Sunteți pe pagina 1din 21

Noi tendine n managementul

riscului si consideraii privind


manifestrile riscului n proiectele
noii economii

Valentin P. MZREANU, PhD.

... risks are everywhere ...


www.managementul-riscurilor.ro
[...]
Ce este nou n ... Analiza de Vulnerabilitate
New:
furtul de date personale (vezi imgs.)
pierderea sau scurgerea de date cauzat de utilizarea greit dispozitivelor
portabile (vezi iPhone 4G);
angajatul neloial ce furnizeaz date concurenei (vezi Coca-Cola vs. Pepsi),
divulgarea de date cu caracter personal prin atacuri de tip inginerie social sau
phishing (target: coul de gunoi; vezi cazul serviciilor secrete Romnia);
exploatarea inadecvat a proprietii intelectuale (vezi poaching: Intel vs. AMD,
vodafone.ro, kfc.md).

Factori care determin noi tendine, noi abordri


utilizarea n cretere a tehnologiei informaionale i de comunicaie n organizaii
/ proiecte;
apariia tehnologiilor de comunicaie fr fir (wireless) i adoptarea acestora de
ctre organizaii n propriile modele de afacere
creterea fenomenului criminalitii informatice
(Small or BIG) Business Environment
Clieni,
parteneri de
afacere,
furnizori

ISP , DNS

Gateway

Server, Firewall, DNS

www.facebook.com
Revoluia Web: 1.0, 2.0, 3.0 ...
Social Media este un instrument util (?):
Networking (ex. reele sociale profesionale)
Comunicare (ex. reele sociale pentru prietenii)
Recrutare (ex. via Twitter)
Training (ex. skype coaching, Go2Meeting.com)
Marketing (!!! Social media nu este Sales media)
...
Lumea n care trim ....
SPAM (SPIM & SPIT) Malicious programs type virus

Worm
Trojan horse
Backdoor
Spyware attacks and keyloggers

Snooping or Sniffing
Spoofing
Logic Bombs

Unauthorized modification of information


Phishing
stored in different environments

Hacking and Cracking


Denial of service
Theft and distribution of
confidential or personal data
Clickjacking
Exist intimitate pe Facebook?
Informaiile sunt distribuite n mod liber (adres,
numr telefon, studii, prieteni, familie, copii,
fotografii etc.)
Sunt create profiluri false n scopuri imorale
(pornografie, pedofilie, furt date etc.)
Add as a friend ... Din dorina de a avea un numr
mare de prieteni
Conturile adevrailor prieteni pot fi atacate
Vulnerabilitate crescut a aplicaiei (chat-ul poate fi
citit ilegal)
Facebookaware
Attackers may gain the victims trust
by posing as a friend.
Facebook & riscul reputaional
Twitter ... revolution

Followers

Retweet
Vulnerabiliti ale Aplicaiilor

Targeted Applications in 2009


Source: FSecure
Iar ctigtorul este ....
Based on the analysis of 32 million breached passwords
(RockYou.com )

the same password 123456 also topped a


similar chart based on statistical analysis of
10,000 Hotmail passwords published in October, 2009.
Sniffing prin VoIP
Proxy Proxy

SIP

BYE

Elena Radu

- Interception
- Redirecting
Hacker - Calling with different number
- Joke: bip every 5 minutes, lasting 5 years
- Call interrupted / Call abandoned
We are Phishing YOU!

Vezi adresa

Vezi adresa real


We are Spoofing YOU, too!

See the address


(ITs REAL and its httpS)

UPS! Where is the


Secured Sign
De la Software as a Service la
Crimeware as a Service
- De unde v facei rost de sistemul de operare ?
- DC++, Torrents, Mule etc.
Liga superioar: ROUGUE & Black Swan
Theory
Black Swan Theory: exploatarea evenimentelor
cu mare impact (ex. accidentul Lady Diana,
moartea lui Michel Jackson, moartea
preedintelui Poloniei n accidentul aviatic etc.)
Scareware (fals informaie despre un potenial
virus)
ATAC Rougue determinarea de a cumpra un
soft antivirus
SPAM (how to)
Mijloace de contact furnizate de banc pe pagina de contact

11%
6% email tip "office@"
38%
alte forme de adrese de email
alte mijloace de contact
email tip "centrala@"
31%
email tip "info@"
14%

July, 2008
Obs. office@hvblocuinte.ro (as image) but still office@... Vs. mar1c1_ca15@ ...
Securizarea Tranzaciilor

Protocols (HTTPS, SET, SSL, SPA)

VPNs

Cryptography

Biometry

Behaviometry

Smart Cards
[...]
Thank you!
Read about Risk Management ... risks are everywhere ...
www.managementul-riscurilor.ro
www.managementul-riscurilor.ro

Get Certified in risk management


www.prmia.org/Chapter_Pages/Bucharest

Get a plus of value with a


Project Management Master Programme
www.feaa.uaic.ro