national information communication security taskforce
play

National Information & Communication Security Taskforce, - PowerPoint PPT Presentation

Sep 30, 2022 •330 likes •480 views

National Information & Communication Security Taskforce, Executive Yuan, Taiwan R.O.C. Organization Chart NICST Department of Convener: Vice Premier Information Security Cyber Security Deputy Convener: Minister Without Portfolio and one

  1. National Information & Communication Security Taskforce, Executive Yuan, Taiwan R.O.C. Organization Chart NICST Department of Convener: Vice Premier Information Security Cyber Security Deputy Convener: Minister Without Portfolio and one Specified Minister Consulting Committee (Staff Unit) Co-Deputy-Convener: Advisory Committee Member of National Security Council (Consulting Unit) Committee Members: Deputy Ministers of Ministries; Deputy Mayors of Municipalities; Deputy Minister of National Security Bureau; scholars and experts National Center for Cyber Security Technology (TWNCERT) Cybercrime Investigation Critical Infrastructure Other Cyber Security- Cyberspace Protecting System System Protection System Related Systems (Department of Cyber Security) ( MOI / MOJ ) (Office of Homeland Security) (Competent Authorities) Critical Information Personal Government Cyber Cyber Environment Industry Standard and Infrastructure Information Security Protection Awareness and Cybercrime and Internet Development Norm Group Protection Protection and Group Training Group Prevention Group Content Security Group (Department of Management Group Legislation (Department of Cyber (MOE) ( MOI / MOJ ) Group (MOEA) Cyber Security) (Department of Cyber Group Security) (NCC) Security) (MOJ) Information Service Health and Medical Telecommunication National Standard Critical Industry Competition and Financial Affairs Control System E-government Communication Transportation Cyber security Cyber Security Science Park Education Business Industry Standard 1 2016 Taiwan National Computer Emergency Response Team

  2. Critical Infrastructure Sectors Communication & Government Broadcast End Points Energy IT System/IDC Middleware Emergency Services & Public Health Care Network Database Data/Info Communication System Banking Water Resources & Finance High-Tech Transportation Industrial Park 2016 Taiwan National Computer Emergency Response Team 2

  3. Cyber Security Measures of Government Sector • NICST Committee Meeting • National Strategy for Cyber Security • NICST Working Group Meeting • Cyber Security Policy Whitepaper • Cyber Security Technology Workshop • Agency Responsibility Ranking • CIO and CISO Meeting • IT System Classification • Quarterly Workshop for IT Personnel Plan Act Do Check • Agency Business • Baseline Security Measures of Agencies Continuity Drill (ISMS/Dedicated Personnel/Defense-in- • Agency Cyber Drills (e.g. Social Engineering depth/24x7 Monitoring) Drill) • Baseline Security Measures of IT Systems • Annual Internal and 3rd Party Audit (including • Personnel Competence and Certification Cyber Health Check) • Public Private Partnership • Cyber Offensive and Defensive Exercise (G-SOC Co-defense / G-ISAC) • Cyber Governance and Defense Capability Indicator 3 3 2016 Taiwan National Computer Emergency Response Team

  4. Framework of Government ISMS 5 Perspectives / 30 Key Services Situation Awareness 3,039 Agencies Detection Rules • Honeypot R&D and Deployment Alert Intelligences Security Warning • Botnet Tracing Appliances Early • GSN Backbone Intel. Gathering • Domestic Intel Exchange G-ISAC Incident Tickets SIEM • International Intel Exchange Security Logs Platform • Threat and Alert Light Incident Response Services • 2 nd Tier G-SOC for Co-defense Respons Incident • Incident Handling Point of Contact • Alert Projects for National Celebrations CSIRT Team e • Special Projects for Critical Incidents • Digital Forensic Services Incident Report • National Software Asset Control Database • IT System Defense Baseline System Security Services Security • Government Configuration Baseline System IT Assets • Secure Software Development • Penetration Testing • Cyber Health Check System Security Status • Cyber Offensive and Defensive Exercise • Government Mobile App Security Test Customized Controls • Agency Responsibility Ranking Process • IT System Risk Classification Mgmt ISMS • Annual Government IS Audit • Security Governance Maturity and Defense Index Management and Audit Results • Training of IT/IS Officials Awareness Training and Campaigns Training • Certification of IT/IS Officials • IS Competence Training Certification/ Government Accreditation Scheme Officials • Awareness Raising Workshop Test and Accreditation • IS Legal Case Study Booklet 4 4 2016 Taiwan National Computer Emergency Response Team

  5. G-ISAC for Early Warning Gov. Agencies G-ISAC 3,039 Agencies Government Information Sharing and Analysis Center HoneyBEAR G-SOC APT CIIP Authorities Telecom (NCC) / Banking(FSC) Threat Intelligence Generation Utilities & e-Commerce (MOEA) Threat Precursor Analysis Information Sharing Indicators Internet Service Provider Botnet Tracer Of Botnet Gov.(GSN) /Academic Compromise (TANET) /All private ISPs MSSP Malware Chunghwa Telecom / Acer HoneyNET TradeVAN / ISSDU … etc 5 International Cooperation FIRST / APCERT / US-CERT SPAM CERT-EU … etc Legend HoneyBEAR: Behavior-based Email Anomaly Reconnaissance NCC : National Communication Commission FSC : Financial Supervisory Commission MOEA : Ministry of Economic Affairs GSN : Government Service Network MSSP: Managed Security Service Provider 5 2016 Taiwan National Computer Emergency Response Team FIRST: Forum for Incident Response and Security Teams

  6. G-ISAC Intelligence Sharing E-Commerce CERT (EC-CERT) Law Enforcement Gov. Intelligence CERT Agencies TWCERT Gov. Service Network TWCSIRT G-ISAC TW Network Info. Center TACERT Antivirus & Academic ISAC Related Industry (A-ISAC) Private TWAREN ISAC Sectors Intelligence Telecom ISAC MSSPs ISPs (NCC-ISAC) Financial ISAC (F- ISAC) ● G-ISAC has covered IPs of GSN, Academic Network and 34 Stocks Banks ISPs (Taiwan IP coverage > 99%) Insurance 6 2016 Taiwan National Computer Emergency Response Team

  7. Domestic Information Sharing Status 160000 2016 2011 2012 2013 2014 2015 144,079 (Q3) 140000 135,527 120000 112,516 ANA 720 1,432 1,646 756 1,222 1,410 ANA 107,405 100000 90,311 EWA 79,260 84,027 INT 84,210 17,327 6,455 3,710 3,865 4,782 2,410 EWA 80000 76,757 DEF 60,980 60000 INT 60,980 135,527 84,210 107,405 76,757 48,051 FBI 52,850 Total 48,051 40000 69 507 407 225 867 582 DEF 20000 164 158 338 265 399 397 FBI 0 Total 79,260 144,079 90,311 112,516 84,027 52,850 2011 2012 2013 2014 2015 2016(Q3) From: 2011/1/1 ~ 2016/9/30 2016 Taiwan National Computer Emergency Response Team 7

  8. Collaboration of Members - Mobile Device Malware Sample Sharing ● Criminal Investigating Bureau (CIB) established mobile device malware sample sharing channel with SOC members via G-ISAC TWNCERT 1. CIB Collect suspicious fraud messages , URL, and APK from various sources 2 3 4 2. TWNCERT receives intel, extracts malicious APKs and shares with SOC members 3. SOC members feedback APK 1 analysis results 4 4. TWNCERT integrates all results G-ISAC and share the results with all members 2 3 4 Receive Intel Source Share Intel with SOC Members SOC Members Feedback Results Integrate & Share the Final Results 8 2016 Taiwan National Computer Emergency Response Team

  9. 2nd Tier G-SOC for Co-Defense ● Build government-wide situation awareness of cyber security ● Promote Public-private-partnership for better decision making National-Level Decision Making Support 3 rd Tier NICST Government-Wide Situation Awareness Actionable Intelligence 2 nd Tier Classification Trend Statistics Data Modeling Prediction G -SOC Co-defense Monitoring Detection Rules Data 1 st Tier Incident External Existing Regulation MSSP Handling Threat Vulnerability Compliance 9 2016 Taiwan National Computer Emergency Response Team

  10. Current Situation Review ● Public-Private-Partnership now is weighted more on public sectors ● There are only three ISACs established (G-ISAC, NCC-ISAC and A-ISAC), although all operate and collaborate smoothly, but the sector coverages are limited ● Moreover, the sector level CERTs are also very few, thus the incident handlings do not performed very effectively ● There were no specific working groups for CI & CII sectors until this year in NICST organization ● There are no comprehensive regulations for cyber security, most cyber security tasks were limited within government agencies 10 2016 Taiwan National Computer Emergency Response Team

  11. The Fifth National IC Security Development Plan Cyber Security Industry National Security Technology R&D Talent Incubation Management Development 4. Complete national cyber 1. Develop national cyber 10. Combine and raise the 12. Perfect the incubation 8. Promote related policies security policies, security risk assessment values of academic and and demand of cyber and development of cyber regulation & standards security industries mechanism industrial cyber security security professionals R & D capabilities 5. Enhance cyber security 2. Establish national 13. Promote cyber security 9. Reduce cyber security defense among gov. network and 11. Develop a privacy awareness and child risks for industry supply and CI & CII sectors communication protected digital online protection chains 6. More International emergency recovery identification framework collaborations mechanism 7. Increase cyber crime 3. Build national network prevention and solve defensive and offensive effectiveness capabilities 11 2016 Taiwan National Computer Emergency Response Team

Recommend

Information & Communications Technologies (ICT) Taskforce IAESB Meeting New York October

Information & Communications Technologies (ICT) Taskforce IAESB Meeting New York October

Information & Communications Technologies (ICT) Taskforce IAESB Meeting New York October 24, 2018 Page 1 | Confidential and Proprietary Information ICT Taskforce Objectives For Today I. Obtain input on sufficiency of process used to

556 views • 10 slides
security UNECE taskforce on CS/ OTA Geert Pater Hari Sankar Ramakrishnan 5 December 2017

security UNECE taskforce on CS/ OTA Geert Pater Hari Sankar Ramakrishnan 5 December 2017

RDW on safety and security UNECE taskforce on CS/ OTA Geert Pater Hari Sankar Ramakrishnan 5 December 2017 Overview of UNECE TFCS Taskforce on Cybersecurity and software updates set up under the ITS/ AD working group under WP 29

253 views • 13 slides
8.30am 1 Taskforce rationale for FSA 1. Presidential Taskforce on Parastatal Reforms recognised

8.30am 1 Taskforce rationale for FSA 1. Presidential Taskforce on Parastatal Reforms recognised

THE NATIONAL TREASURY REVIEW OF FINANCIAL SERVICES AUTHORITY (FSA) BILL AND IMPROVING FINANCIAL SECTOR MARKET CONDUCT IN KENYA Summary of FSA bill for Insurance Industry meeting, 27 th April 2016, Fairview Hotel, 8.30am 1 Taskforce rationale

466 views • 22 slides
Information Technology and National Security Gary W. Strong National Science Foundation NSF has

Information Technology and National Security Gary W. Strong National Science Foundation NSF has

Information Technology and National Security Gary W. Strong National Science Foundation NSF has a broad, cross- cutting research agenda that includes national security. Interagency Cooperation on National Security Research Culture

311 views • 10 slides
Xen Security Modules (XSM) George Coker National Information Assurance Research Lab National

Xen Security Modules (XSM) George Coker National Information Assurance Research Lab National

Xen Security Modules (XSM) George Coker National Information Assurance Research Lab National Security Agency (NSA) gscoker@alpha.ncsc.mil National Information Assurance Research Lab 1 UNCLASSIFIED What is XSM? A generalized

342 views • 33 slides
NATIONAL CYBE BER SECURITY AWARENESS MONTH: OCTOBE BER IT Security is joining a national effort

NATIONAL CYBE BER SECURITY AWARENESS MONTH: OCTOBE BER IT Security is joining a national effort

NATIONAL CYBE BER SECURITY AWARENESS MONTH: OCTOBE BER IT Security is joining a national effort to make the Internet safer. Keep an eye out for more information on cyber security topics in the UConn Health Lifeline, on displays throughout

438 views • 12 slides
San Francisco Food Security Taskforce January 6, 2015 Our vision is that all low-income San

San Francisco Food Security Taskforce January 6, 2015 Our vision is that all low-income San

A Healthy Food Voucher Program San Francisco Food Security Taskforce January 6, 2015 Our vision is that all low-income San Francisco residents, in all neighborhoods, will have access to fruits and vegetables at the market where they regularly

885 views • 62 slides
CLIMATE CHANGE COMMUNICATION NEEDS ASSESSMENT IN HKH Existing information flow National Level

CLIMATE CHANGE COMMUNICATION NEEDS ASSESSMENT IN HKH Existing information flow National Level

CLIMATE CHANGE COMMUNICATION NEEDS ASSESSMENT IN HKH Existing information flow National Level Global and Information national climatic about extreme concerns weather events floods, draughts State/region level etc.

287 views • 11 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Information Security Recent UK experiences Paul J Jackson Information Security and Legal

Information Security Recent UK experiences Paul J Jackson Information Security and Legal

Information Security Recent UK experiences Paul J Jackson Information Security and Legal Services Division ONS Timeline 18 October 2007 25m records sent to National Audit Office On 2 unencrypted CDs Sent in standard internal

893 views • 46 slides
Information and Communication Technologies ICT Stephen OReilly National Delegate &

Information and Communication Technologies ICT Stephen OReilly National Delegate &

Information and Communication Technologies ICT Stephen OReilly National Delegate & Contact Point ICT is a core area in the Industrial Technologies pillar Covers a broad range of topics including:- Cyber physical systems / smart

264 views • 25 slides
Communication and In Information Warfare in in th the Eastern Partnership Countries Vineta

Communication and In Information Warfare in in th the Eastern Partnership Countries Vineta

Security Im Implications of f Russian Str trategic Communication and In Information Warfare in in th the Eastern Partnership Countries Vineta Mkone Operational Support Branch NATO Strategic Communication Centre of Excellence Riga,

189 views • 14 slides
Qatar's Center for Information Security 2 What is Q-CERT? Qatar's National Center for

Qatar's Center for Information Security 2 What is Q-CERT? Qatar's National Center for

Qatar's Center for Information Security 2 What is Q-CERT? Qatar's National Center for Information Security. An ictQATAR initiative. Works with organizations who deliver critical services in Qatar. 3 Types of Assistance

877 views • 12 slides
INFORMATION & COMMUNICATION TECHNOLOGY (ICT) COVERING M2M/IOT AND ITS ROLE IN SMART CITY +

INFORMATION & COMMUNICATION TECHNOLOGY (ICT) COVERING M2M/IOT AND ITS ROLE IN SMART CITY +

INFORMATION & COMMUNICATION TECHNOLOGY (ICT) COVERING M2M/IOT AND ITS ROLE IN SMART CITY + CYBER SECURITY Prepared by Confederation of Indian Industry Presented by N. Kishor Narang INFORMATION COMMUNICATION TECHNOLOGY (ICT) COVERING

371 views • 26 slides
Software Security Daniel Bosk Department of Information and Communication Systems, Mid Sweden

Software Security Daniel Bosk Department of Information and Communication Systems, Mid Sweden

Introduction Broken Abstractions Memory Management Malware References Software Security Daniel Bosk Department of Information and Communication Systems, Mid Sweden University, SE-851 70 Sundsvall 13th March 2019 Daniel Bosk MIUN IKS

739 views • 35 slides
Secret Communication via Secret Communication via Multi- -antenna Systems antenna Systems

Secret Communication via Secret Communication via Multi- -antenna Systems antenna Systems

Secret Communication via Secret Communication via Multi- -antenna Systems antenna Systems Multi Zang Li Wade Trappe Roy Yates WINLAB, Rutgers University 1 Outline Information theory background on information security Problem

511 views • 22 slides
SALISBURY ZONING REWRITE Taskforce Meeting #1 PRESENTED TO: Salisbury Zoning Rewrite Taskforce

SALISBURY ZONING REWRITE Taskforce Meeting #1 PRESENTED TO: Salisbury Zoning Rewrite Taskforce

SALISBURY ZONING REWRITE Taskforce Meeting #1 PRESENTED TO: Salisbury Zoning Rewrite Taskforce JUNE 22, 2020 WITH JAKUBIAK AND ASSOCIATES, INC. VIRTUAL MEETING GROUND RULES Taskforce Meeting #1 This meeting is being recorded, and these

495 views • 35 slides
IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant

IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant

IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant CERT-MU | National Computer Board OUTLINE The Internet of Insecure Things New Devices, New Security Challenges IOT Specific Security Issues

302 views • 27 slides
( la Shannon) A multi-channel extension A multi-channel extension u 1 = h (y 1 ,..,y n ) T R

( la Shannon) A multi-channel extension A multi-channel extension u 1 = h (y 1 ,..,y n ) T R

Classical Communication Setting OUTLINE ! Game Theoretic Approach to ( la Shannon) Information Security Fundamental problem in information transmission / communication The fundamental problem of communication TAMER BA AR

81 views • 7 slides
Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security

Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security

Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security Centre (NCSC) This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation.

197 views • 8 slides
SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

U U U U U U U- U - - communication - - - - - communication communication communication communication communication communication communication Korea Mobile Market Trend for Convergence & Ubiquitous Communication 2004.

400 views • 16 slides
To improve food security information using Earth observation at national/regional/global scale

To improve food security information using Earth observation at national/regional/global scale

To improve food security information using Earth observation at national/regional/global scale -Reflect the inter-dependent nature of the food price and security challenges - Shin-ichi Sobue Remote Sensing Technology Center of Japan Asia rice

325 views • 28 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

413 views • 38 slides
Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Information Security in a Wireless World Basic

554 views • 30 slides

More recommend