01.thanh-vnisa report at nisd 2012
DESCRIPTION
VNISATRANSCRIPT
-
Ngi trnh by:Ts. V Quc ThnhPh ch tch, Tng th k
Hip hi An ton thng tinVit Nam (VNISA)
BO CO TNG QUANAN TON THNG TIN VIT NAM 2012
-
2011 2012
Nc mnh v CNTT
ngdngCNTT
Cngnghip
vDchV
H tngtruynthng,
Internet
Anton
thngtin
Nhnlc
CNTT
ATTT
H tng CNTT (ICT Infrastructure)
Ch quyn s(DigitalSovereignty):Canada:
+ 2011+ 2012
Russia:+ 11/2012
-
Ruslan Gattarov, ngi ng u y ban Chnh sch thng tin ca Hing Lin bang: mc tiu tng th ca chin lc l phi m bo "chquyn s"
In the words of RuslanGattarov, head of theFederation CouncilInformation PolicyCommission, theoverall purpose of thestrategy must be toensure Russia's digitalsovereignty.
-
Ni dung
1. Mt s s kin v ATTT nm 2012(Information Security facts in 2012)
2. Kt qu kho st hin trng ATTT 2012 ca VNISA(VNISA Research on Information Security status in 2012)
3. Kt lun(Conclusions)3. Kt lun(Conclusions)
-
Ch th 897 CT-TTG ca TTCP: Tng cng cc hot ng bom an ton thng tin s
Hng trm website chnh ph gov.vn b hacker nc ngoi tncng
Vit Nam lin tc c tn trong nhiu danh sch quc t v cc vn lin quan n ATTT
Bng pht cc hnh thc la o mi qua nhiu phng thcnh tin nhn SMS , email , yahoo chat, website
Cc hng bo mt ca Vit Nam ng lot tung ra cc gii php,phn mm bo v cho Mobile.
Ban son tho Lut An ton thng tin s c thnh lp vi mctiu sm a lut vo hot ng***
Thng t Quy nh v iu phi cc hot ng ng cu s cmng Internet Vit Nam bt u trin khai trn thc t
Xut hin nhiu bin th virus n cp ti khon ngn hng trctuyn. Gi mo trang yahoo n cp mt khu ngi dng.
10 s kin ni bt v ATTTti Vit nam 2012 *
*Khng xp th t
Vit nam vn tip tc ng v tr cao trong nhiu danh sch quct cnh bo v cc nguy c mt an ton**
**: top 5 v NSD Internet; 15 pht tn m c; 10 tin rc; 15 zombie,*** Thng t lin tch 4 B, Vin KS v Ta n v B lut Hnh s ...
Nhiu c quan, t chc pht hin cc kt ni ngm v cc mc chuyn dng nh cp thng tin c ch ch (APT)
-
10 s kin ni bt v ATTTti Vit nam 2012 (tip)
Website mt doanh nghip ni ting v an ninh mng b tn cngv tip sau 2 tun trang forum ca h li b tn cng tip
Nguy c mt cuc chin tranh mng i vi Vit nam l c thxy ra, B trng tr li trc Quc hi, chiu 14/6.
Vn r r thng tin qua cc thit b vin thng nhp khu lic d lun ch
Vn nn rao bn thng tin c nhn trn mng cha c gii phpngn chn
5-2012 VNISA nh gi ngu nhin 100 webstite tn min.gov.vn cho thy 78% s website c th b tn cng ton din
-
Kt qu kho st 2012 ca VNISA
Kho st c tin hnh trong khong 3 thng,thc hin bi VNISA v VNCERT
Tng s phiu tr li y l 507, i din cho507 t chc vi y cc thnh phn
Kho st nhm nh gi mc nhn thc vng dng ATTT trong cc t chc, doanh nghip
-
Cc ni dung chnh
1. Nhn thc v cc cuc tn cng2. Cc bin php m bo ATTT3. Chi tiu cho ATTT4. o to v ATTT
-
1. Nhn thc v cc cuc tn cng
Bn c bit mng b tn cnghay khng?C c lng c thit hikhng?C quy trnh phn ng vi tncng hay khng?
-
H thng ca qu v tng b tn cng mng(Cyber Attack) hay khng (tnh t 1/2012)?
Xu hng nhn bit tn cng vn tng qua 2 nm.Cc cng c monitoring c c trin khai
-
Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012
-
Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012
-
Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012
-
Cc tn cng m c quan/t chc ca qu v gpphi k t thng 1 nm 2012
APT (Advanced Persistent Threat):Ph hoi c ch ch: l ng c hng u c nhc n ~18%
-
T chc ca qu v c c lng c tng itn tht ti chnh khi b tn cng khng?
1. Kh nng nh gi tn tht ti chnh c tng ln2. a s khng r ng c tn cng l g hoc ng c khng r rng
(trn 70%)
201020112012
-
2. Cc bin php m bo ATTT
Cc bin php qun l: Quy trnh,Quy ch, Bo co, ...Cc bin php k thut, cng ngh:tng la, chng xm nhp, ...
-
T chc ca qu v c quy trnh thao tc chun(Standard operating procedures) phn hi linhng cuc tn cng my tnh hay khng ?
Nm 2011: T lni S lm trong3 thng ti tngmnh2012: cha ck hoch vncn l 33%
2010 2011 2012
-
Nu t chc ca qu v b tn cng mytnh, qu v s thng bo tin ny n ai?
Bo co 2010: a s vn ch bo co ni b, bo co bn ngoi tng so vi 2009
-
Thng sau bao lu qu v s thng bo thng tin ny?
Nhu cu tr gip ngay lptc tng cao
-
T chc ca qu v ang s dng cc cng ngh mbo ATTT no?
A - Nhm bo v d liu bng mt khu, mt m
S dng chng ch s kh nhiu, OTP cn t qu
Tng u n
-
T chc ca qu v ang s dng cc cng ngh mbo ATTT no?
B - Nhm bo v d liu bng mt khu, mt m
AV, FW, Anti-Spam s dng nhiu, nay chng li
-
T chc ca qu v ang s dng cc cng ngh mbo ATTT no?
C - Nhm cng c qun l, d qut
D c tng nhng t l cn qu thp, do nhn thc cha y cn y mnh khuyn co
Mi khong 10%
-
T chc ca qu v c Quy ch v ATTT(Security Policy) cha?
T l tng ln so vi 2011Cn khuyn co bt buc c
Quych
S xydngtrongthi gianti
Cha c Quy ch
-
T chc ca qu v c d nh thu ngoi (out-source)cc dch v v m bo an ton thng tin khng?
85%
15%
KhngC:
Cn khuyn khch s dng cc dchv chuyn nghip rng ri hn
2012
2011
-
C thc hin kim tra, nh gi ATTThay khng?
C76%
T nh gi haythu dch vchuyn nghip?
T thchin
82%
Cn tin ti dch v chuyn nghip v khch quan
-
3. Chi tiu cho ATTT khkhn hn
87% cho l trong nm 2012, chi tiu cho ATTT ca t chc hkhng gim57% cho rng chi tiu ny s phi tng ln trong nm 2013
Tuy nhin cc t l trn gim kh r so vi 2 nm trc
2010 2011 2012
-
T l u t cho ATTT trongngn sch dnh cho CNTT
T 10% - 15%
T 5% - 10%
Di 5%
Khc
Cnh bo: t l ln ch dnh ngn sch cho ATTT di 5%
Di 5%
-
4. Nhu cu o to v ATTT
Mi mt t chc c trung bnh:+ 0,89 chng ch quc t LIN QUAN n ATTT+ 1,2 chng ch trong nc LIN QUAN n ATTT
Ch c 49% t chc c k hoch o to v ATTT
Trong khi c n 57% t chc khng nh nhu cu c cn bchuyn trch v ATTT
2010 2011
2012
-
Kt lun
-
o ATTT (CIS)
Iwww.securitymetrics.org
ISO 27004
-
Bt u t 4/2011
-
National Cyber Security Index
-
Ch s ATTT s Vit nam(th nghim)
Da trn kt qu kho st vi 45 cu hi Tnh im t 1-100, trong gn 100 c
ngha l:oChun b y nht cho vn ATTT soMc xy ra s c thp nht c thoMc cnh gic v mt ATTT cao nht
Tp trung vo 23 indicators, c trng s t1-3
Kt quCh s ATTT s 2012 l 26%
-
Chung tay xy dng H tng thng tinan ton v Ch quyn s Quc gia
Together buildSecure Information Infrastructurefor National Digital Sovereignty