically change your passwords, choose “strong”
passwords.
Most importantly: use your common sense.
Informing and educating about the dangers of cyber
crime must become widespread, common and
continuous at all level of society.
Users will know how to use this technology rationally
and responsible, and will not be afraid of it.
Conclusion
Users are relatively well informed about the
various types of cybercrime, but the public is more
aware of threats exposed by the news media, than
of those from which they should truly protect
themselves.
Better security and thus greater safety can only be
ensured, if users conduct themselves responsibly
in cyberspace.
Lack of understanding translates into
inadequate security.
Informacijska i(li) kibernetska borba
poznato ili novo dogadganje
Informacije i kibernetski prostor, snaga informacija i informacijski
konflikt
Tehnike, izvršioci i žrtve informacijske borbe
Državno izvajanje informacijske borbe, špijunaža, aktivna borba,
asimetrična, borba, informacijske operacije, propaganda
Uloga organizacija i industrijska špijunaža
Uloga država v informacijskem bojevanju; SAD, Kineska, Rusija,
Izrael, ... položaj malih zemalja
Medžunarodna zakonodavstvo, odbrana
Političko i ideološko motivirane grupe
ICT and Internet
Crucial operations
Daily work
Business
Economic loss,
physical impact
Cyber crime
Information warfare
Information warfare
Information warfare = warfare for information power.
Right information are basic capital of arganization!?
Military, state, organizational and NGOs.
Asimetric warfare.
Nature of information warfare
STATE IW
Espionage (Echelon)
Kinetic war (NCW, GIG)
Information operations
Propaganda
CORPORATE IW
Harassment
Industrial espionage
CIVIL IW
Cyber terrorism
Hacktivism
ECD
Animal, environment
rights group
Recommendations for counterfeiting
1. Information security politics should consider ISO standards.
2. Implementation of latest technology.
3. National strategy of information (cyber) security.
4. Mandatory information security standards for all organizations.
5. Safety classifications of valuable information.
6. International cooperation.
What needs to be done for improvement?
National level
1. Universal definition.
2. Definition of acceptable usage of ICT.
3. International harmonization.
4. Abolish legal constraints.
5. Trained law agencies.
Organizational level:
1. Business ethics.
2. Security awareness.
3. Data classification and personal limitation.
4. Risk management and uninterrupted business.
Further research: understanding, protection.
Kibernetski terorizam
šta je kibernetskog u terorizmu
Kibernetksi terorizam ili klasički kibenetksi kriminalitet
Nivoi kibernetskog terorizma, kibernetski prostor i
terorističke akcije
Izvršioci klasičkog kibernetskog kriminaliteta i teroristi
»Risk management« na področju kibernetskog terorizma
Posljedice kibernetskog terorizma, preventivne mjere
Mjere protiv kibernetskim terorističkim napadima
Aktivnosti na ravni organizacija, država, EU, NATO, globalno
Cyber Terrorism - facts
IS are a basic support element of every organizational
structure - organizations cannot achieve their visions
without them
Companies feels necessity of securing IS
Protection; risk management system - allows us to know
our enemy
Threats to IS are multiple and constant. Reason for
protecting our IS is to defend it from external malware one of those vicious attacks is also CT.
Cyber Terrorism – sum
Definition: Cyber Terrorism is carefully planned,
politically motivated attack on information,
computer system, programs and data.
Cyber Terrorism causing fear, damage or even
death using attack with the enterprise IS
influencing the (global) society and media
attention.
Computers as weapon
•
•
Can not cause death or injury - indirect risks.
Consequences and acts are therefore indirect.
Computers control critical infrastructure: storage of vital
information-damage or loss can lead to loss of lives (ex:
medical environment).
Difference with classic form of terrorism:
• High level of computer knowledge
• High level of motivation (possibility of recruiting hackers
for terrorist needs)
Difference is also seen in the usage of computers - at the
moment computers are used as a support for planning and
executing classical terrorist attacks- that will change in the
future.
Cyber Terrorism – consequences
Psychological
Physical
Economic
The most exposed critical areas: information and
communications, electrical network, gas and oil
(storage, transport, extraction), banking and
finances, transport, water supply systems,
government services. We must physical separate
critical IS from internet.
Protection
Countries and organizations must take proactive
measuraments for protecting IS and critical
infrastructure from CT
Risk management system is unavoidable (similar as
classic system - consequences are the most
important factor)
Decision regarding the form of protection is
dependent on every organization by itself
Conclusion
Cyber terrorism is (still) misunderstood.
Terrorist actions in cyber world can become more often. New generations of terrorists
are born in information society. They will posses knowledge of ICT and combine it with
high level of motivation.
Damage caused by these attacks can be bigger.
High level of safety culture in organizations shows us that they are well prepared.
Cybercrime and terrorism are unavoidable threats. What can we do?
Prepare better process of recovery in case of incident.
Preventive actions, education and raising safety culture will leads to improving
information security.
Risk management process - we must know our threats to fight them.
Following trends of security and threat development is necessary.