การสร้างเกราะป้องกันภัยคุกคาม...

1

การสร้างเกราะป้องกันภัยคุกคามต่อข้อมูลความเป็นส่วนบุคคลในองค์กร

Assoc.Prof. Dr. Thanachart NumnondaDirectorSoftware Park Thailand14 March 2012

2

3

(4)

6 Million SmartPhones in Thailand

5

More than 400,000 Tablets sold in Thailand

6Source: wikipedia

7

8

iCloud

9

www.facebook.com/softwareparkthailand

10

Dropbox

11

Open Environment

12

Apps & Data Everywhere

Diverse Access Points

Browser

Windows

Mac

iOS

Android

Universal App Catalog and

Workflow

Broker

Entitlements, Policies and Reporting

SaaSServices

Windows

Legacy Apps

Data Services

Mobile Apps

The New Reality for Users

Source : From Datacenter to Device: Security in the Enterprise 2012 and Beyond : VMWare

13

Work Life Balance

Blurred Boundaries

Anywhere Anytime

Productivity

Strengths, Interested, Choices

14

Security

Data Loss

Virus

Identity Loss

Internet Security

Social Media Security

Mobile Security

15

Data Loss Prevention

Where is my confidential data stored?

Where is my confidential data being sent?

How is my confidential data being used?

How do I enforce my data loss policies

Source : Vontu: Security for a wide open world.

16

Have You Deployed?

Source : Vontu: Security for a wide open world.

17

Content Awareness Protection

Source : Vontu: Security for a wide open world.

18

Mobile Devices

Notebook

Smartphones

Tablets

Portable Harddisk

ThumbDrive

19

Risks

Mobile devices are easy to lose or steal

Can carry large amount of data

Often unprotected

Data may be “sniffed” during unprotected wireless communications

Results– Broken device

– Infections from viruses, spyware, malware

– Privacy and personal security concernsSource : CYBER SECURITY ON THE GO: TCU Information Security Services

20

Best Practices

Never store sensitive or confidential information on a mobile device.

Rule of thumb – do not trust wireless to be secure!

Avoid joining unknown Wi-fi networks

Most apps offer privacy controls– But privacy controls are not always easy to

access

Avoid portable harddisk, usb, thumbdrive

21

Data Loss Protection

Develop a plan and work with it

Develop a policy

Reduce the initial scope

Understand why you need it, business, HR and Legal aligned

Avoid band-aid solutions - integration is key

22

Social Media Security Treats

Mobile Apps

Social Engineering

Social Networking Sites

Your Employees

Lack of a Social Media Policy

Source : 5 Top Social Media Security Threats: Network World

23

Internet Security Treats

Advise Your Employees on Safe Internet Conduct

Be Wary of Social Engineering

Maintain Security Options

Password Security

Back-up Data

Source : 5 simple internet security tips: Evan Godfrey

24

Smart Phone Security Tips

Beware of Text Message Spam

Use Anti-Virus Software

Mind Your Moblie Apps

Avoid Wi-Fi Hotspots

Keep Your Phone in Jail

Source : Top 10 Smartphone Security Tips: Joseph Morah

25

Smart Phone Security Tips

Turn off Bluetooth Discovery Mode

Apply OS update

Backup or Sync Your Data Frequently

Enable Remote Locate, Lock and Wipe

Screen Lock Your Phone

Source : Top 10 Smartphone Security Tips: Joseph Morah

26

Case Studies

27

Thank you

thanachart@swpark.or.thtwitter.com/thanachartwww.facebook.com/thanachartwww.swpark.or.thwww.facebook.com/softwareparkthailand