1 Information Security in Practices) Information Security Concept Web Cookies Web Cookie) Information Security Management for Personal Data 2 Information Security Techniques Data Masking) Data Encryption) Data Hashing)
1 2 3 4 34
5 : http://www.snoc.co.th/knowledge/how-do-you-know-if-youre-under-ddos-attack/ 6
3 1. Hardware Security Threats) Software Security Threats) Software Theft) Software Modification) Information Leaks) 3. Data Threats) 7 Malware) 9. BOTNET Computer Virus) Spam Mail Computer worm) Phishing Trojan horse) 12. Sniffing Spyware) Spam) Backdoor) Hacking Rootkit Hacker) DoS/DDoS 8
: https://www.etda.or.th/th/Our-Service/thaicert/stat.aspx 2565 9 : https://www.etda.or.th/th/Our-Service/thaicert/stat.aspx 10
Exploit Vulnerability IP Known Port Hacker Login Attempt Human Error User Password Update Login Internet Access Password Malicious Code Cybersecurity Policy Ransomware 11 Availability Traffic/Packet Network (Flood Network) DoS (Denial of Service) Traffic Security Device) Firewall Traffic Information Gathering Hacker Hacker Policy Violation USB : https://www.cyfence.com/article/ntcyfence-csoc-summary-2021/ 12
Trojan.Multi.BroSubsc.gen Hacker Backdoor Ransomware Browser History Backdoor: Andromeda.Botnet Andromeda Backdoor Remote W32/Khalesi.XB!tr Remote Bot DoS Backdoor: Backdoor.DoublePulsar DoublePulsar WannaCry Ransomware DoublePulsar Windows Remote HEUR:Trojan.Script.Generic Ransomware Ransomware Ransomware : https://www.cyfence.com/article/ntcyfence-csoc-summary-2021/ 13 14
Digital Technology IS=Information System IT=Information Technology ICT=Information Communication Technology Hardware Software Peopleware Process Digital Technology IT+ICT+Digital Content+ Digital Content 15 16
17 3 1. Function Based 2.Agenda Based 3. Area Based 18
(IT Management) Database Operational Data Staffs Report Management Information System Manager Executive Information System CEO. Decision Support System (DSS) Knowledge Function Based Problems Agenda Based Problems 19 : Performance Conformance Knowledge Management (KM) Executive Information System (EIS) Management Information System (MIS) Database Management System (DBMS) 20
2562 31 2563 2562 2562 2544-2563 4 2553 21 22
3 Data Governance PDPA Cyber Security 1. 22 2562 1 2565 24 2562 2. ( ) 3. 4. Data owner, Data Steward (DPO) (CISO) 5. / Data life cycle Record of processing activity (ROPA) 6. Confidentiality, Integrity, Availability (CIA) CIA CIA 7. - 8. 23 2562 24
25 2562 2562 26
2562 12 4 8 1 2 3 4 5 6 27 2562 : 117 74 31 2563 28
1. 2. (Data team) Define 3. (Data Steward team) 4. IT (Data Custodian team) IT 29 30
4 1 2 3 4 5 6 31 Data dictionary) Meta data) 4. Dataset Guideline) PDPA 32
33 34
1) 2) 3) 4) 5) Log 6) Contact Point 35 1) 2) 3) 4) 5) 36
Business Risk Management) 37 COSO (The Committee of Sponsoring Organizations of the Treadway Commission } 38
1. Internal Environment) : 2. Objective Setting): 3. Event Identification) 4. Risk Assessment) Likelihood) Impact) 5. Risk Response) 6. Control Activities) 7. Information and Communication) 8. Monitoring) COSO 39 40
41 42
43 2565 2570 9 2565 1 () : 44
Governance, Risk and Compliance: GRC) Governance, Risk and Compliance: GRC) 3 1. Good Governance in Cybersecurity) 2. Risk Management) 3. Policies and Guidelines) 45 1. Good Governance in Cybersecurity) 1.1 Authorities, Roles and Responsibilities) Three Lines of Defense) 1.2 Head of Information Security) 1.3 Chief Information Security Officer : CISO) CISO 46
Three Lines of Defense First Line of Defense Second Line of Defense Risk Management) Third Line of Defense Compliance) Internal Audit) 47 Chief Information Security Officer : CISO IT operation) IT development) Authority) CISO 1) 2) IT steering committee IT risk committee 48
2. Risk Management) 2.1 Risk appetite) ( 2.2 Risk register) 2.3 2.1 49 3. Policies and Guidelines) 3.1 3.2 50
51 52
53 54
55 (Backup) disaster recovery site) 56
1 Data Masking) 2 Data Encryption) 3 Data Hashing) 57 (Data Masking) Data Masking Field Database API Pseudonymize Anonymize Sensitive Data Agent Database GDPR PDPA 58
59 Anonymization negligible risk) Pseudonymization 60
disclosure risk) data anonymization) data security) confidentiality : Thailand Data Protection Guideline V3.0 Extension) 61 (Data Encryption) encryption) symmetric key secret key) (asymmetric key) (public key) : https://resources.infosecinstitute.com/topic/beginners-guide-to-the-basics-of-data-encryption/ 62
Certification authority (CA) private key) public key) NT, INET 63 encryption) (public key) (private key) authentication) 64
HTTPS://www.google.co.th SSL (Secure Sockets Layer) 65 (Data Hashing) Hashing Hash Value" ( Hash Code, Hash Sum Hash Digest 66
(Digital Signature) 67 68
1 2 3 4 69 70
71 : https://openpdpa.org/what-is-cookie-consent/ 72
Cookie Consent Necessary cookies ( Preference cookies ( Statistic cookies ( Marketing cookies ( : https://openpdpa.org/what-is-cookie-consent/ 73 Cookie : Remember me username password Cookie Remember me Cookie : https://openpdpa.org/what-is-cookie-consent/ Cookie : Cookie Cookie Cookie Cookie Consent Cookie 74
Cookie Personal Data Cookie Cookie PDPA Consent 75 76