Click here to load reader
Governance in Cybercrime and Cybersecurity orgns - final distribution Organizations
Sep 14, 2014
Cybersecurity and cybercrime organizations must be created with great planning but that is not happening anywhere. In India we have a plethora of organizations sprouting up in every domain and we all know too many cooks spoil the broth. I make a case for governance at the national and state level and make the case for having a planned structure that will ensure good security, good response and offense too, if needed.
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations
Presented At
CyberAttack 2013 Security Conference
On
Dec. 07, 2013
At
The Palladium, Mumbai
By
Dinesh O. Bareja
Information Security & Management Advisor
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
Distribution Version
This presentation has been optimized for distribution which means that animation panes have been deleted and expanded so that the slides with animation do not appear with unreadable clutter
The images that have been used are sourced freely from the Internet using multiple search resources. Our logic is that if your creations are searchable then they are usable for representation AND we never use any such images in our commercial works
All our works that are put up as distribution versions are published under Creative Commons license and are non-commercial these are available for download from common document sites on the internet or from our website
If some images are deleted the slide will show the hyperlink to it and you can follow the link to see the image. This is done if I have received an objection or a take-down notice from the copyright owner
I/We make every effort to include a link or name to the copyright owner of the image(s) that have been used in this presentation and please accept our sincere apologies in case any image has not been individually acknowledged
Copyright notices or watermarks are not removed from images or text which are not purchased, however, we may say that practically all text is our own creation
Inspite of all the above and other declarations, if you have objections to the use (as owner of any of the IP used in this presentation / paper) you may please send an email to us and we shall remove the same right away (please do remember to include your communication coordinates and the URL where you spotted this infringement
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
A Brief Introduction
Dinesh O Bareja Principal Advisor Pyramid Cyber Security & Forensic Pvt Ltd
Cyber Surveillance Advisor Cyber Defense Research Centre (Jharkhand Police Special Branch)
Member IGRC Bombay Stock Exchange
COO Open Security Alliance
Enterprise & Government Policy Development; Cyber Security Strategy and Design Architect; Current State Maturity Assessment & Optimization; Digital Forensics, Cloud Forensics and Security;
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
Setting The Context..
Thinking .. Strategizing Planning should be done when you are in square one
However it is better late than never:
Stop Take stock Create a going-ahead plan
Restart from where you stopped
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
Context
It is about time the Information Security community woke up to voice the weakness in governance in our governments thinking on national cyber security
And
The increasing inability to control (cyber) related incidents with the looming threats of cyber war / terrorism / espionage / crime
Taking stock of our current situation:
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
Or (in the near future) Face
Annihilation
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
Context
Governance: That which defines expectations, grants power or verifies performance. Is a system by which entities are directed and controlled and a governance structure specifies the distribution of rights and responsibilities among different stakeholders. It is the process or a part of decision-making and the process by which leadership is established and decisions are implemented (or not implemented)
Cybercrime Investigation Organizations: Are primarily law enforcement organizations and such bodies that are engaged in investigating and controlling cyber crime.
Cybersecurity Organizations: Intelligence services, offensive and defensive solution development and delivery, sector specific entities like Telecom CERT etc, cyber command wings of defence forces and such organizations that are outside the ambit of being termed a LEA.
Defining the three key terms in our title to set the
context (from Wikipedia and Dineshspeedia
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
We
Need
To
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
Why
dont
we
My Plan is to Talk About
Relevance and strengths of planned security organizations
Why traditional security entities are not relevant against new-age challenges
The demand and growth of know-it-alls and the ignorant experts
Existing organization structure of Cyber Security Forces, Capability at national and state level
Disadvantages and challenges arising out of present organization structures
Way Ahead
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
Why
dont
we
Lets Talk About
Relevance and strengths of planned security organizations
Why traditional security entities are not relevant against new-age challenges
The demand and growth of know-it-alls and the ignorant experts
Existing organization structure of Cyber Security Forces, Capability at national and state level
Disadvantages and challenges arising out of present organization structures
Way Ahead
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
Relevance and Strengths in Planned Security Organizations
Why do we need to structure acentralized command governancefor Cyber Security across the nation(or states) when we already have ourCyber-thanas, CERTs, NTRO-NCIIPC,DIARA and more
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
Relevance and Strengths
Centralized system provides strategic, tactical, operational and administrative control
Need-to-know Data Access and Distribution Policy
Central Information Library and Knowledgebase
Politics-free Inter-Disciplinary dependencies
Common goals across all stakeholders
Quick response capability
Enhanced intelligence and capability sharing
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
Relevance and Strengths
Standardized response by organizations across the nation states provide harmony in operations
Resources, capacities, capabilities can be shared
Crisis communication is controlled and effective
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
One Bright Example - CDRC
Jointly setup by Jharkhand State and Jharkhand Police (special branch)
Located in PHQ it is the authority in the state for cybercrime and cyber security related information, advisories, investigation QUICK RESPONSE
Engaged in citizen awareness outreach, critical infrastructure protection, training etc
Connects with the InfoSec community, LEA and security establishments across the country
Governance in CyberCrime Investigation
& Cyber Security OrganizationsCYBER ATTACK 2014, Mumbai
Governance in CyberCrime Investigation
& Cyber Security Organizations CYBER ATTACK 2014, Mumbai
Change Gives No Choices
Period of
ignorance on
the power trip
Enlightenment
dawns on the
Related Documents See more >
