e-governance-and-security
DESCRIPTION
Off course E-Governance is required.Today the worlds top 40 countries in terms of corruption free are all E-Governed!!!!!so y not for akka India.Govt has taken many steps in this direction.Though the speed is slow...is it really worth when India has one of the highest percentage of digital illiterates in the world....here comes security IQ of a common citizen into question!!!!TRANSCRIPT
E-Governance and Security
MINI SEMINAR
30TH JUNE2013
AVCC,NOIDA
India has taken significant steps in the area of e-
governance, with almost all states across the country
launching e-services in some form or the other.
* Source: india.gov.in/e-governance
We all know about the bright
future
The other
of the
side
story
Any ICT infrastructure
must be Secure
because Citizen & Business
transactions contain
Significant Confidential Information
But who decides the Security QR’s…….
Sadly….till date the approach has been mostly reactive since we have been traditional in
configuring SECURITY!!!!!!!
While anti-virus and firewalls are seen more as a
Reactive security mechanism,IDP solutions are more
Proactive and get activated as soon as any abnormal
behavior is detected.
With the information Technology(IT) Act 2000 coming into effect from October 18,2000,transactions on the internet have got legal validity in India
And ever since……..
INDUSTRY APPLICATION AVERAGE COST PER HOUR OF DOWN
TIME(US$)
Financial Brokerage Operations $15,840,000/-
Financial Credit Card Sales $7,000,000/-
Retail Home Shopping TV $750,000/-
Transportation Air Line reservations $350,000/-
Entertainment Tele-ticket sales $300,000/-
Shipping Package Shipping $250,000/-
Financial ATM $200,000/-
Lets try to
get familiar
with the
threat
vectors!!!
Domains of
security
Impersonati
on Failure
False
Identity
Revoked Rights
Unauth
Disclosure
Theft of Access
Tokens
DoS
Breach of
Anonymity
Unknown
Outsider Attack
User Fraud
Insider Attack
Access
Threats
Probe is a class
of attacks where
an attacker scans
a network to
gather information
or find known
vulnerabilities
MALWARE : Malicious software Microsoft b70
Internet Infrastructure attacks
These rare but serious attacks involve key components of the
Internet infrastructure rather than specific systems on the Internet.
Denial of Service Attacks
Remote to local attack
User to Root Attack
So
What Should we not support E-Governance?
Apex Body on Standards
in DIT
State Wide Area Network
(S.W.A.N.)
National E- Government Intranet
And all this along with these two
Current Giants make
a great Attack Surface
Stringent
Security
Policies
Monitoring
tools
Analysis
tools
Firewalls/UT
Ms
Cryptography