Cyber Security and Data Protection

Cyber Security and Data Protection - Description

Challenges in Korea. Jinhyun. CHO. Senior Researcher. Korea Internet and Security Agency. Short Intro. . To KISA. Security Incident Prevention and Response. . : 24/7 Situation Room to Respond Security Incidents. ID: 487962 Download Presentation

118K - views

Cyber Security and Data Protection

Challenges in Korea. Jinhyun. CHO. Senior Researcher. Korea Internet and Security Agency. Short Intro. . To KISA. Security Incident Prevention and Response. . : 24/7 Situation Room to Respond Security Incidents.

Similar presentations


Download Presentation

Cyber Security and Data Protection




Download Presentation - The PPT/PDF document "Cyber Security and Data Protection" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.



Presentation on theme: "Cyber Security and Data Protection"— Presentation transcript:

Slide1

Cyber Security and Data Protection Challenges in Korea

Jinhyun

CHO

Senior Researcher

Korea Internet and Security Agency

Slide2

Short Intro. To KISA

Security Incident Prevention and Response

: 24/7 Situation Room to Respond Security Incidents : Incident Handling including Mobile/e-mail SPAM Privacy Protection : PI Breach Reporting and Consultation : Removal of PI exposed on Websites

Information Security

Internet Promotion

Creating a Healthy Internet Culture

: Customized Internet Ethics Education Promoting Internet Business : Finding and Supporting New Quality Ventures Managing Internet Address Resources : Managing .kr domains(.kr registry)

Supporting Foreign Expansion of

ICT Businesses : Export Counselling, SME ConsultingCooperation with International Organizations : OECD, World Bank : Cyberspace Conference(2013), ITU PP(2014)

Int’l Cooperation

Policy Research and Survey Analysis

: Internet Issue Research and National ICT Statistics Supporting Improvement of ICT Legal Frameworks : Supporting the Enactment of New Act like Cloud Act : Analyzing and Researching Emerging Legal Issues

Policy Research

Slide3

Cyber Terror on Broadcasting Stations and Banks

Coordinated Attack with H-Hour : 14:00(GMT+9) Service Disruption : 3 BS and 2 Banks Affected More than 40,000 computers Destroyed (HDD Erased) Clients, Servers, and even ATMs Infected with Malware Malware Distribution Path : Vaccine Update Server Improper Security Management : Serious Security Holes

March 20 Cyber Terror

I. Major Security Incidents in 2013

Slide4

March 20 Cyber Terror

I. Major Security Incidents in 2013

Slide5

Multiple Cyber Attacks : 69 Organizations Affected

Web Defacement : Blue House and 43 Private Web DDoS on Integrated Government Infrastructure Destruction of Computers in Mass Media Companies Coordinated and Sophisticated Attack Attack Scale & Methods ( Web Hard Client Program ) Attribution : Who is Behind the Attack?

June 25 Cyber Attack

I. Major Security Incidents in 2013

Slide6

II. Major PI Breaches in 2014

More than 100 Mil. Card holders’ PI Leaked

K CCV : 53 Mil., L CCV : 26 Mil., N CCV : 25 Mil. Including RRN, Address, Financial Status, and etc. Internal Employee of Credit Rating Company Involved Counterfeit Prevention System Development Program PI Leaked with USB Thumb Drive (No Policy or Encryption) Leaked to Loan Advertisers and Loan Brokers Serious Financial and Legal Threats to Credit Card Vendors?

From Credit Card Vendors

Slide7

12Mil PI Leaked through Homepage Hacking

Brutal Force Attack with Billing Information Sophisticated Hacking Vs. Trial and Error (?) Security Policy for Multiple Attempts from One IP(?) Leaked PI used to Advertise and Sell Mobile Phones Customized Information for Those Who Need a New Phone 3 or 4 Phones Sold to Over 150 Phones Sold After Breach Similar Incident Occurred 2 years ago

From Mobile Service Provider

II. Major PI Breaches in 2014

Slide8

III. Response from Government

Nat’l Cybersecurity Comprehensive Countermeasures

BH takes the Lead in Major Cybersecurity Incidents

NIS : Working-level Coordinator

MND for Military Sector and MSIP for Private Sector

PCRC Strategy

P(Prompt) : Concurrent Situation Notification Framework

C(Cooperative) :

Cyberthreat

Information Sharing System

R(Robust) : CII Designation Increased (Around 400 in 2017)

C(Creative) : Supporting 10 Key Security Technology

Slide9

III. Response from Government

Financial PI Breach Prevention Countermeasures

Protection of Financial Consumer Right

Minimum PI Collection and Self Determination

Clear and Strong Responsibility

Annual Reporting on IS & Penalty ( Up to 3% of Sale)

Strong Response to Security Incidents

Network Separation and RRN Encryption

Prevention of Potential Breaches

Destruction of Collected PI

Slide10

IV. Key R&D Area for Information Security

Gov

(MSIP) R&D Plan for Information Security until 2017

Vision

Establish Secure & Trustworthy Creative Society Safety Network

Objectives

Global Market Share : 2.4%(2012) to 3.0%(2017)

1

st

Class Tech. : 79.9(2013) to 90%(2017)

Competitiveness : Supporting 10 best IS Products

R&D Focus in 2014 : Incident Response & Wireless IDS

Slide11

V. Research Cooperation Model

Cybersecurity Research Center

University and KISA Cooperation

Joint Project to Educate and Train Cybersecurity Experts

KISA : Provide the state-of-art information and technology

Area

: Vulnerability and Malware

Analysis

Providing Working Experiences in the Real

Envirnoment

2

Centers

to Be

Selected

Open to Graduate School of Information Security

Slide12

Thank You

Slide13

Slide14

Slide15